nv1t / jdeserialize Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/jdeserialize
jdeserialize's People
Contributors
Watchers
jdeserialize's Issues
New command line option to skip first bytes of the file to analyze
First of all thanks a lot for this tool, it has been very useful to me for
analyzing serialized data from memory dumps.
I was attempting to use it in conjunction with the Eclipse Memory Analyzer but
it seems that this tool has a strange way of saving serialized byte arrays to a
binary file. For some reason there is an extra bytes before the serialized
data.
I managed to get around it by using "dd" to remove the first byte but I thought
it would be great if there was a command line option to directly skip a few
bytes at the beginning of the file, so I patched jdeserialize for this and I'm
submitting the following patch to you. I hope it's acceptable. Let me know if
you need anything else.
I'll also be submitting a bug fix because I had a NPE with a file I was
analyzing, I will create a separate ticket for this.
Best regards,
Serge Huber.
What steps will reproduce the problem?
1.
2.
3.
What is the expected output? What do you see instead?
What version of the product are you using? On what operating system?
Please provide any additional information below.
Original issue reported on code.google.com by [email protected] on 15 Jul 2013 at 8:02
Attachments:
Error when trying to deserialize an object graph
error while attempting to decode file file.bin: got a blockdata TC_*, but not
allowed here: 0x77
java.io.IOException: got a blockdata TC_*, but not allowed here: 0x77
at org.unsynchronized.jdeserialize.read_Content(jdeserialize.java:782)
at org.unsynchronized.jdeserialize.read_FieldValue(jdeserialize.java:230)
at org.unsynchronized.jdeserialize.read_Classdata(jdeserialize.java:181)
at org.unsynchronized.jdeserialize.read_newObject(jdeserialize.java:729)
at org.unsynchronized.jdeserialize.read_Content(jdeserialize.java:760)
at org.unsynchronized.jdeserialize.read_FieldValue(jdeserialize.java:230)
at org.unsynchronized.jdeserialize.read_Classdata(jdeserialize.java:181)
at org.unsynchronized.jdeserialize.read_newObject(jdeserialize.java:729)
at org.unsynchronized.jdeserialize.read_Content(jdeserialize.java:760)
at org.unsynchronized.jdeserialize.read_FieldValue(jdeserialize.java:230)
at org.unsynchronized.jdeserialize.read_Classdata(jdeserialize.java:181)
at org.unsynchronized.jdeserialize.read_newObject(jdeserialize.java:729)
at org.unsynchronized.jdeserialize.read_Content(jdeserialize.java:760)
at org.unsynchronized.jdeserialize.read_FieldValue(jdeserialize.java:230)
at org.unsynchronized.jdeserialize.read_Classdata(jdeserialize.java:181)
at org.unsynchronized.jdeserialize.read_newObject(jdeserialize.java:729)
at org.unsynchronized.jdeserialize.read_Content(jdeserialize.java:760)
at org.unsynchronized.jdeserialize.read_classAnnotation(jdeserialize.java:295)
at org.unsynchronized.jdeserialize.read_Classdata(jdeserialize.java:189)
at org.unsynchronized.jdeserialize.read_newObject(jdeserialize.java:729)
at org.unsynchronized.jdeserialize.read_Content(jdeserialize.java:760)
at org.unsynchronized.jdeserialize.read_FieldValue(jdeserialize.java:230)
at org.unsynchronized.jdeserialize.read_Classdata(jdeserialize.java:181)
at org.unsynchronized.jdeserialize.read_newObject(jdeserialize.java:729)
at org.unsynchronized.jdeserialize.read_Content(jdeserialize.java:760)
at org.unsynchronized.jdeserialize.read_classAnnotation(jdeserialize.java:295)
at org.unsynchronized.jdeserialize.read_Classdata(jdeserialize.java:189)
at org.unsynchronized.jdeserialize.read_newObject(jdeserialize.java:729)
at org.unsynchronized.jdeserialize.read_Content(jdeserialize.java:760)
at org.unsynchronized.jdeserialize.read_FieldValue(jdeserialize.java:230)
at org.unsynchronized.jdeserialize.read_Classdata(jdeserialize.java:181)
at org.unsynchronized.jdeserialize.read_newObject(jdeserialize.java:729)
at org.unsynchronized.jdeserialize.read_Content(jdeserialize.java:760)
at org.unsynchronized.jdeserialize.run(jdeserialize.java:842)
at org.unsynchronized.jdeserialize.main(jdeserialize.java:1186)
Original issue reported on code.google.com by [email protected] on 23 Jan 2013 at 3:36
SC_BLOCK_DATA; can't interpret data
What steps will reproduce the problem?
