01-11-2015, 08:13 AM
(This post was last modified: 01-11-2015, 08:19 AM by bloo.
Edit Reason: added transformer killer
)
Checking launch args:
Freezing VisualVM upon contact (kinda funny, you'll need an agent for this though):
I don't know if the Visual VM one works on other operating systems, tested on Java 7 with Windows 8.1
If you can manage to get your hands on an OS appropriate Attach native library at runtime (attach.dll, attach.so), it makes for some nice malware.![Tongue Tongue](https://the.bytecode.club/images/newsmilies/tongue.png)
Killing off ClassFileTransformers the reverser may have attached by using your own (might vary, it's likely):
where "transformers" is an array of all the ones that are SUPPOSED to be attached (i.e. your own, not theirs)
Code:
public static void checkLaunchArgs() {
List<String> launchArgs = ManagementFactory.getRuntimeMXBean().getInputArguments();
for (String s : launchArgs) {
if (s.startsWith("-Xbootclasspath") || s.startsWith("-Xdebug") || s.startsWith("-agentlib")
|| s.startsWith("-javaagent:") || s.startsWith("-Xrunjdwp:") || s.startsWith("-verbose")) {
System.exit(0);
}
}
}
Code:
@Override
public byte[] transform(ClassLoader loader, String className, Class<?> classBeingRedefined,
ProtectionDomain protectionDomain, byte[] classfileBuffer) throws IllegalClassFormatException {
if ("com/sun/jmx/remote/util/ClassLogger".equals(className)) {
System.exit(0);
}
return classfileBuffer;
}
If you can manage to get your hands on an OS appropriate Attach native library at runtime (attach.dll, attach.so), it makes for some nice malware.
![Tongue Tongue](https://the.bytecode.club/images/newsmilies/tongue.png)
Killing off ClassFileTransformers the reverser may have attached by using your own (might vary, it's likely):
Code:
public static void transformerCheck(Instrumentation inst, ClassFileTransformer... transformers) {
Class<? extends Instrumentation> instClass = inst.getClass();
Class<?>[] c = new Class<?>[2];
Field[] f = new Field[3];
a: for (Field field : instClass.getDeclaredFields()) {
Class<?> fieldType = field.getType();
if (!fieldType.isPrimitive()) {
for (Field field1 : fieldType.getDeclaredFields()) {
if (field1.getType().isArray()) {
Class<?> arrayType = field1.getType().getComponentType();
for (Field field2 : arrayType.getDeclaredFields()) {
if (field2.getType().isAssignableFrom(ClassFileTransformer.class)) {
c[0] = fieldType;
c[1] = arrayType;
f[0] = field;
f[1] = field1;
f[2] = field2;
break a;
}
}
}
}
}
}
try {
for (Field f1 : f) {
f1.setAccessible(true);
}
Object[] o = (Object[]) f[1].get(f[0].get(inst));
ClassFileTransformer[] loaded = new ClassFileTransformer[o.length];
for (int i = 0; i < loaded.length; i++) {
loaded[i] = (ClassFileTransformer) f[2].get(o[i]);
}
for (int i = 0; i < loaded.length; i++) {
for (int i1 = 0; i1 < loaded.length; i1++) {
if (i1 == i) {
continue;
}
if (loaded[i] == loaded[i1]) {
loaded[i] = null;
break;
}
}
}
int numLoaded = 0;
for (int i = 0; i < loaded.length; i++) {
if (loaded[i] == null) {
o[i] = null;
} else {
numLoaded++;
}
}
Object[] oNew = (Object[]) Array.newInstance(c[1], numLoaded);
for (int i = 0, i1 = i; i < o.length; i++) {
if (o[i] != null) {
oNew[i1] = o[i];
i1++;
}
}
f[1].set(f[0].get(inst), oNew);
loaded = new ClassFileTransformer[oNew.length];
for (int i = 0; i < loaded.length; i++) {
loaded[i] = (ClassFileTransformer) f[2].get(oNew[i]);
}
if (transformers.length == loaded.length) {
for (int i = 0; i < loaded.length; i++) {
if (transformers[i] != loaded[i]) {
System.exit(0);
}
}
} else {
System.exit(0);
}
} catch (Exception e) {
e.printStackTrace();
System.exit(0);
}
}