Checking if an .exe is actually a .jar wrapped in an .exe

Question

Let's say I have a .jar file and wrap it into a .exe using any number of free utilities out there, like JSmooth.

Would it be possible to tell, given just the .exe, if it was generated using one such utility from a .jar file?

Your title says one thing and the question body another. Could you please clarify which one is the real question? — Igor Skochinsky, Mar 20 '13 at 02:17

Remko · Accepted Answer · 2013-03-20T12:26:45.797

25

I did a quick test with JSmooth and it simply places the whole .jar file in a resource. You can easily see this by opening a JSmooth executable with Resource Hacker as the following screen shot shows (I used sun's deploy.jar from the java lib folder):

Resource Hacker Screenshot displaying the jar as a resource

For other utilities it might be different but you could use a tool like binwalk to look for the jar/zip signature inside the exe.

edited Mar 20 '13 at 12:26

answered Mar 20 '13 at 12:12

Remko

3,228
3
22
30

1

Good answer, though of course other tools might not use the same approach. The question was a bit vague anyway though, so I think answering that specific implementation is the right way to go. – Jordan Mar 22 '13 at 13:37

Henry Heikkinen · Answer 2 · 2013-03-27T07:34:57.453

8

If the executable itself isn't packed or obfuscated you can often find the jar or class files by simply opening it in decompression utilty such as 7-zip.

Minecraft launcher exe opened in 7-zip

edited Mar 27 '13 at 07:34

answered Mar 20 '13 at 11:39

Henry Heikkinen

461
5
10

You can decompress a jar file using something like 7-zip, but the question was clarified to extracting a jar from an exe, not an exe from a jar. – amccormack Mar 27 '13 at 01:00
4

I understood the question. You can open the exe in 7-zip to find jar/class files. – Henry Heikkinen Mar 27 '13 at 07:37

score 5 · Answer 3 · answered Apr 02 '13 at 23:21

You can simply grep the file for "javaw.exe" or java.exe... This will usually be a pretty good indicator whether or not the program is a Java wrapper or not.

archenoth@Hathor ~/apps/Minecraft $ grep javaw.exe /host/Windows/notepad.exe 
archenoth@Hathor ~/apps/Minecraft $ grep javaw.exe ./Minecraft.exe 
Binary file ./Minecraft.exe matches
archenoth@Hathor ~/apps/Minecraft $

This is because wrappers usually contain the following:

enter image description here

score 5 · Answer 4 · answered Mar 20 '13 at 02:38

The exe is probably just a small add-on that will execute the java interpreter on a set of packed classes. I don't know more details about how they go about their job, but there's big chance that the jar file sits unmodified inside the generated exe

You could take a look at the generated files with a hex viewer and there's a high chance you'll find a jar signature (to find out create a small jar file, look at it with a hex viewer, pack it and search for specific content from the original jar in the packed file)

Checking if an .exe is actually a .jar wrapped in an .exe

4 Answers4

Linked