trash

Author: BenjaminSoelberg

pom.xml

@@ -48,7 +48,7 @@
                 <configuration>
                     <archive>
                         <manifestEntries>
-                            <Main-Class>io.github.benjaminsoelberg.jft.ClassDumper</Main-Class>
+                            <Main-Class>io.github.benjaminsoelberg.jft.Main</Main-Class>
                             <Agent-Class>io.github.benjaminsoelberg.jft.ClassDumper</Agent-Class>
                             <Can-Retransform-Classes>true</Can-Retransform-Classes>
                         </manifestEntries>

src/main/java/io/github/benjaminsoelberg/jft/ClassDumper.java

@@ -1,13 +1,9 @@
 package io.github.benjaminsoelberg.jft;
 
-import com.sun.tools.attach.VirtualMachine;
-
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.lang.instrument.Instrumentation;
-import java.net.URL;
-import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
 import java.util.Comparator;
 import java.util.jar.JarOutputStream;
@@ -18,66 +14,78 @@ public class ClassDumper {
     // Public and non-final for testing purposes only.
     public static String TEST_AGENT_CMD_LINE = null;
 
-    public static final int DUMP_BATCH_SIZE = 500;
+    public static final int DUMP_BATCH_SIZE = 50;
 
+    @SuppressWarnings("ReassignedVariable")
     public static void agentmain(String cmdline, Instrumentation instrumentation) throws Exception {
+        /* Stage 0: Override command line options if running a unit test */
         // We are unable to parse arguments to agentmain while running unit test, hence this inject-hook
         if (TEST_AGENT_CMD_LINE != null) {
             cmdline = TEST_AGENT_CMD_LINE;
         }
 
+        /* Stage 1: decode options */
         String[] args = Utils.decodeArgs(cmdline);
         Options options = new Options(args);
 
-        Report report = new Report(getHeader(), options.isVerbose(), options.isLogToStdErr());
+        /* Stage 2: initialize report */
+        Report report = new Report(Utils.getVersionHeader(), options.isVerbose(), options.isLogToStdErr());
         report.println("Agent loaded with options: %s%n", String.join(" ", args));
 
+        /* Stage 3: query all loaded classes */
         report.println("Querying classes...");
         Class<?>[] classes = getAllLoadedClasses(instrumentation, options);
         report.println("");
 
-        // The transformer could (as a side effect by the JVM) be called with classes not in the list which is why we pass the filtered classes to it as well
+        /* Stage 4: initialize transformer */
+        // The transformer could (as a side effect) be called with classes not in the list which is why we pass the filtered classes list
         Transformer dumper = new Transformer(report, classes);
 
         if (classes.length > 0) {
+            /* Stage 5: add transformer */
             report.println("%d classes found.%n", classes.length);
             instrumentation.addTransformer(dumper, true);
 
-            report.println("Dumping started...");
+            /* Stage 6: dump all classes in filtered list */
+            report.println("Dumping classes...");
             // Invoke the transformer and remove it when filtered classes are processed
             try {
                 retransformClasses(instrumentation, classes, report);
             } finally {
                 instrumentation.removeTransformer(dumper);
             }
-        } else {
-            report.println("WARNING: No classes found, bad filter ?%n");
-        }
-        report.println("");
+            report.println("");
 
-        // Validate that no exceptions were generated during the dump process
-        if (dumper.getLastException() != null) {
-            report.println("WARNING: One or more transformer exceptions occurred while dumping classes.");
-            report.dump(dumper.getLastException());
+            /* Stage 7: dump class loader & class tree */
+            report.println("Class loader & class tree...");
+            //TODO: Print tree
+//            ClassTree classTree1 = new ClassTree(dumper.getClassInfos());
+//            classTree = classTree1.getRoot();
             report.println("");
+        } else {
+            report.println("WARNING: No classes found, bad filter ?%n");
         }
 
-        File destination = new File(options.getDestination());
-
+        /* Stage 8: create the jar */
         report.println("Creating jar...");
+        File destination = new File(options.getDestination());
         try (JarOutputStream jar = new JarOutputStream(new FileOutputStream(destination))) {
-            dumper.getClassInfos().entrySet().stream().sorted(Comparator.comparing(o -> o.getKey().getName())).forEach(entry -> {
-                Class<?> clazz = entry.getKey();
-                byte[] bytecode = entry.getValue();
-                try {
-                    report.dump(clazz, bytecode);
-                    writeZipEntry(jar, Utils.toNativeClassName(clazz.getName()) + ".class", bytecode);
-                } catch (IOException e) {
-                    throw new RuntimeException(e);
-                }
-            });
-            writeZipEntry(jar, "report.txt", report.generate().getBytes(StandardCharsets.UTF_8));
+
+            ClassTree.Node root = dumper.getClassTree().getRoot();
+            String base = Utils.toClassLoaderName(root.getLoader()) + "/";
+            addNodeToJar(jar, report, root, base);
+
+            // Validate that no exceptions were generated during the dump process and if so display it last in the report
+            if (dumper.getLastException() != null) {
+                report.println("WARNING: One or more transformer exceptions occurred while dumping classes.");
+                report.dump(dumper.getLastException());
+                report.println("");
+            }
+
+            writeZipEntry(jar, "report.txt", Utils.fromUtf8String(report.generate()));
         }
+
+        /* Stage 9: finalize the dump */
         report.println("%nDumped classes, including report.txt, can be found in: %s", options.getDestination());
     }
 
