How do you edit compiled Java bytecode?

Question

I used a decompiler to find the following function in compiled code:

public static void sub_e5b()
    {
        var_972 = null;
        System.gc();
        vservConfigHashTable = new Hashtable();
        vservConfigHashTable.put("appId_end", "498");
        vservConfigHashTable.put("showAt", "both");
        vservConfigHashTable.put("categoryId", "22");
        vservConfigHashTable.put("viewMandatory_end", "true");
        (new VSERV_BCI_CLASS_000(var_93a, vservConfigHashTable)).showAtEnd();
    }

Now I want to change the "true" value to "false".

What tools and/or techniques could be used to make this change?

Check http://stackoverflow.com/questions/2395574/java-bytecode-editor — Gelin Luo, Jan 21 '12 at 08:17

score 1 · Accepted Answer · answered Apr 14 '13 at 19:40

This can easily be done using a disassembler like Krakatau (disclosure, I wrote it).

The advantage of using a disassembler over a decompiler is that it's guaranteed to work. Not all code can be decompiled, but it can always be disassembled.

For example, take a class like this.

public class A{
    public static void main(String[] args)
    {
        System.out.println("true");
    }
}

After disassembling it with Krakatau, you'll get something like this.

.version 51 0
.class super public A
.super java/lang/Object


.method public <init> : ()V
    .limit stack 1
    .limit locals 1
    aload_0
    invokespecial java/lang/Object <init> ()V
    return
.end method

.method static public main : ([Ljava/lang/String;)V
    .limit stack 2
    .limit locals 1
    getstatic java/lang/System out Ljava/io/PrintStream;
    ldc 'true'
    invokevirtual java/io/PrintStream println (Ljava/lang/String;)V
    return
.end method

Change the line ldc 'true' to ldc 'false', reassemble it, and it will now print false instead of true.

score -1 · Answer 2 · answered Jan 21 '12 at 08:48

-1

Take the decompiled code, edit it, compile it and use that instead.

I would seriously consider removing the System.gc();

answered Jan 21 '12 at 08:48

Peter Lawrey

525,659
79
751
1,130

1

-1 Recompiling decompiled code doesn't work except in the simplest cases, since decopmilation is not exact and both steps are lossy. – Antimony May 23 '14 at 20:34
@Antimony It's a bit strong to say it doesn't work when it does in most cases. It's not as lossy as you suggest. – Peter Lawrey May 23 '14 at 22:34
I suppose it depends on which type of application you're dealing with. In my experience, it rarely works. – Antimony May 24 '14 at 03:21
@Antimony Unless the code has been obfuscated, JAD usually does the job. – Peter Lawrey May 24 '14 at 07:54
1

In addition to obfuscation (which is not uncommon), decompilation also fails if the project happens to have some code that the decompiler doesn't handle correctly. The chances of this vary based on the complexity of the project and how good your decompiler is. An old decompiler like JAD breaks frequently, but even a quality modern decompiler like Procyon can't correctly decompile all valid Java programs. Apart from that, decompilation will also fail if it wasn't originally written in Java or if it's using something like AspectJ. – Antimony May 24 '14 at 11:37

How do you edit compiled Java bytecode?

2 Answers2