[Konloch]

Checking launch args:

Code:

public static void checkLaunchArgs() {
List<String> launchArgs = ManagementFactory.getRuntimeMXBean().getInputArguments();
for (String s : launchArgs) {
if (s.startsWith("-Xbootclasspath") || s.startsWith("-Xdebug") || s.startsWith("-agentlib")
|| s.startsWith("-javaagent:") || s.startsWith("-Xrunjdwp:") || s.startsWith("-verbose")) {
System.exit(0);
}
}
}

Freezing VisualVM upon contact (kinda funny, you'll need an agent for this though):

Code:

@Override
public byte[] transform(ClassLoader loader, String className, Class<?> classBeingRedefined,
      ProtectionDomain protectionDomain, byte[] classfileBuffer) throws IllegalClassFormatException {
    if ("com/sun/jmx/remote/util/ClassLogger".equals(className)) {
      System.exit(0);
    }
    return classfileBuffer;
  }

I don't know if the Visual VM one works on other operating systems, tested on Java 7 with Windows 8.1

If you can manage to get your hands on an OS appropriate Attach native library at runtime (attach.dll, attach.so), it makes for some nice malware.

Killing off ClassFileTransformers the reverser may have attached by using your own (might vary, it's likely):

Code:

public static void transformerCheck(Instrumentation inst, ClassFileTransformer... transformers) {
    Class<? extends Instrumentation> instClass = inst.getClass();
    Class<?>[] c = new Class<?>[2];
    Field[] f = new Field[3];
    a: for (Field field : instClass.getDeclaredFields()) {
      Class<?> fieldType = field.getType();
if (!fieldType.isPrimitive()) {
for (Field field1 : fieldType.getDeclaredFields()) {
if (field1.getType().isArray()) {
Class<?> arrayType = field1.getType().getComponentType();
            for (Field field2 : arrayType.getDeclaredFields()) {
              if (field2.getType().isAssignableFrom(ClassFileTransformer.class)) {
                c[0] = fieldType;
                c[1] = arrayType;
                f[0] = field;
                f[1] = field1;
                f[2] = field2;
                break a;
              }
            }
          }
        }
      }
    }
    try {
      for (Field f1 : f) {
        f1.setAccessible(true);
      }
      Object[] o = (Object[]) f[1].get(f[0].get(inst));
      ClassFileTransformer[] loaded = new ClassFileTransformer[o.length];

      for (int i = 0; i < loaded.length; i++) {
        loaded[i] = (ClassFileTransformer) f[2].get(o[i]);
      }
      for (int i = 0; i < loaded.length; i++) {
        for (int i1 = 0; i1 < loaded.length; i1++) {
          if (i1 == i) {
            continue;
          }
          if (loaded[i] == loaded[i1]) {
            loaded[i] = null;
            break;
          }
        }
      }
      int numLoaded = 0;
      for (int i = 0; i < loaded.length; i++) {
        if (loaded[i] == null) {
          o[i] = null;
        } else {
          numLoaded++;
        }
      }

      Object[] oNew = (Object[]) Array.newInstance(c[1], numLoaded);
      for (int i = 0, i1 = i; i < o.length; i++) {
        if (o[i] != null) {
          oNew[i1] = o[i];
          i1++;
        }
      }
      f[1].set(f[0].get(inst), oNew);
      
      loaded = new ClassFileTransformer[oNew.length];

      for (int i = 0; i < loaded.length; i++) {
        loaded[i] = (ClassFileTransformer) f[2].get(oNew[i]);
      }
      
      if (transformers.length == loaded.length) {
        for (int i = 0; i < loaded.length; i++) {
          if (transformers[i] != loaded[i]) {
            System.exit(0);
          }
        }
      } else {
        System.exit(0);
      }
    } catch (Exception e) {
      e.printStackTrace();
      System.exit(0);
    }
  }

where "transformers" is an array of all the ones that are SUPPOSED to be attached (i.e. your own, not theirs)

Now this is very sexy! Thanks for this share.