issuhub.com

Reverse Engineering for Beginners

(avery) #1

CHAPTER 54. JAVA CHAPTER 54. JAVA


54.4 JVMmemory model


x86 and other low-level environments use the stack for argument passing and as a local variables storage. JVMis slightly
different.


It has:



  • Local variable array (LVA^6 ). Used as storage for incoming function arguments and local variables. Instructions like
    iload_0load values from it. istorestores values in it. In the beginning the function arguments are stored: starting
    at 0 or at 1 (if the zeroth argument is occupied bythispointer). Then the local variables are allocated.


Each slot has size of 32-bit. Hence, values oflonganddoubledata types occupy two slots.


  • Operand stack (or just “stack”). It’s used for computations and passing arguments while calling other functions. Unlike
    low-level environments like x86, it’s not possible to access the stack without using instructions which explicitly pushes
    or pops values to/from it.

  • Heap. It is used as storage for objects and arrays.


These 3 areas are isolated from each other.


54.5 Simple function calling.


Math.random()returns a pseudorandom number in range of [0.0 ...1.0), but let’s say that for some reason we need to
devise a function that returns a number in range of [0.0 ...0.5):


public class HalfRandom
{
public static double f()
{
return Math.random()/2;
}
}


Listing 54.8: Constant pool

...
#2 = Methodref #18.#19 // java/lang/Math.random:()D
#3 = Double 2.0d
...
#12 = Utf8 ()D
...
#18 = Class #22 // java/lang/Math
#19 = NameAndType #23:#12 // random:()D
#22 = Utf8 java/lang/Math
#23 = Utf8 random


public static double f();

flags: ACC_PUBLIC, ACC_STATIC

Code:

stack=4, locals=0, args_size=0

0: invokestatic #2 // Method java/lang/Math.random:()D

3: ldc2_w #3 // double 2.0d

6: ddiv

7: dreturn

invokestaticcalls theMath.random()function and leaves the result at theTOS. Then the result is divided by 2.0
and returned. But how is the function name encoded? It’s encoded in the constant pool using aMethodrefexpression.
It defines the class and method names. The first field ofMethodrefpoints to aClassexpression which, in turn, points to
the usual text string (“java/lang/Math”). The secondMethodrefexpression points to aNameAndTypeexpression which
also has two links to the strings. The first string is “random”, which is the name of the method. The second string is “()D”,
which encodes the function’s type. It means that it returns adoublevalue (hence theDin the string). This is the way 1) JVM
can check data for type correctness; 2) Java decompilers can restore data types from a compiled class file.


Now let’s try the “Hello, world!” example:


(^6) (Java) Local Variable Array

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.