[nylug-talk] Excesive memory usage by Java (ranty)

Tue Jan 22 19:40:21 EST 2008

On Jan 22, 2008 2:10 PM, sixtyfourbeets <sixtyfourbeets at gmail.com> wrote:
> >  What exactly are you trying to do? (Not sure if I understand from your
> > question above)  Perhaps I can help.
>
> Forgive me if I sound elementary, I'm only now gaining an
> understanding of some aspects of how
> Java works.  So here is what I discovered with this application and
> what I would like to accomplish.
>
> This application has a series of JARs, which I have unjarred.
> Some of them have META-INFO directories, or something to that effect.
>
> I'd like to trace how the different 'class' files interact with one
> another and extract an
> API esque interface, this software does come with a DDE for what I
> think is taking a
> snapshot of a particular stocks price, volume, etc to import into Excel.
> But that DDE doesnt seem to stream from a software level, however it
> does come in a jar
> with 'classes'.
> However before I can actually access any of this data I have to log
> in, I've tried
> using gij but the software uses a certificate which I believe I have
> been able to dump with jcontrol.
>
> I've run the -verbose option and it dumps a lot of information which I
> am not sure on how to interpret it.
>
> I think I understand these class files have entry points and I think I
> have an idea
> of what they might be with jcf-dump.  I havent tried invoking any of these
> files with Perl or C or anything.  Is it just a matter of passing
> variables to these
> class files the same way it would be to a subroutine (or object(?)) correct?
>
> So the things I'd like to tackle are figuring out which class files
> interact with which,
> extracting/dumping data from those class files (an APIesque scenario),
> logging in without logging in through the software would be nice too.
>
> Literally taking a sledge hammer to the software would be great too
> if such a thing were possible.

Err... You are trying to understand code behavior from binaries
(classes are java binaries).
Its hard enough to understand code from real source code...
Obfuscation makes it even harder - most companies obfuscate class
files so that they are even harder to crack.

META-INF directories are mostly useless. The useful ones have xml
config files in them.

The DDE you mention could just be a set of "view" classes: provide
export functionality, interact with other jars behind the scenes (MVC
architecture)

> Is it just a matter of passing variables to these
> class files the same way it would be to a subroutine (or object(?)) correct?
No. Java classes do not have an entry and exit point.
There is one entry to the whole program / process (called main). After
that everything turns into objects and they "interact"... much like C:
you have main() and then its a series of function calls...
irrespective of which functions are located in which files.

If I understand correctly, you want to build a control flow from these jars.
Reverse engineering is not everyone's cup of tea. Its a mighty undertaking.

Given a choice between optimizing the software to behave better vs.
reverse engineering, I personally would take the former anyday.

I don't know what to tell you. I cannot recommend reverse engineering
java code. You could just go crazy after a few days.

Perhaps you could make a good case for your company to switch suppliers...

Sorry man... I feel your pain...

Ajay