Shulou(Shulou.com)06/02 Report--

This article is to share with you about the serialization format in Java, the editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

II: Java serialized data format

Let's start with a simple fried chicken demo code as the object of analysis, as follows:

Class MyClass implements Serializable {private static final long serialVersionUID = 2L

Public String name

Public MyClass (String name) {this.name = name;}}

Public class Ser {private static final String SAVED_PATH = "/ Users/spring/Desktop/MyClass2.ser"; public static void main (String [] args) throws IOException, ClassNotFoundException {MyClass c = new MyClass ("anyeshe"); try (ObjectOutputStream out = new ObjectOutputStream (new FileOutputStream (SAVED_PATH) {out.writeObject (c);}

After compiling and running, a file will be generated under the above path, which is the content of the object serialization, which is also the focus of the following analysis.

Tool introduction:

Hex Fiend

Vscode plug-in

Xxd command

In short, use these tools to view the serialized content in hexadecimal. The results of Hex Fiend analysis are as follows:

The magic number mentioned above, then the java serialization format should also have a magic number, which is the first 2 bytes

The famous ACED, look for it in the source code, as follows:

0005

This is the serialized version.

7372

Represents that an object is read and the class description of that object

0015

The above analysis tells us that there is a class, so we have to tell us which class it is. Yes, this 15 tells us that the next 21 characters (15 is hexadecimal to decimal is 21) is the fully qualified name of the class. so take 21 lengths later, as follows

636F6D2E 7468696E 6B6A6176 612E4D79 436C6173 73

00000000 00000002

The implementation of java object serialization, the Serializable interface, has this paragraph in the comments of the interface, as follows

Each serialized class has a version of ID, which we can define ourselves, and if not, the compiler will define it for us. In the example, I define 2L.

02

The description information of the serialized class is identified by setting a different flag, as follows:

0001

The number of fields, there is only one name, so it is 1.

4C

Transfer ASCII code is L, String object

B'for byte,C' for char, D'for double,F' for float, I'for int, J'for long, L'for non-array object types, S'for short, Z'for boolean, [`for arrays

0004

The next four bytes are the name of the domain

6E616D65

Conversion to ASCII happens to be the domain name that we define.

seventy-four

The identity is followed by a string, and the source code is as follows:

0012

Conversion to decimal is 18, which means that the number of characters in the following string is 18, Ljava/lang/String

4C6A6176 612F6C61 6E672F53 7472696E 673B

7870

seventy-four

The identity is followed by a string

0007

String length

616E7965 736865

The value of the object property name, and the transfer string is as follows

At this point, the contents of the java serialization are analyzed.

three。 Simple pursuit code

New ObjectOutputStream ()

Public ObjectOutputStream (OutputStream out) throws IOException {verifySubclass (); bout = new BlockDataOutputStream (out); the serial number data is written here handles = new HandleTable (10, (float) 3.00); subs = new ReplaceTable (10, (float) 3.00); enableOverride = false; writeStreamHeader (); write header information aced0005 bout.setBlockDataMode (true); if (extendedDebugInfo) {debugInfoStack = new DebugTraceInfoStack () } else {debugInfoStack = null;}}

Public final void writeObject (Object obj) throws IOException {if (enableOverride) {writeObjectOverride (obj); return;} try {writeObject0 (obj, false); all called this method} catch (IOException ex) {if (depth = = 0) {writeFatalException (ex);} throw ex;}}

These are the serialization formats in Java, and the editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.