extracting Java classes from AWT executable

About

Asked 4/11, 2017 at 21:34 Answered 14/11, 2017 at 23:16

I have an application that is running JVM inside it, it looks like it is using Abstract Windowing ToolKit (AWT), I found that after doing some researches as the main application window is a MSAWT_Comp_Class, doing some analyzing on the application EXE I found what looked like links to import the Java classes (I am not sure):

So I guess the Java classes are there but unreachable, all I could find in the app is an RC_DATA content that has the above links, also found that the app is a Java app converted to EXE using Jexegen as Jexegen and some SDK links can be found using a hex viewer.

My question is if is there a way to extract the Java classes or read them from that application? maybe by knowing the structure of Abstract Windowing ToolKit (AWT) or Swing or Jexegen or how Java files are being included in the c# app after compiling.

I hope I could I ask my question clearly, I tried my best with my little knowledge.

Nipple answered 4/11, 2017 at 21:34 Comment(6)

Please add some context: Whose program is this, what does it do, and what is your ultimate purpose in all of this? – Longs 4/11, 2017 at 21:36

This is our long story, the application is the recorder: stackoverflow.com/questions/43306959 , it is a discontinued project that we are trying to understand how it deals with the exported binary files (Screen Recordings). – Nipple 4/11, 2017 at 21:37

So it is not your own code but rather a found program that you are trying to disassemble? I'm not sure if this is on-topic for this site, but if it were my problem, I'd first try to find the original developers, and see if they had information and possibly source code to share. – Longs 4/11, 2017 at 21:45

Thank you, as you saw we are doing this for a good propose, no intending to hack or crack or anything, we are trying to fix the problems of compatibility and other issues that the application has. We have contacted the developers many times, the project is dead since 2005 and it doesn't seem that anyone is going to help us about that. I appreciate your kind help if you can! – Nipple 4/11, 2017 at 21:47

One thing you could try is renaming (copying) the executable into .zip file and see if you can extract it. The rationale behind would be that Java packaging (.jar format) is actually a .zip file and perhaps the executable also keeps this 'convention' internally. – Fishhook 5/11, 2017 at 1:35

That was the first thing I did, even used Resource Hacker and PE Explorer, all i got was an RC_Data (binary) file that after scanning i found those links to java libraries inside. – Nipple 5/11, 2017 at 7:31

My question is if is there a way to extract the Java classes or read them from that application?

As you already figured out, .exe file contains resources of type RC_DATA. There are two entries of such type. The smaller one (named "1001") contains just string with a class name (it may be main class name) and bigger one (named "1000", about 600 Kb) contains actual classes. You can extract that resource with help of any resource extracting tool such as a "Resource Hacker".

Each *.class file starts with 4 bytes 0xCA 0xFE 0xBA 0xBE so you can iterate through content of extracted "1000" and save each class into separate *.class file. Each 0xCA 0xFE 0xBA 0xBE will mark new file start. And, obviously end of previous.

Then classes can be decompiled.

maybe by knowing the structure of Abstract Windowing ToolKit (AWT) or Swing

AWT and Swing is a just standard libraries to build UI. So it doesn't matter here.

Melva answered 14/11, 2017 at 23:16 Comment(1)

Thank you so much, I could extract the classes the way you said, I didn't get so much information as the code wasn't clearly understood-able even if it was readable, found more and more links with symbols mixed up, the classes was decompiled already (I think). – Nipple 17/11, 2017 at 7:45

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags