Bytecode Viewer vs. Decompiler: When to Use Each Tool

Bytecode Viewer Tutorial: Read, Analyze, and Modify JVM Bytecode

Overview

This tutorial explains how to use Bytecode Viewer to inspect, analyze, and modify Java bytecode (class files). It covers loading class files, exploring disassembly views, using integrated decompilers, performing basic analysis, and applying simple modifications. Assumes Java 8+ class files and a local copy of Bytecode Viewer.

Getting started

1. Download and run Bytecode Viewer:
   • Grab the latest release from the project’s GitHub or official distribution and run the JAR:

     Code
     Copy CodeCopied
     java -jar Bytecode-Viewer.jar 

2. Open a class file or JAR:
   • File → Open → choose a .class or .jar. The left panel shows the file tree; select a class to load views.

Main panes and views

• Class tree (left): package and class list for the opened JAR.
• Bytecode / Disassembler (center): JVM instructions per method (ASM-style mnemonics).
• Decompilers (tabs): multiple decompiler outputs (Fernflower, CFR, Procyon, Krakatau, JD) for comparison.
• Hex view: raw bytes of the class file.
• Constant pool: literal pool entries (strings, class refs, method refs).
• AST / Control flow (when available): visualizes control-flow and basic blocks.

Reading bytecode basics

• Bytecode is organized by methods; each method shows instructions, operand stack actions, and local variables.
• Common instructions:
  • aload_0, aload_1 — load reference local variables
  • iconst_0, iconst_1 — push small integer constants
  • invokestatic, invokevirtual — method calls
  • getfield, putfield — instance field access
  • ifeq, ifne, if_icmplt — conditional jumps
  • goto — unconditional jump
  • return, ireturn, areturn — method returns
• Use the constant pool pane to resolve method and field references seen in invoke/get instructions.

Analyzing code

1. Compare decompiler outputs:
   • Switch between decompiler tabs to spot reconstruction differences; decompilers may rename synthetic variables or simplify control flow differently.
2. Inspect control flow:
   • Use the control-flow/graph view (if present) to locate loops, branches, and exceptions.
3. Track stack/local usage:
   • Read instruction comments (stack effect) and local variable table to understand how values move.
4. Find obfuscation patterns:
   • Look for heavy use of invokedynamic, opaque predicate sequences (multiple irrelevant jumps), or meaningless constant pool entries.

Making simple modifications

1. Edit bytecode with the built-in assembler (if available) or export and use a bytecode library:
   • Right-click a method → Open with Assembler (or Edit) to change instructions.
2. Common edits:
   • Replace invokestatic with a call to a different static helper.
   • Insert logging: push string, call println via System.out.
   • Change constants: modify ldc entries to alter literal values.
3. Save changes:
   • After editing, save the class or export the modified JAR: File → Save or Export.
4. Verify:
   • Run the modified JAR or load it into a test harness. Use Java’s java -jar or unit tests to confirm behavior.

Working with decompilers and re-compiling edits

• For larger changes, prefer decompile → modify source → recompile:
  • Copy decompiled source into a Java project, adjust code, recompile to class files, then repackage.
• Note decompiler inaccuracies: decompiled code may not compile cleanly without adjusting variable types, synthetic constructs, or corrected control structures.

Tips and best practices

• Keep backups: always work on copies of class/JAR files.
• Incremental edits: make small changes and test frequently.
• Use versioning: store original and modified binaries in a VCS for traceability.
• Use specialized tools for complex refactoring (ASM, BCEL, Javassist) rather than manual edits for safety and maintainability.
• Respect licensing and legality: only analyze or modify code you have the right to inspect.

Troubleshooting

• Class fails to load after edit: verify constant pool consistency and stack map frames (especially for Java 7+). Tools like ASM can rebuild stack frames.
• Runtime verification errors (VerifyError): check changed control flow or incorrect local/stack usage.
• Decompiler errors/inaccurate code: try multiple decompilers and manual inspection of problematic methods.

Example: Insert a simple print statement into a method

1. Locate target method and open bytecode editor.
2. Insert instructions at method start:
   • getstatic java/lang/System.out : Ljava/io/PrintStream;
   • ldc “Entered method X”
   • invokevirtual java/io/PrintStream.println (Ljava/lang/String;)V
3. Save and test the class to see the log output on method entry.

Further reading

• JVM specification (for instruction details and stack maps).
• ASM documentation (for programmatic bytecode manipulation).
• Bytecode Viewer project docs and FAQs.

This tutorial gives a concise workflow to inspect, analyze, and make small modifications to JVM bytecode using Bytecode Viewer. For larger-scale changes, export to source or use bytecode libraries to ensure correctness.