Reverse Engineering Asked by Avery3R on March 23, 2021
In native code on windows functions can be hooked by replacing their prologue with a JMP instruction.
Is there a way to do something similar with an application written in java? In the end I want to record all data sent to/from a javax.net.ssl.SSLSocket.
I can’t modify the jar file or the jre on disk, because it will bail if the hashes don’t match up, but I can hook any function from native code during runtime.
I have a working solution right now, but it’s very messy and not that flexible. I’m hooking JNI_CreateJavaVM and inserting -Djavax.net.debug=all into the arguments passed to it. This causes all data sent over the socket to be written to disk, and then I’m hooking WriteFile to intercept that data before it gets written to disk.
I found something that looked close to what I want, the -javaagent parameter, but by the time my agent is loaded all of the java standard library is loaded so I don’t see a way to hook it using an agent.
edit: This question overlaps with Dynamic java instrumentation?
Jeong Wook Oh did a presentation at Blackhat 2012 were he explained how to trace Java programs by modifying the bytecode to call hook methods, see the "Automation" section of the paper. There is no source or tool available as far as I know.
There is also a tool called Javasnoop that is available, I did not test it. It uses the "Attach API" to monitor API calls. This method seems cleaner for what you want to do.
Answered by ekse on March 23, 2021
I've used javasnoop on jobs before. Use AspectJ, there's a learning curve for that too but it's absolutely the correct solution for you.
Answered by offbyseveral on March 23, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP