About executables in Java
Hi all,
I've heard that it is possible to create an .exe file written in java.
Till now i thought that a compiler creates class files that are executed inside VM. On the other hand .exe files are executed by the Operating System, right? Isn't it a little weird? Besides there is no compiler parameter that will create an exe file instead of a class file (as far as i know).
May someone tell me if this can be done after all and if yes, how?
Isn't it against Java's philosophy?
Thanks..
[526 byte] By [
asdgfa] at [2007-10-3 4:35:02]
> Hi all,
> I've heard that it is possible to create an .exe file
> written in java.
It's unnecessary and I've never had to do it, but it's possible, yes.
> Till now i thought that a compiler creates class
> files that are executed inside VM.
That's exactly how it works.
> On the other hand
> .exe files are executed by the Operating System,
> right?
Executed by the WINDOWS operatins system only.
> Isn't it a little weird?
No, Java is platform independent, so making exe files would be useless.
> Isn't it against Java's philosophy?
To create EXE files by default, yes, that would be against philosophy because your Java program would now be a Windows program.
You can make an executable JAR file in java. It will run in windows "seamingly the same as an exe file" in that you can double click it and it will have the JVM launch and then the Java application will run in the VM. If you do this you do not get a console window during the execution. So as I said, it "seamingly" is the same.
Executable jar files are great, but when you release your product to end-users, you should use the familar exe, otherwise they won't know what to do with it (I mean even I didn't know what to do with it at first.. and I'm a Java programmer).. I suppose there are ways to make it easier, like having a shortcut to it, but I think at least to have a custom icon attached to it, you need to have the exe file. There can be other benefits to using exe, such as detecting if Java is installed on system and directing the user to download it if it isn't. I found launch4j to be very helpful tool in creating the exe's.. and it's under LGPL so you can use it for commercial applications, which is really essential, if you're into that.
And going against 'Java's philosophy' isn't bad if you're targetting Windows users.. the end users don't care about the so-called 'Java philosophy' when it doesn't help them.
(It's also doubtful they know Java as being more than some coffee)
Regarding the console window apparing when double-clicking the jar's, you can set file association of jar to use javaw.exe instead of java.exe. This can be done by going to any windows file explorer window (such as my computer) -> Tools -> Folder options -> File types. Of course you can't expect your end-users to go through this process so you'd have to modify the registry settings by a program when the application is installed.. but if you want to go this far, why not go the extra step and make the .jar into an exe? (I might sound like an exe advocate but I'm just trying to be helpful).
> No, Java is platform independent, so making exe files would be useless.
No, it's definitely not useless to create exe-files.
Windows users expect exe-files, and that's what you should give them.
Mac users expect Application bundles, and that's what you should give them.
Linux - well, personally I don't worry about Linux as most paying users (at least in my app. domain) are running on Windows and Mac.
Do NOT distribute your application as an executable jar-file - unless your 'target market' is developers (though I really would never do that).
For example, various compression programs (at least on Windows) steal the .jar-extension - since jar-files are nothing but zip-files with a different extension.
I would distrubute using Web Start vs. making platform specific bundles. I'm certainly not going to start making exe files any time soon. And in the 8 years I've been doing Java, I haven't ever needed to make one.
Hi All,
Can anyone please tell which is the best : Excecutable JAR or *.exe ?
what are the advantages & disadvantages of both ?
I have a java application with me which i need to make as executable .....which is the best option ? executable jar or *.exe ?
Thanks in advance.............
This post may not answer your question, but add a question with it for additional feedback..
Can executable jar files be opened ... or unzipped to obtain the .class files? Leaving the code accessible ?
Can applications written in Java that are made into exe files be "violated" in any way to obtain the code?
Which is the best approach?
> Can anyone please tell which is the best
> Excecutable JAR or *.exe?
(1) if you use JAR, and you don't have
any platform-specific assumptions in your Java code,
then your program can run in Windows, Linux, Mac...
But EXE is (in general) only executable in Windows.
(2) if you use EXE or JNI or other similar tricks,
you can often get more intimate interaction with the underlying OS.
So if you *need* it, then of course you have to do it.
Finally, professional Java->Exe is expensive.
One of the most popular product for doing this is
http://www.excelsior-usa.com/jet.html
And it costs between $1200 and $4500.
> Can executable jar files be opened or unzipped to
> obtain the .class files?
Yes
> Can applications written in Java that are made into
> exe files be "violated" in any way to obtain the code?
Depends on how the EXE was made.
If it is a true re-compilation into x86 instructions,
then it is impossible to obtain the entire original code.
(But it is still very easy to disassemble the interesting
portion of the EXE in order to defeat poorly-written security features
that are in the program)
What is the best way to prevent someone from hacking your code?
If you write an application in Java and would like to make it a jar or exe for others to use, what steps could best prevent others from accessing it's "code"...?
I don't know much about what re-compiling means, or what you would do.
> What is the best way to prevent someone
> from hacking your code?
Define hacking. I can see many different
things you are worried about:
(1) People might discover your algorithm.
(2) People might be able to alter your program.
(3) People might be able to read a password
or encryption key that you embedded in your Java program.
etc. etc.
And the answer is, yes, yes, yes, yes. Those are all quite doable.
JAR is more vulnerable to (1) and (2).
JAR and EXE are equallty vulnerable to (3).
Yes, yes, exactly. I don't want the algorithm exposed ... exposing code means exposing algorithm ... Sounds like I can't do much to prevent that...Now what? What can one do?
> I don't want the algorithm exposed...> Now what? What can one do?As I said, compiling to EXE is better at hiding the actual algorithm.
> What is the best way to prevent someone from hacking
> your code?
