IN THIS CHAPTER
Table 1.1 presents a brief overview of techniques that are discussed in more detail in the corresponding chapters. Use this as a road map to getting started with this book.
Table 1.1. Techniques Overview
CHAPTER | TECHNIQUE | USEFUL FOR |
---|---|---|
2 | Recovering lost source code Learning the implementation of a feature or trick Troubleshooting undocmented code Fixing urgent bugs in production or third-party code Evaluating how your code might be hacked | |
3 | Protecting bytecode from decompiling Protecting the intellectual property inside the bytecode Preventing the applications from being hacked | |
4 | Accessing functionality that exists but is not exposed Changing the values of internal variables | |
5 | Changing the implementation of a class without having to rebuild the entire library Altering the functionality of a third-party application or framework | |
6 | Creating applications that are easy to maintain and troubleshoot Learning the internal workings of an application Inserting debug information into the existing applications to understand the implementation details | |
7 | Adding or removing restrictions on access to critical system resources | |
8 | Determining the values of system properties Determining the system information, such as the number of processors and memory limits Determining a network configuration | |
9 | Hacking applications that do not have good tracing Analyzing the control flow of multithreaded applications Cracking obfuscated applications | |
10 | Investigating heap usage and garbage collection frequency to improve performance Browsing object allocation and references to find and fix memory leaks Investigating thread allocation and synchronization to find the locking and data race problems and to improve performance Investigating an application at runtime to gain a better understanding of its internal structure | |
11 | Creating automated test scripts that simulate a load on a system Analyzing how well the application meets the service level requirements such as scalability, availability, and failover | |
12 | Reverse engineering applications | Hacking the user interface elements such as messages, warnings, prompts, images, icons, menus, and colors |
13 | Intercepting HTTP communication between the browser and the Web server Intercepting communication between the RMI client and server Intercepting SQL statements and values from the JDBC driver | |
14 | Implementing a custom class loader to control how and from what source the classes are loaded Using the custom class loader to instrument the bytecode on-the-fly Creating classes programmatically at runtime | |
15 | Changing the implementations of system classes to alter core behavior Enhancing the core functionality of the JDK to suit the application's needs Fixing bugs in the JDK implementation | |
16 | Reacting gracefully to system errors such as out of memory and stack overflow Capturing the output to Intercepting calls to Reacting to JVM shutdown Intercepting any method call, object allocation, or thread lifecycle event via JVMPI | |
17 | Altering class implementation at the bytecode level Programmatically generating bytecode Instrumenting bytecode to introduce new logic | |
18 | Patching the implementation of native functions Augmenting the JVM behavior on the lowest level | |
19 | Protecting sensitive information using Java cryptography Securing data integrity with digital signatures Implementing secure license policy to unlock features of commercial applications |
The techniques discussed here serve the purpose of increasing the productivity of the development. At the end of the day, quality and productivity are what differentiate expert programmers from novice programmers, and because this book is meant to turn readers into experts, I feel it is my duty to introduce a few productivity tools. Hacking and regular development require manipulation of files and directories, and getting the right tool can make doing so much easier. Obviously, it is up to you to decide whether to use a tool. You should remember that most of the tools require upfront investment in installing, configuring, and learning—not to mention the possible license fees. But as with most tools, the investment pays off very quickly.
We are going to look at two advanced replacements for the combination of Windows Explorer, Notepad/Text Editor, and CMD.EXE
. We will focus on Windows because that is where most of the Java development is taking place, but productivity tools might be available on other platforms as well. It might sound silly that we're starting an advanced Java book by talking about Notepad and CMD.EXE
, but a large number of the developers I have seen are still using it, so I want to present a better alternative.
Windows Explorer is a simple shell easily understood by regular users, but it is not capable of helping with the tasks a programmer needs to perform. A very simple example is creating and running a .bat
file. Using the default Windows interface, you would have to navigate to the target directory, click the mouse through a few dialog boxes to create a new file, and then open that file in Notepad and edit it. To run the file, you could double-click it, but any output or errors would be lost with the CMD window that was automatically opened by Explorer. A better way, therefore, is to open a CMD.EXE
, navigate to the directory, and then run the file. In the end, you must deal with three open windows that are not synchronized or interrelated. A better alternative is using integrated file management software that combines a directory navigating interface with a text editor, a command line for running scripts, archive support, and a multitude of features that make common tasks easy.
