krzysiaczek99   07-23-2015, 10:18 AM
#1
I have the exe file most likely created by exe4j and I would like to recover java classes.
Unfortunately search for string 'PK' don't work as described in a few tutorials.

'PK exist but only bytes 50 4B are matching
for example

50 4B 1B EE 10 1E 7F

and it should be 50 4B 03 04

any idea ??

Krzysztof
Konloch   07-23-2015, 01:30 PM
#2
The easiest way to do this is to dump the JVM's loaded classes.

You can do this by using a modified java agent, editing the JVM rt.jar library itself.

You may be able to do this using Java Snoop - http://www.aspectsecurity.com/tools/javasnoop I've personally never tried using it, I've either patched the JVM directly or used a Java Agent.
chessgod101   07-27-2015, 01:37 PM
#3
The exe4j targets I have encountered extracted their jars and other files to a folder in the temp directory and executed them from there. I may make a tutorial for this later on to accompany the one I made for launch4j.
Konloch   07-29-2015, 01:35 AM
#4
(07-27-2015, 01:37 PM)chessgod101 Wrote: The exe4j targets I have encountered extracted their jars and other files to a folder in the temp directory and executed them from there. I may make a tutorial for this later on to accompany the one I made for launch4j.

That would be awesome, your tutorials are really instructive!
Bigger   07-30-2015, 04:31 AM
#5
Breakpoint CreateFileA & CreateFileW.
Simply copy the jar whenever WriteFile is executed . (That's how I used to do it.)
  
Users browsing this thread: 1 Guest(s)
Konloch Software - Bytecode Viewer - Reverse Engineering Forum
Copyright © 2014-2025 The Bytecode Club. Powered By MyBB.
CC0 Unless Specified Otherwise.