Hi,
I have a file that contains serialized Java classes. I would like to parse this file in order to get a list of the classes in the file and the serialVersionUID of each class.
Is there a tool anyone can recommend to do this, or perhaps someone could offer some pointers on where I should start to accomplish this myself?
Cheers
Rich
-
I don't know if there's already such a tool (if you have access to the classes themselves, the serialver tool can tell you the ID), but if you need to roll your own, Sun's serialzation spec should contain all the information you need - specifically, the grammar of the stream format.
-
Unfortunately not all classes (even in the JDK) obey the serialisation spec. In particular
readObjectdoes not always calldefaultReadObjectorreadFields, with the equivalent mistake inwriteObject.You can detect which classes are being used whilst deserialising.
ObjectInputStreamusesresolveClassandresolveProxyClassto map class descriptors to actualClasses (some subclasses you different rules for class loader lookup).Rich : Thanks, I have subclasssed my ObjectInputStream and logged the requests to the two methods you identify. That has given me enough information to move forward.
0 comments:
Post a Comment