Documentation
¶
Index ¶
- Variables
- func ExtractBytecode(classBytes []byte) ([][]byte, error)
- func HashClassInstructions(classBytes []byte) (string, error)
- func ReadMethodByteCode(jarFile string, className string) (bytecode [][]byte, err error)
- type AverageJavaNameSizes
- type ClassHash
- type MethodByteCodeComparison
- type Opcodes
- type PartialMatch
Constants ¶
This section is empty.
Variables ¶
var DoubleOperandOpcodes = make([]bool, 0xff)
var NoOperandOpcodes = make([]bool, 0xff)
var OpcodesInitialised = false
var OtherOpcodes = []uint8{0xc4, 0xab, 0xaa, 0xfe, 0xff, 0xca}
OtherOpcodes that are either reserved or take a variable number of operands
var QuadOperandOpcodes = make([]bool, 0xff)
var SingleOperandOpcodes = make([]bool, 0xff)
var TripleOperandOpcodes = []uint8{0xc5}
Functions ¶
func ExtractBytecode ¶ added in v1.0.0
func HashClassInstructions ¶
HashClassInstructions produces a hash of the opcodes that define the methods of the specified class. This is intended to not change if the package name or other details are changed with the resulting changes to the non-opcode parts of the class format.
Types ¶
type AverageJavaNameSizes ¶ added in v1.0.0
func AveragePackageAndClassLength ¶ added in v1.0.0
func AveragePackageAndClassLength(files []*zip.File) AverageJavaNameSizes
AveragePackageAndClassLength produces an average of the package and class name lengths. In the event that the given Jar file contents are incredibly large, and either the total number of classes or packages, or the sums of their lengths, exceeds a uint32 then the result will be inaccurate.
In the case of class or package count exceeding the maximum the average will be below the real value. In the case of class or package name length exceeding the maximum the average will be above the real value. If both values exceed the maximum then it is not possible to say whether the average will be above or below the real value.
In practice we can handle any realistic Jar without hitting these limits.
type MethodByteCodeComparison ¶ added in v1.0.0
type MethodByteCodeComparison struct {
FirstClassMethodBytecode [][]byte
FirstClassUnmatchedBytecode [][]byte
SecondClassMethodBytecode [][]byte
SecondClassUnmatchedBytecode [][]byte
ExactMatches [][]byte
PartialMatches []PartialMatch
}
func CompareClasses ¶ added in v1.0.0
func CompareClasses(firstJarName, firstClassName, secondJarName, secondClassName string) (MethodByteCodeComparison, error)
CompareClasses finds common parts between two versions of the same class, e.g. after obfuscation or some other process.
First all non-opcodes are dropped to leave only constant bytecode values such that renaming of items in the constant table is ignored.
The bytecode for each method is then compared.
Any exact matches between the two classes are found and removed from further consideration. The rest is then sorted and a greedy algorithm used to find the longest match for each method from the first class. If there is any method in the second classes bytecode which has a common prefix and suffix then a match is found and the methods from both the first and second class removed from any further matching.
type Opcodes ¶
type Opcodes struct {
NoOperandOpcodeLookupTable []bool
SingleOperandOpcodeLookupTable []bool
DoubleOperandOpcodeLookupTable []bool
QuadOperandOpcodeLookupTable []bool
TripleOperandOpcodes []uint8
OtherOpcodes []uint8
}
Opcodes are used when hashing bytecode to separate out the parts that are relatively static when shading or obfuscating classfiles while skipping the operands that change with those modifications.
These tables are intended to use memory (1mb per number of operands) in order to speed up lookups. Total memory use remains reasonable as these are shared between all uses.
func OpcodeLookupTables ¶
func OpcodeLookupTables() *Opcodes
Source Files