Hi,

does someone has unpacked java class files packed with Towerj (tools which encaspulated a JVM in order to provide an exe file) ?

Hiya,

I'm not familiar with Towerj, but Java should be quite easy to unpack. It falls prey to the same ol' vulnerability that every piece of packed code falls to (ie. it must be decrypted before it can run). The java code has to be decrypted before its loaded into the jvm class loader. See the msjava.dll export java_lang_ClassLoader_defineClass0.

I actually had some experience with this type of target a long time ago and ended up patching msjava.dll to dump the encrypted class files to disk and then to reload a patched class from the disk at runtime.

See my original thread on the subject here:

http://www.woodmann.net/forum/showthread.php?t=1692&highlight=Java+unpacking

Clandestiny