Extracting Java class information from binary files compiled by AOT

The ahead-of-time (AOT) compilation in the Java world has been a topic of debate for a long time, but until the emergence of GraalVM, there was no tool that could achieve good AOT compilation, let alone drive the entire ecosystem. Despite GraalVM providing the native-image tool to effectively assist developers in AOT compilation, achieving out-of-the-box AOT compilation for Java applications is still very challenging due to the complexity and diversity of the Java ecosystem, especially with reflection and proxy technologies widely used in various common frameworks.

Spring Native 项目

Thanks to the Spring Native project by the Spring Framework team, they are able to achieve one-click AOT compilation of projects through Maven or Gradle plugins. However, currently it is only applicable to Spring Boot projects.

Please use Sping Native to generate AOT-compiled Java programs

Here are the official Spring Native examples for generating AOT compiled Java applications (Test environment: Ubuntu 20.04, Docker 20.10.6)

git clone https://github.com/spring-projects-experimental/spring-native.git
cd spring-native/sample/petclinic-jpa
./build.sh

After a relatively long compilation time and a large amount of memory consumption, we can obtain an AOT-compiled Java program in the target directory. This is a standalone binary file that can run independently without any dependencies.

img

petclinic-jpa is a program compiled by AOT and can run directly

Extract Java class information from AOT compiled binary files

Java code protection has always been a very difficult problem in the past, and AOT is also considered a solution for Java code protection. Unfortunately, many Java programs now cannot separate from the framework. Due to the complexity of the framework, even programs compiled by AOT must include class information in the final generated binary file. The class files are actually neatly arranged in the resource area of the binary file.

The following tools can scan and extract class information from AOT-compiled binary files

The following tools can scan and extract class information from AOT-compiled binary files

https://github.com/3-keys/binary-classfile-reader

git clone https://github.com/3-keys/binary-classfile-reader
cd binary-classfile-reader
./gradlew run --args='<path-of-the-binary-file> <output-folder>'

Using petclinic-jpa, which was obtained in the previous step, as an example, extract the class information from it and compare it with the source code. You can see that model information, controller information, and service information can all be obtained.

img