IDA Pro 6.8 bug when handling Java .class files

We will be studying the following file,
If you try to fire up IDA Pro 6.8 and open the given .class file, and also if you take a look into "I" method, you will notice that it contains an exception handler.
If you switch to the Text view and look at the bottom of the "I" method, you should have something that looks like the following:


The phrase given at the end of the method is not correct:

;met001_slot000                                ; DATA XREF: I+23 r ...
    .var 0 is a Ljava/lang/String; from met001_begin to met001_end
;met001_slot001                                ; DATA XREF: I+11 r ...
    .var 1 is a Ljava/lang/String; from met001_begin to met001_end
  .end method

Because, if you take a look at the very first instruction of the exception handler you will find:

met001_37:                                     ; DATA XREF: I:met001_50 i
    astore_1 ; met001_slot001
  .line 253
    new java/lang/Exception
    dup
    aload_1 ; met001_slot001
    invokevirtual java/lang/Exception.getMessage()Ljava/lang/String;
    invokespecial java/lang/Exception.<init>(Ljava/lang/String;)V
    athrow
met001_end:                                    ; DATA XREF: met001_slot000 i ...

    .catch java/lang/Exception from met001_begin to met001_35 using \
met001_37

The astore_1 at this context stores an object of type java/lang/Exception into the local variable 1. Meanwhile, IDA Pro happily rely on the argument type which is java/lang/String and does not give any hint that warns the average user that the type may or may not always of the given aforementioned type.

Stay safe.

Comments

Popular posts from this blog

Playing with VMProtect - Sample devirtualizeme32_vmp_3.0.9_v2

CTF.ma - Interesting CTF Challenges