Seeing all the system calls that were made by a Java program
Use strace:
strace -f java your_program
or
strace -f -p <pid of your java program>
How to check if C++ source has any system/shell calls in it?
In short, you cannot detect reliably all malicious syscalls (by static analysis of source code); read about the halting problem and Rice theorem... BTW MELT would be slighty better than grep
since it works on GCC gimple representation.
Think of (on Linux)
- dlopen(3)-ing the
libc
(or the main executable) thendlsym
-ing"system"
to get a pointer to thesystem
function - knowing the
libc
layout and version,, then computingsystem
's address by adding some known offset to address ofmalloc
- using some JIT libary, e.g. the header only GNU lightning
- coding the eqivalent of
system
withfork
andexecve
.... - etc....
Of course, you might be trusting your user (I won't do that for a web application). If you trust all your users and just want to detect mistakes you might be able to filter some of them.
You need some container, e.g. docker
strace on two instances of java
By default, the program strace does not trace child processes. However, the Java VM creates early in the process a child process for the actual work. That's the reason, why the two different programs generate the same result when invoked with strace.
To also trace child processes, use the option -f
to strace, i.e.:
strace -f java Hello
How can I get the complete Call Hierarchy of a Java source code?
If you want to make any source code changes/refactoring you will have to manually find all usages and apply your code changes;
Any way, I have two different aproach
Static search
You can simply doText Search
in eclipse to find the occurance ofgetA2()
. It will directly take you to the Caller method (here CBusinessObject.verifyA()) -but it will give you every getA2() occurances, may be from different classRun time search
Usejava instrumentation API
to change the byte code at run time on your required method to find invoking class and run asjava agent
- Enable you to identify the caller with out touching the existing code base and very useful especially when you don't have access to source code.
Here you go how to implement
Step 1- Write Agent main class to initiate instrumentation
public class BasicAgent {
public static void premain(String agentArguments, Instrumentation instrumentation){
System.out.println("Simple Agent");
FindUsageTransformer transformer = new FindUsageTransformer ();
instrumentation.addTransformer(transformer,true);
}
}
Step 2 -Write a ClassFileTransformer implementation and capture the method
public class FindUsageTransformer implements ClassFileTransformer{
Class clazz = null;
public byte[] transform(ClassLoader loader,String className,Class<?> classBeingRedefined, ProtectionDomain protectionDomain,
byte[] classfileBuffer) throws IllegalClassFormatException {
if(className.equals("A")){
doClass(className, classBeingRedefined, classfileBuffer);
}
return classfileBuffer;
}
private byte[] doClass(String name, Class clazz, byte[] b) {
ClassPool pool = ClassPool.getDefault();
CtClass cl = null;
try {
cl = pool.makeClass(new java.io.ByteArrayInputStream(b));
CtMethod method = cl.getDeclaredMethod("getA2");
// here you have lot of options to explore
method.insertBefore("System.out.println(Thread.currentThread().getStackTrace()[0].getClassName()+ Thread.currentThread().getStackTrace()[0].getMethodName());");
b = cl.toBytecode();
} catch (Exception e) {
System.err.println("Could not instrument " + name
+ ", exception : " + e.getMessage());
} finally {
if (cl != null) {
cl.detach();
}
}
return b;
}
Step 3- create jar file for agent classes ( you have to set manifest file with premain class, and add javaassit jar) snippet of build file is given - you can do it by manually as well
<jar destfile="build/jar/BasicAgent.jar" basedir="build/classes">
<manifest>
<attribute name="Manifest-Version" value="1.0"/>
<attribute name="Premain-Class" value="com.sk.agent.basic.BasicAgent"/>
<attribute name="Boot-Class-Path" value="../lib/javassist.jar"/>
</manifest>
</jar>
Step 4- Run your main application with java agent - before that set VM arguments to load agent
-`javaagent:D:\softwares\AgentProject\AgentLib\build\jar\BasicAgent.jar`
Pre requisite : you would need javassist.jar
in the class path.
Related Topics
In Laymans Terms, What Does 'Static' Mean in Java
Httpservletrequest Get JSON Post Data
Runtime Exception Not Terminating the Programm
Execute Source Command from Java
Why Is 08 Not a Valid Integer Literal in Java
Fill an Array With Random Numbers
Ugly Fonts in Java Applications on Ubuntu
How to Reproduce a Silently Dropped Tcp/Ip Connection
Sending Command to Java -Jar Using Stdin via /Proc/{Pid}/Fd/0
Java Installation Issues on Ubuntu
Eclipse Swt Browser Crash (Linux 64Bit)
How to Create a Linux Cluster for Running Physics Simulations in Java
From What Linux Kernel/Libc Version Is Java Runtime.Exec() Safe with Regards to Memory
Using Xdg Directory Specification on Java Application
Cmake Can't Find Java, But It's Installed
Illegal Pattern Character 'T' When Parsing a Date String to Java.Util.Date
How to Make the Method Return Type Generic
Find Directory for "Application Data" on Linux and MACintosh