14 Replies Latest reply: Apr 15, 2014 7:29 AM by rukbat RSS

    Manually add a exception table entry

    f257fc05-fdc9-4349-860a-63bf92c76d68

      Hi,

      because of the need to implement a certain software watermarking technique I have to manipulate the exception table.

       

      (Link to the paper that describes the technique:

      http://profs.sci.univr.it/~giaco/download/Watermarking-Obfuscation/self-validating%20brench%20watermarking.pdf

      (Section "Extension to Java Bytecode")

       

       

       

      So far I could manually add the exception table entry with Javassist:

       

      MethodInfo minfo = (MethodInfo) aclasscf.getMethods().get(0);

      CodeAttribute ca = minfo.getCodeAttribute();

      ExceptionTable et = ca.getExceptionTable();

      et.add(26,30,40,0);

      System.out.println("exception table size: "+ et.size());


      But the problem is that I can't run the file anymore. Simply running it with the java command results in "Stack map does not match the one at exception handler 40". After some research this seems to
      be a problem with java 7 and a stricter verifier. I read several times that java -XX:-UseSplitVerifier should be used instead.

      This really fixed the stackmap error, but then another error appeared: "java.lang.VerifyError: (class: AClass, method: <init> signature: ()V) Inconsistent stack height 0 != 1". Are there any further steps required
      to insert a new exception in the exception table?

       

      Additional info: Later I want to remove gotos (in this case the goto at line 27) and add a function call instead. When this function finishes it will throw a exception and propagate it back to the caller (which will be at line 27). Then the program should go on as if nothing happend, that is also the reason why the target of the exception is the same as the target of the goto (40).

       

      Here is the bytecode:

             0: aload_0     
             1: invokespecial #8                  // Method java/lang/Object."<init>":()V
             4: iconst_0    
             5: istore_1    
             6: goto          19
             9: getstatic     #10                 // Field java/lang/System.out:Ljava/io/PrintStream;
            12: iload_1     
            13: invokevirtual #16                 // Method java/io/PrintStream.println:(I)V
            16: iinc          1, 1
            19: iload_1     
            20: bipush        20
            22: if_icmplt     9
            25: iconst_1    
            26: istore_1    
            27: goto          40
            30: getstatic     #10                 // Field java/lang/System.out:Ljava/io/PrintStream;
            33: iload_1     
            34: invokevirtual #16                 // Method java/io/PrintStream.println:(I)V
            37: iinc          1, 1
            40: iload_1     
            41: bipush        20
            43: if_icmplt     30
            46: return      
          Exception table:
             from    to  target type
                27    30    40   any

       

       

       

        • 1. Re: Manually add a exception table entry
          jwenting

          so you're deliberately corrupting a classfile, and then wonder that it doesn't get loaded by a regular JVM?

          • 2. Re: Manually add a exception table entry
            f257fc05-fdc9-4349-860a-63bf92c76d68

            Yes, it seems like I do that.

            The problem is that I don't know why I corrupt the classfile and therefore I need to know how to add that exception in a proper way.

            And it really seems to be possible (most likely in another way than I did it, but the idea is the same) as the authors of the above mentioned

            paper implemented it.

            • 3. Re: Manually add a exception table entry
              jwenting

              mind they never implemented it. They just made some vague statements about how they think it might be possible to implement it.

              Most likely it would require a custom JVM that can handle the classfiles after being injected with their stuff.

               

              You've almost certainly made changes that violate the classfile format. And such changes of course lead to classfiles that won't load on a JVM that checks for the validity of the classfiles.

              • 4. Re: Manually add a exception table entry
                f257fc05-fdc9-4349-860a-63bf92c76d68

                Well then I have to find a way to insert additional exceptions without violating the classfile format.

                Do you or anyone else know how to find such information?

                I already checked the VM Specification but did not really find anything about that special case.

                • 5. Re: Manually add a exception table entry
                  jwenting

                  listen to yourself: "I want to corrupt my classfiles and have the classloader think they're not corrupt".

                  That's no different from what a virus author does, corrupting executable code...

                   

                  And the classloader has mechanisms to detect that and refuse to load such corrupted classes precisely to prevent execution of illicit code.

