自定义类加载器和UrlClassLoader

自定义类加载器

CMD.java

import java.io.IOException;

public class CMD {
    public static Process exec(String cmd) throws IOException {
        return Runtime.getRuntime().exec(cmd);
    }
}

介绍两个加载器,任选其一,建议第二种通用点

MyClassLoader.java 其中流转字符的jar包是org.apache.commons.io.IOUtils;

package com.superman.test;

import org.apache.commons.io.IOUtils;

import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.nio.file.Files;
import java.nio.file.Paths;

public class MyClassLoader extends ClassLoader{
    private static String TestClassname = "CMD";
    byte[] testbytes;
    {
        try {
            testbytes = Files.readAllBytes(Paths.get("C:\\CMD.class"));
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    @Override
    public Class<?> findClass(String name) throws ClassNotFoundException {
        if (name.equals(TestClassname)){
            return defineClass(TestClassname,testbytes,0,testbytes.length);
        }
        return super.findClass(name);

    }

    public static void main(String[] args) throws ClassNotFoundException, IllegalAccessException, InstantiationException, NoSuchMethodException, InvocationTargetException, IOException {
        String cmd = "whoami";
        MyClassLoader mcl = new MyClassLoader();
        Class testclass = mcl.loadClass(TestClassname);
        Object obj = testclass.newInstance();
        Method mth = testclass.getMethod("exec",String.class);
        Process process = (Process)mth.invoke(obj,cmd);
        InputStream in = process.getInputStream();
        System.out.println(IOUtils.toString(in,"GBK"));
    }

}

MyClassLoader2.java

package com.superman.test;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.nio.file.Files;
import java.nio.file.Paths;

public class MyClassLoader extends ClassLoader{
    private static String TestClassname = "CMD";
    byte[] testbytes;
    {
        try {
            testbytes = Files.readAllBytes(Paths.get("C:\\CMD.class"));
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    @Override
    public Class<?> findClass(String name) throws ClassNotFoundException {
        if (name.equals(TestClassname)){
            return defineClass(TestClassname,testbytes,0,testbytes.length);
        }
        return super.findClass(name);

    }

    public static void main(String[] args) throws ClassNotFoundException, IllegalAccessException, InstantiationException, NoSuchMethodException, InvocationTargetException, IOException {
        String cmd = "whoami";
        MyClassLoader mcl = new MyClassLoader();
        Class testclass = mcl.loadClass(TestClassname);
        Object obj = testclass.newInstance();
        Process process = (Process)testclass.getMethod("exec",String.class).invoke(obj,cmd);
        InputStream in = process.getInputStream();
//        System.out.println(IOUtils.toString(in,"GBK"));
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        byte[] b = new byte[1024];
        int a = -1;
        while ((a = in.read(b)) != -1){
            baos.write(b,0,a);
        }
        System.out.println(baos.toString("GBK"));
    }

}


UrlClassLoader

UrlClassTest

package com.superman.test;

import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.net.URL;
import java.net.URLClassLoader;

public class UrlCloaderTest {

    public static void main(String[] args) {
        try {
            // 定义远程加载的jar路径
            URL url = new URL("http://192.168.0.103:8000/CMD.jar");

            // 创建URLClassLoader对象,并加载远程jar包
            URLClassLoader ucl = new URLClassLoader(new URL[]{url});

            // 定义需要执行的系统命令
            String cmd = "whoami";

            // 通过URLClassLoader加载远程jar包中的CMD类
            Class cmdClass = ucl.loadClass("CMD");

            // 调用CMD类中的exec方法,等价于: Process process = CMD.exec("whoami");
            Process process = (Process) cmdClass.getMethod("exec", String.class).invoke(null, cmd);

            // 获取命令执行结果的输入流
            InputStream in = process.getInputStream();
            ByteArrayOutputStream baos = new ByteArrayOutputStream();
            byte[] b = new byte[1024];
            int a  = -1;
            // 读取命令执行结果
            while ((a = in.read(b)) != -1) {
                baos.write(b, 0, a);
            }

            // 输出命令执行结果
            System.out.println(baos.toString());
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

}

CMD.java

import java.io.IOException;

public class CMD {
    public static Process exec(String cmd) throws IOException {
        return Runtime.getRuntime().exec(cmd);
    }
}

之后javac CMD.java 自动生成CMD.class文件,再执行jar cvf CMD.jar CMD.class,将CMD.class转换成CMD.jar。用python起一个http服务即可

posted @ 2021-10-22 16:10  我要变超人  阅读(631)  评论(0编辑  收藏  举报