All geek questions in one place

Java: URLClassLoader saves loaded classes in Temp dir

I try to download a jar file from the network using URLClassLoader, everything works fine, but all the loaded classes are stored in the temp directory of Windows and can be copied for deobfuscation until I call classLoader.close();, which in turn will cause the program to call ClassNotFoundException.

Can I load classes without saving to disk?

(Only memory) Another solution encrypts the jar classes and writes its own ClassLoader class, which decrypts the classes, but I cannot find any examples.

I tried to find documents or articles on this subject, but found nothing : (

Please tell me whether it is possible to implement and where can I get material on this topic? Thank!

+4
source share
2 answers

You understand that anyone who has access to the machine on which the code is running can always get code that will perform custom class loading, right? This means that they can simply decompile this class and make it write out the decrypted classes, which makes this exercise pointless. True, most people do not know how to do this, but it is possible.

, . , , , , , , ( jad , , ).

, , .

+2

ClassLoader, . Java Classloader:

class NetworkClassLoader extends ClassLoader {
     String host;
     int port;

     public Class findClass(String name) {
         byte[] b = loadClassData(name);
         return defineClass(name, b, 0, b.length);
     }

     private byte[] loadClassData(String name) {
         // load the class data from the connection
          . . .
     }
 }

loadClassData, . loadClassData - .

+1

Source: https://habr.com/ru/post/1533170/

More articles:


All Articles