                   

                  If you insist on going this way, you'll have to write your own classloader, maybe an entire JVM. And you might well have to write something that no longer can be called Java, violates the JLS and/or JVMS.

                  • 6. Re: Manually add a exception table entry
                    rp0428
                    Well then I have to find a way to insert additional exceptions without violating the classfile format.

                    Simple - do it the way everyone else has done it for years.

                     

                    They modify the SOURCE CODE!

                     

                    I know - it sounds so unconventional but really it's not.

                     

                    It's your code. You have the source. Modify the source. There is no need to modify the compiled code at all.

                    • 7. Re: Manually add a exception table entry
                      gimbal2

                      Let me approach this topic from a different neutral angle.

                       

                      If you want to do something highly uncommon as this and you think you have a valid reason for doing so, do yourself a big favor and find a javassist forum where you'll find people who are doing the same kind of unorthodox things as you are. Going to a regular Java programming forum and asking questions on how to alter byte code is like going to a forum for airplane pilots and asking what to do to safely fly into a lightning storm: people are going to say you're crazy and not treat it as if you're doing a science experiment. You have to go to the forum where daredevils do science experiments to get any kind of useful response.

                      • 8. Re: Manually add a exception table entry
                        f257fc05-fdc9-4349-860a-63bf92c76d68

                        @rp0428

                        Sadly this is not a solution for my problem, because it is a essential part of the technique that you modify bytecode and not source code.

                        (see the link in my first post)

                         

                        @gimbal2

                        It seems you are right, the problem is that I already visited a lot of forums and it seems noone really knows more about that special case.

                        So my thought was that maybe someone in the oracle forum is an expert in that bytecode level.

                        • 9. Re: Manually add a exception table entry
                          jwenting

                          iow, "I don't get the answer I like, therefore the answer is incorrect".

                          Maybe it's time you grew up and faced up to the consequences of your actions. You're deliberately corrupting bytecode, then expecting the JVM to not complain about that.

                          That's not going to fly.

                           

                          Write your own classloader, only way.

                          Just because some theoreticians didn't mention that in their paper which only mentioned a vague idea that something should be possible doesn't mean you don't have to do that.

                          • 10. Re: Manually add a exception table entry
                            rp0428
                            Sadly this is not a solution for my problem, because it is a essential part of the technique that you modify bytecode and not source code.

                            Huh? Bytecode does NOT have ANY knowledge of how it was produced. In particular it does NOT know if it was produced from source code or bytecode injection.

                             

                            If a certain skateboarding technique included landing on your head and then rolling I would likely suggest that you NOT use that technique but use a different technique instead.

                             

                            I thought your goal was to implement watermarking for the code. If your goal is how to use the particular technique described in that link then you are out of luck. That article doesn't provide the specifics you need to create an actual implementation and doesn't mention anything about the Java versions that it might work for.

                             

                            Watermarking is a 'solution' to a problem.

                             

                            What PROBLEM are you trying to solve?

                             

                            Why do you think you even need to use watermarking to solve it?

                            • 11. Re: Manually add a exception table entry
                              jwenting

                              sounds ever more like the typical homework question of "how do I do X using pattern Y"...

                              • 12. Re: Manually add a exception table entry
                                gimbal2

                                Homework requiring bytecode engineering!? That must be some epic course!

                                • 13. Re: Manually add a exception table entry
                                  jwenting

                                  some kid's "final year project about security in Java", kid comes across an obscure paper that mentions the word "Java" and decides it's the holy grail.

                                  He might as well have come across an article detailing airport security in Jakarta and thought that was what his teacher wants him to look into.

                                  • 14. Re: Manually add a exception table entry
                                    rukbat

                                    Moderator Comment and Action:

                                     

                                    To O.P.,

                                    Don't slap the "Report Abuse" icon just because you disagree with a reply.

                                    This site is a user-to-user public forum site.   When you post here you have no control over what replies you might receive.

                                     

                                    The tenor of your initial inquiry is exactly that of a schoolwork question and you received replies concomitant to that.

                                     

                                    There is no evidence there will be any resolution to your inquiry, so this thread is now locked.