>
> If you write an application in Java and would like to
> make it a jar or exe for others to use, what steps
> could best prevent others from accessing it's
> "code"...?
>
> I don't know much about what re-compiling means, or
> what you would do.
IMO, there's almost no way to prevent someone from hacking your code.
If it's a jar, you can easily unzip and use JAD to convert it to .java.
If you use some obfuscator or lay traps, it's still VERY easy to hack into your code using BCEL/KlassMaster. I have hacked games obfuscated with ZKM ( $1000+ obfuscator ) without any complications.
You can create self-executable JAR file. In Windows you can double click & run it.
To create a self-executable JAR file
1) Create a manifest file, for example man.mf with content Main-Class: MainClass
2) In command prompt, execute jar cvfm App.jar man.mf *.class
For more informations check
http://java.sun.com/docs/books/tutorial/deployment/index.html
I use Excelsior Jet to create executables files from my jar file. It generates executables for windows and linux and within it you have an Installer, Jet Pack, where you can configure an installation pack to distribute your software.
These solutions are very important for us because we distribute our software all over the country (Brazil). We have a team to provide software deployment, training and support to clients, but its mostly done by our partners . We cant give them a jar file with all of our work there, totally exposed.
We are very satisfied with benefits Jet has been given. We have protected code and desktop application with a good performance, better than you can obtain from a .jar executable file.
Excelsior Jet is not cheap, but it's benefits justify each dollar invested. Thats my analisys about this tool.
This reply might not answer your question but when you make any jar file then it can be decompiled and then your code is visible....
So make your jar file and then convert it into an exe file so that nobody can read your code.
There are so many free softwares available to convert jar file into an exe file.
Just do a search on google.
Sachin
There's almost no way to prevent someone from hacking your code.
Rather than asking ways to prevent hacking, how about ways to better protect it.
Obfuscator... from what I can see, alter various code segments so that it doesn't come out the same way it went in. Are you saying that's not much of a help and still easy to undo? I suppose it could rule out 1 or 2 hackers... from the bunch. :o)
Jars are simply so "openable" and exposes your class files without any effort. With that leaves the option of giving up the "run on any platform using a jar" and turning to creating an exe.
I don't know much, just what I've read this week, and in here... so all of this, and any other help would be appreciated.
Are all exe's built the same?
Does it matter what program you use to create an exe. There's a few free ones -- and then a few quite costly ones.There's no hint in the product descriptions that I've read indicating that they do anything differently. Can anyone help here? :o)
I also found an article on making variables final, using an isInitialized variable for your classes, etc. towards efforts to "better protect" your code. But I'm not sure the efforts of doing that are worth anything? Is there an article or url somewhere that could point me towards understanding this better
Still seeking info on this .... Deb
-Deba at 2007-7-21 10:37:10 >
Can you open the dll associated with a program to see what that's doing?
You misunderstood the meaining of _final_.
Jar files can all be decompiled, you might try to obfuscate or not, a professional hacker will still be able to read/understand your code. It all depends on how much time and money you're willing to spend on this and think twice if that's really worth that.
Exe files can all be dumped (at execution time, when the code is 'stripped' in the computers memory), and it's _impossible_ to hide it from assembly _professionals_. Even if you obfuscate enough the binary (in our case the windows .exe file) you still have to obey the rules that an .exe file must follow, otherwise it won't get executed by windows. You can however _try a lot_ and hide it from the majority of hackers, but not from all. It's like the web security, it's never 100% bullet proof.
You might also consider open source.
I've realized that... and it kind of stinks I guess. I'd rather not have someone hack my code.. :o)
Question though ...
What about hacking any of the dll's the program uses.. how does that work?
If I have calls to dll's that perform certain functions, is it possible to follow the flow of that execution as well?
-Deba at 2007-7-21 10:37:10 >
There is no reason describing the interaction between exe<-windows-> dll. You can buy a book and read it, and the longer you go into security issues like softare protection the more you'll need to dive into assembly language (masm fasm and nasm just a few of the assembly 'dialects'). There is no such software that were very popular and weren't cracked. Here, in east europe, 95% of all the software is cracked, practically only the government and a few enterprises use legally purchased software. You may believe it or not. No one in his mind is buying windows nor photoshop. You get it at worst for 4 (four) bux from the market or (at best) for free through a torrent. For instance Vista has long ago been patched to work fine, not only here in Russia but also in China and a lot of other countries. There's always (illegal) offer for a demand. We're not in the mid '80-90 when only the 3l33t had computers, there are thousands of paranoid ppl who spend their time on cracking for fun, and an entire industry that makes money of cracking or hijacking. So my advice is, you ain't gonna learn to protect your software from this forum thread, it's way too complicated, so better google for the info you need and you'll find tons of info.
I understand that I cannot protect it, but to eliminate the little-man hackers is good enough for me.
My program isn't worth much, and I can't see anyone wasting too much time on it.
But on the other hand, I would like to take whatever steps I can...
I was just wondering if there was a benefit to moving some code into a dll and out of the Java.
My program is written in Java, I have a few dlls that are used, and I have added an id/key to start the application.
With that, I am really just asking if there is a beneift to moving the id/key stuff out of the Java. Is there a benefit to this? Would it prevent an extra 5 people hacking it? :o)
Just seemed to me that hacking a dll would increase the hacking time needed.
-Deba at 2007-7-21 10:37:10 >
You're on the right track, I think. All you can do is follow best practices to protect yourself. Using an obfuscator like ZKM helps a lot. Creating an .exe file could possibly throw off a couple more would be hackers. Moving your code into a .dll is probably not a good idea because it would make development much more difficult for you, in my opinion.
