stackoom
  简体   繁体   中英

Deducing the version of publicly-available Java code from compiled classes

 原文  2017-01-13 19:51:26       java/ dependencies/ shared-libraries/ versioning/ software-distribution

Question

I'm currently working with an old Java SE project which has got some version of SLF4J as a dependency (eg referring to org.slf4j.Logger ), but the relevant classes are packaged in a very strange JAR simply called commons.jar , and I couldn't find any matching libraries on the Internet which have contents matching this file; Is there any "intelligent" way of finding code which matches the compiled Java class files found inside this JAR file? The file itself has no metadata of any kind — only compiled *.class files: 

commons.jar
├── apache
│   ├── commons 
│   ├── http
│   ├── log4j
├── slf4j

As shown in the structure above, the JAR doesn't seem to "belong" to any commonly-available distributor; Even though it contains the terms apache , commons , log* , and slf4j , it doesn't seem to be from Apache Commons or from SLF4J.

Current approach

At the moment, the best I can think of is to download a bunch of versions of SLF4J, extract them, and then run eg cmp on the org/slf4j/Logger.class file from the mystery JAR and the analogous Logger.class file from each version, eg 

cmp commons/org/slf4j/Logger.class slf4j-1.7.22/slf4j-api-1.7.22/org/slf4j/Logger.class

However, not only does that involve a lot of work, but I believe that equivalent source might be compiled slightly differently depending on the exact compiler used by the distributors of the JARs in question... meaning that they wouldn't be comparable on a byte-per-byte basis. How might I do this kind of search in a more intelligent way?

2 answers

solution1
 3 ACCPTED  2017-01-13 19:55:44

How about reflecting across all public and private classes and their members, put them in strings, sort the strings and generate a text file for each version.

You will either find exactly one version of the library that matches the mystery version of the library or a smallish range.

solution2
 0  2017-01-13 19:56:25

I would look into the following:

  • bytecode Java version, gives you a clue about the time that library was built
  • decompile everything... Maybe you are lucky and find some comments / version constants that give you further clues

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to prevent debugging mode code from being compiled into classes in Java? Can I cross compile Java code that optionally uses classes from Java 8 but is compiled to Java 6? Java(JRE) version compatibility for compiled code Clearing compiled java classes from the command prompt Running Compiled Java classes from batch file Verify safety of Java classes compiled from Jython Kotlin internal classes in Java visible publicly Can call java 7 compile java code from java 6 compiled code JRE and Java Compiled version mismatch Visual Code Studio Can you call compiled JRuby classes from java?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM