Hello, Basically JNI is an interface developed by SUN as a way to keep using legacy applications through the advancements in technology and business processes or if someone wants to access O/S or hardware specific info. All you need to do is compile the c/c++ application in a loadable object and call it from java. The steps you need to take are: 1. Write Java code that calls a native method through JNI. 2. Compile this Java code. 3. Create an .h file using javah. 4. You have (modify slightly) / create a C function that does the work. 5. Compile the C code into a loadable object (say DLL for the windows oriented). You can then try the java program. I must say I do not prefer this way of doing things (although this is the only way some times, depending in legacy application) as with this way you don't solve existing bugs/problems you just move them forward. You can also call scripting languages such as jpython from within java programs provided someone (SUN) has written a scripting interface for the two languages to communicate) A good reference if you have access to the book is: Java Cookbook Solutions and Examples for Java Developers by O'Reilly - Chapter 26 Hope it sheds some light... Best Regards, Zach ----------------------- Zacharias Pigadas Information Security Consultant ENCODE S.A. 3, R.Melodou Str 151 25 Marousi Athens, Greece Tel: +3010-6178410 Fax: +3010-6109579 web: www.encode-sec.com ------------------------ -----Original Message----- From: KF [mailto:dotslashat_private] Sent: Thursday, June 27, 2002 6:17 AM To: Dave Aitel Cc: Nelson Sampaio Araujo Junior; Rafael Anschau; anschau.ezat_private; vuln-devat_private Subject: Re: Java and buffer overflows So what you are saying is that you found a buffer overflow in some code that uses JNI? As in there was some c based code that the java invoked? I am currious to see how this works. -KF Dave Aitel wrote: >Although, as another poster said, native code invocation is going to >continue to be a problem for managed languages such as Java and C# in >the years to come. > >I've found a buffer overflow in native code invoked by a major >application server that happened to be written in Java. It's fixed now, >btw. :> > >-dave > > >
This archive was generated by hypermail 2b30 : Fri Jun 28 2002 - 10:41:35 PDT