>java -jar jdeserialize-1.2.jar -noclasses -noconnect -nocontent -noinstance
-debug 767da49f-909c-4cc3-81ae-94be141ce62b.ser
cause an exception
EOF error while attempting to decode file
767da49f-909c-4cc3-81ae94be141ce62b.ser: hit externalizable with nonzero
SC_BLOCK_DATA; can't interpret data
java.io.EOFException: hit externalizable with nonzero SC_BLOCK_DATA; can't
interpret data
at org.unsynchronized.jdeserialize.read_Classdata(jdeserialize.java:196)
at org.unsynchronized.jdeserialize.read_newObject(jdeserialize.java:729)
at org.unsynchronized.jdeserialize.read_Content(jdeserialize.java:760)
at org.unsynchronized.jdeserialize.read_FieldValue(jdeserialize.java:230)
at org.unsynchronized.jdeserialize.read_arrayValues(jdeserialize.java:642)
at org.unsynchronized.jdeserialize.read_newArray(jdeserialize.java:629)
at org.unsynchronized.jdeserialize.read_Content(jdeserialize.java:764)
at org.unsynchronized.jdeserialize.read_FieldValue(jdeserialize.java:230)
at org.unsynchronized.jdeserialize.read_Classdata(jdeserialize.java:181)
at org.unsynchronized.jdeserialize.read_newObject(jdeserialize.java:729)
at org.unsynchronized.jdeserialize.read_Content(jdeserialize.java:760)
at org.unsynchronized.jdeserialize.read_FieldValue(jdeserialize.java:230)
at org.unsynchronized.jdeserialize.read_Classdata(jdeserialize.java:181)
at org.unsynchronized.jdeserialize.read_newObject(jdeserialize.java:729)
at org.unsynchronized.jdeserialize.read_Content(jdeserialize.java:760)
at org.unsynchronized.jdeserialize.run(jdeserialize.java:842)
at org.unsynchronized.jdeserialize.main(jdeserialize.java:1186)
Original issue reported on code.google.com by [email protected] on 5 Sep 2013 at 11:03
Attachments:
dump_Instance fails with NullPointerException
This code fails when "c" is null:
for(content c: inst.annotations.get(cd)) {
sb.append(" ").append(c.toString()).append(linesep);
}
Fixed that with: ...append(String.valueOf(c))...
Original issue reported on code.google.com by [email protected] on 24 Jan 2013 at 4:36
NullPointerException
Downloaded version 1.1 and ran "java -Xmx1280M -jar jdeserialize.jar myfile"
where myfile was a large serialized object file (21MB). Output successfully
contained what looked like ~200x200 array of integers and then crashed with the
following exception. I know there is a lot more data in this object than this
2D array. Perhaps a null array has caused the thing to crash.
Exception in thread "main" java.lang.NullPointerException
at org.unsynchronized.arraycoll.toString(arraycoll.java:45)
at org.unsynchronized.arrayobj.toString(arrayobj.java:30)
at org.unsynchronized.jdeserialize.run(jdeserialize.java:843)
at org.unsynchronized.jdeserialize.main(jdeserialize.java:1186)
Original issue reported on code.google.com by [email protected] on 6 Apr 2012 at 3:36
Patch for /jdeserialize/src/arraycoll.java
"o" can be a null - no need to call o.toString() here anyway
Should also fix http://code.google.com/p/jdeserialize/issues/detail?id=1
Original issue reported on code.google.com by sormuras on 31 Oct 2012 at 12:26
Attachments:
Error "array type listed, but typecode is not TC_ARRAY: 0x70"
I'm trying to analyze serialized payload of malware exploiting CVE-2010-0094,
but get error "error while attempting to decode file: array type listed, but
typecode is not TC_ARRAY: 0x70"
What steps will reproduce the problem?
1. Please find payload vmain.z.ser attached
2. java -jar ./jdeserialize-1.2.jar vmain.z.ser
What is the expected output? What do you see instead?
Expected output -- content, declarations, instance dump.
I receive
error while attempting to decode file vmain.z.ser: array type listed, but
typecode is not TC_ARRAY: 0x70
java.io.IOException: array type listed, but typecode is not TC_ARRAY: 0x70
at org.unsynchronized.jdeserialize.read_FieldValue(jdeserialize.java:228)
at org.unsynchronized.jdeserialize.read_Classdata(jdeserialize.java:181)
at org.unsynchronized.jdeserialize.read_newObject(jdeserialize.java:729)
at org.unsynchronized.jdeserialize.read_Content(jdeserialize.java:760)
at org.unsynchronized.jdeserialize.run(jdeserialize.java:842)
at org.unsynchronized.jdeserialize.main(jdeserialize.java:1186)
What version of the product are you using? On what operating system?
I'm using jdserialize 1.2 on Fedora 16 i686 with
$ java -version
java version "1.6.0_30"
Java(TM) SE Runtime Environment (build 1.6.0_30-b12)
Java HotSpot(TM) Server VM (build 20.5-b03, mixed mode)
Additional information
Payload in malware is deserialized fine, stream seems correct.
Original issue reported on code.google.com by [email protected] on 16 Nov 2012 at 3:51
Attachments:
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.