Method's Bytecods in runtime
[98 byte] By [DanDia] at [2007-11-27 4:37:39] 
Please, how can I programmatically get the bytecodes of a method at an application runtime?
«« JTable addColumn() produces ArrayIndexOutOfBoundsException
»» Getting the data from the hashmap (nullpointer exception)
»» Getting the data from the hashmap (nullpointer exception)
# 1
I doubt that you can. If possible then it would only be available via the debugging API.If it isn't available there then you can't get it.Alternatively you can create your own class loader and intercept class file yourself if you wish.jschella at 2007-7-12 9:47:57 >
# 2
I need some form to check the integrity, at runtime, of an application. I thought that I could obtain the bytecodes of methods in JVM's memory(method area(?) ) and calculate the hash. Do you have some tip?Yhank you.DanDia at 2007-7-12 9:47:57 >
# 3
By the time you get to a method in java the class has already been loaded so you couldn't do it that way.
What is wrong with the current verification that the VM already does?
I believe you can sign the jar.
If that isn't sufficient then you will need to use a custom class loader.
jschella at 2007-7-12 9:47:57 >
# 4
Signing the jar I "only" guarantee the integrity and authentication before execution. I need some form to verify the integrity of the application memory at runtime.My problem is a variant of a problem known as Time-of-Check , Time-of-Use.Thank youDanDia at 2007-7-12 9:47:57 >
# 5
> Signing the jar I "only" guarantee the integrity and> authentication before execution. I need some form to> verify the integrity of the application memory at> runtime.Impossible.How are you going to verify the verification routine at jschella at 2007-7-12 9:47:57 >
# 6
How do not permit that a code not signed by a specified organization be executed by the JVM ? Custom ClassLoader ?I need some mechanism in the JVM.DanDia at 2007-7-12 9:47:57 >
# 7
> How do not permit that a code not signed by a
> specified organization be executed by the JVM ?
Again impossible.
Although I suppose you could create your own VM.
> Custom ClassLoader ?
> I need some mechanism in the JVM.
If and only if you have an application running, then that application can do certain things, for instance use custom class loaders and security managers.
A class loader lets you verify the class. And you can do anything you want to do that.
The security manager lets you verify the methods that are called.
Note that you can't verify the security manager (chicken and the egg.)
Nor, without a custom VM, can you verify all applications, only your own.
Note finally if you are trying to create a turnkey system then you need to use another language besides java, at least for most of the security/access work. (Because this is the only thing I can guess you are attempting via this.)
jschella at 2007-7-12 9:47:57 >
# 8
My solution assumes an initial secure point. Thus I do not have a chicken and egg problem. But this is another problem.
Do you know an example of ClassLoader that verify the signature of a class file before loading that class?
I need to impede that a class not signed by my organization can be executed.
Tank you very much.
DanDia at 2007-7-12 9:47:57 >
# 9
> Do you know an example of ClassLoader that verify the> signature of a class file before loading that class?No. But I know it has been discussed many times on this site. So perhaps some code was presented there.jschella at 2007-7-12 9:47:57 >
# 10
You can ask for information about an arbitrary class, eg. where it was loaded from, and what certificates it has.
If you assume a secure starting point, then you could potentially save the URL and certs of that object/class, and compare it against other classes whenever you want.
Object yourArbitraryObject = new String();
java.security.CodeSource codeSource = yourArbitraryObject.getClass().getProtectionDomain().getCodeSource();
URL classLoadedFrom = codeSource.getLocation();
java.security.cert.Certificate[] classCerts = codeSource.getCertificates();
regards,
Owen
omcgoverna at 2007-7-12 9:47:57 >
# 11
JVM TI agents can access the method bytes using the GetBytecodes and GetConstantPool functions. Their purpose is more to allow agents do bytecode transformations but they may be useful if you are working on a tool to examine the actual method bytecodes.alan.batemana at 2007-7-12 9:47:57 >
Java HotSpot Virtual Machine New Topic
Java HotSpot Virtual Machine Hot Topic
- how to create DLL?
- Ain't I using java -Xmx500m correctly?
- Tomcat can't work well with Java Class that loads two shared libraries?
- Library name compatibility 32/64 bit and across platforms
- How to operate the USB device by java
- Why?When send a String type param from Java to C,I get An unexpected error.
- convert C++ miiliseconds into Java Date
- What should i install for building a native lib (dll or so) file?
Java HotSpot Virtual Machine
All Classified
- Archived Forums
- Enterprise & Remote Computing
- Java Essentials
- Desktop
- Core
- Solaris Operating System
- Security
- Database Connectivity
- Java Mobility Forums
- Web & Directory Servers
- Development Tools
- Application & Integration Servers
- Java HotSpot Virtual Machine
- Other Topics
- E-Mail, Calendar, & Collaboration
- Developer Tools
- General
- Administration Tools
- Sun Hardware
- Storage Forums
- Java Enterprise System
- StarOffice
- Open Source Technologies
- BigAdmin
- Real-Time
- Java Coding