File and Archive Manager (FAR) and Total Commander are both advanced file managers for Windows that trace their roots back to the DOS days and Norton Commander. Distributed as shareware, they can be used without time limitation until you are ready to register for a small fee. They are packed with features for searching files, changing file attributes, and working with multiple files and directories. They have built-in networking and FTP support that presents remote FTP sites in a panel that looks just like a local directory panel. FAR has a powerful built-in editor that can be configured for color highlighting. Both environments have extensive sets of keyboard shortcuts, and FAR supports plug-ins. Both tools support browsing the content of archive files, such as JAR and Zip files, in a panel just like browsing a subfolder. This makes software such as WinZip unnecessary, and what is even better is that the user does not have to deal with different current directories and user interfaces, as is the case when working with nonintegrated software. Table 1.2 provides a list of features and a side-by-side comparison of FAR and Total Commander.
Table 1.2. FAR Versus Total Commander
FEATURE | FAR | TOTAL COMMANDER |
---|---|---|
Create, copy, view, edit, and delete for files and folders | Excellent | Excellent |
Internal and external viewer/editor | Excellent | Good (no internal editor) |
Seamless browsing of archive contents (JAR, Zip, and so on) | Excellent | Excellent |
Extensive customization of features and UI | Good | |
Windows-like look and feel | Poor | Good |
Customizable user menus | Excellent | Excellent |
Built-in Windows network support | Yes | Yes |
Built-in FTP client | Yes | Yes |
Keyboard shortcuts | Excellent | Good |
Filename filters | Excellent | Excellent |
Quick View | Fair | Excellent |
Command, folder, view, and edit history | Excellent | Good |
Customizable file associations | Excellent | Good |
Files highlighting | Excellent | Excellent |
Memory footprint | 4MB–14MB | 4MB–10MB |
Plug-in API and availability of various plug-ins | Excellent (more than 500 plug-ins) | Not available |
Registration cost of one copy | $25 | $28 |
Overall rating | Good |
Although both tools provide a better alternative to Windows Explorer reinforced with other software, FAR proves to be more powerful. Even in its default packaging, it provides more features and productivity gains than Total Commander. In addition, with more then 500 plug-ins written by other developers, its functionality is virtually boundless. The downside of FAR is its somewhat unappealing user interface, although it is something you can get used to. Total Commander, shown in Figure 1.1, looks more like Windows Explorer; if you don't need the ultimate customization and functionality, it can be a better choice.
Regardless of your preferences, please try an integrated file manager, even if you feel it is difficult to use. It will pay off in the long run!
Most of the techniques in this book do not involve a lot of coding, and with a tool like FAR, you can easily accomplish all the required tasks. However, integrated development environments (IDEs) make coding much easier, so this section presents a brief overview of the leading IDEs and a recommendation of the one to use.
Today, when it comes to IDEs the question is not whether you should use IDEs or not, but which IDE you should use. A lot of it has to do with development background and personal preferences, so I won't spend a lot of time talking about them. The two leading free IDEs are Eclipse (http://www.eclipse.org) promoted by IBM and NetBeans (http://www.netbeans.org) promoted by Sun. Both are good, although Eclipse has a little more steam and following. The best commercial IDEs are IntelliJ IDEA, Borland JBuilder, and Oracle JDeveloper.
Because you will be working with low-level coding and hacking, your best bet is a flexible IDE with a small memory footprint. My personal favorite is IDEA because of its flexibility, intuitive interface, and abundance of shortcuts and refactoring features. It is not free, so if you can't afford a license, my second recommendation is Eclipse.
Throughout most of this book, we will be working with the same sample application. It is not very sophisticated, but it does contain a basic set of components found in most standalone Java programs. This section describes the application and its implementation.
Chat is a simple TCP/IP chat implementation in Java. It enables users to exchange instant messages via the network. Chat maintains a history of the conversation and uses colors to differentiate between the sent and received messages. It has a menu bar and About dialog box. Chat can be started using chat.bat
script in the distrib/bin
directory. Figure 1.2 shows Chat running.
Chat is implemented using Java Swing for the user interface and RMI for network communication. When running, each instance of Chat creates an in-process RMI registry that is used by other instances to post messages to the user. Users are required to enter the hostname of the user to which they want to post a message. When the user sends a message, Chat looks up the remote server object and calls a method on it. For testing purposes, messages can be sent to "localhost"
, in which case the same message is added to the conversation as was sent and received.
The UML class diagram for Chat is shown in Figure 1.3.
The Chat directory structure follows the de-facto standards for Java application development. The “home” folder for the application directories is called CovertJava
. The subdirectories it contains are listed in Table 1.3.
Table 1.3. Chat Application Directory Structure
DIRECTORY NAME | DESCRIPTION |
---|---|
| Contains the scripts and the development and test scripts |
| Contains Ant's |
| Compiler output directory for |
| Contains the application in its distribution form |
| Contains scripts that run the application |
| Contains configuration files, such as Java policy files |
| Contains libraries used to run the application |
| Contains patches for classes |
| Contains libraries used to build the application |
|
A Chat application can be built by Ant using build.xml
in the build directory.
3.131.38.14