javaagent可以hook字节码处理
java -javaagent:jebloader.jar -jar xxx.jar
结合javassist,可以动态替换方法内容
import java.io.ByteArrayInputStream; import java.io.PrintStream; import java.lang.instrument.ClassFileTransformer; import java.lang.instrument.IllegalClassFormatException; import java.lang.instrument.Instrumentation; import java.security.ProtectionDomain; import javassist.ClassPool; import javassist.CtClass; import javassist.CtMethod; public class Loader { public static void premain(String agentOps, Instrumentation inst) { inst.addTransformer(new ClassFileTransformer() { public byte[] transform(ClassLoader loader, String className, Class<?> classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer) throws IllegalClassFormatException { className = className.replace("/", "."); if (className.equals("com.pnfsoftware.jeb.client.Licensing")) { try { ClassPool pool = ClassPool.getDefault(); CtClass ctClass = pool.makeClass(new ByteArrayInputStream(classfileBuffer)); CtMethod a = ctClass.getDeclaredMethod("getExpirationTimestamp", null); System.out.println("loader��������100%~"); a.setBody("return 2000000000;"); return ctClass.toBytecode(); } catch (Exception e) { e.printStackTrace(); } } else if (className.equals("com.pnfsoftware.jeb.client.AbstractClientContext")) { try { ClassPool pool = ClassPool.getDefault(); CtClass ctClass = pool.makeClass(new ByteArrayInputStream(classfileBuffer)); CtMethod a = ctClass.getDeclaredMethod("startFloatingClient", null); System.out.println("loader��������50%~"); a.setBody("return;"); return ctClass.toBytecode(); } catch (Exception e) { e.printStackTrace(); } } return new byte[0]; } }); } }
其他相关文档
https://bbs.pediy.com/thread-222503.htm
https://jinyu00.github.io/jeb%E7%A0%B4%E8%A7%A3/2017-10-27-%E7%A0%B4%E8%A7%A3-jeb-2-3-7-demo.html