@@ -98,7 +106,16 @@ private static void retransformClasses(Instrumentation instrumentation, Class<?>
             try {
                 // Transform the full batch in one go, and if this throws an exception some classes may have been dumped but we deduplicate later on.
                 instrumentation.retransformClasses(batch);
+            } catch (ClassFormatError cfe) {
+                System.out.println(cfe.getMessage());
+                System.out.println(cfe.getLocalizedMessage());
+                System.out.println(cfe.getCause());
+                Arrays.stream(cfe.getSuppressed()).forEach(throwable -> throwable.printStackTrace());
+                cfe.printStackTrace();
+                System.exit(1);
             } catch (Throwable ignored) {
+                ignored.printStackTrace();
+
                 // Transform classes one-by-one if batch transformation failed
                 for (Class<?> clazz : batch) {
                     try {
@@ -111,82 +128,24 @@ private static void retransformClasses(Instrumentation instrumentation, Class<?>
         }
     }
 
-
-    private static void writeZipEntry(JarOutputStream jar, String name, byte[] data) throws IOException {
-        jar.putNextEntry(new ZipEntry(name));
-        jar.write(data);
-    }
-
-    @SuppressWarnings("ConcatenationWithEmptyString")
-    private static String getHeader() {
-        return "" +
-                "---------------------------------------------------------%n" +
-                "--> Java Forensics Toolkit v1.1.0 by Benjamin Sølberg <--%n" +
-                "---------------------------------------------------------%n" +
-                "https://github.com/BenjaminSoelberg/JavaForensicsToolkit%n%n";
-    }
-
-    private static void showUsage() {
-        System.out.println("usage: java -jar JavaForensicsToolkit.jar [-v] [-e] [-d destination.jar] [-s] [-p] [-f filter]... [-x] <pid>");
-        System.out.println();
-        System.out.println("options:");
-        System.out.println("-v\tverbose agent logging");
-        System.out.println("-e\tagent will log to stderr instead of stdout");
-        System.out.println("-d\tjar file destination of dumped classes");
-        System.out.println("\tRelative paths will be relative with respect to the target process.");
-        System.out.println("\tA jar file in temp will be generated if no destination was provided.");
-        System.out.println("-s\tignore system class loader (like java.lang.String)");
-        System.out.println("-p\tignore platform class loader (like system extensions)");
-        System.out.println("-f\tregular expression class name filter");
-        System.out.println("\tCan be specified multiple times.");
-        System.out.println("-x\texclude classes matching the filter");
-        System.out.println("pid\tprocess id of the target java process");
-        System.out.println();
-        System.out.println("example:");
-        System.out.println("java -jar JavaForensicsToolkit.jar -d dump.jar -f 'java\\\\..*' -f 'sun\\\\..*' -f 'jdk\\\\..*' -f 'com\\\\.sun\\\\..*' -x 123456");
-    }
-
-    /**
-     * Get the absolut file location of the jar embedding this class
-     *
-     * @return absolut file location of jar
-     */
-    private static String getJarLocation() {
-        URL url = ClassDumper.class.getProtectionDomain().getCodeSource().getLocation();
-        String file = url.getFile();
-        if (url.getProtocol().equals("file") && file.startsWith("/") && file.endsWith(".jar")) {
-            return file;
-        }
-        return null;
-    }
-
-    public static void main(String[] args) throws Exception {
-        System.out.printf(getHeader());
-        String absolutJarLocation = getJarLocation();
-        if (args.length < 1 || absolutJarLocation == null) {
-            showUsage();
-            System.exit(1);
-        }
-
-        // We pre-parse the command line to be sure that it is syntactically correct prior to sending it to agentmain
-        Options options = new Options(args);
-
-        String pid = options.getPid();
-        System.out.println("Injecting agent into JVM with pid: " + pid);
-        VirtualMachine vm = VirtualMachine.attach(pid);
-        try {
-            System.out.println("Dumping classes to: " + options.getDestination());
-            String[] cmdLine = options.getArgs();
-            vm.loadAgent(absolutJarLocation, Utils.encodeArgs(cmdLine));
-        } finally {
+    private static void addNodeToJar(JarOutputStream jar, Report report, ClassTree.Node node, String base) {
+        node.getClasses().forEach((clazz, bytecode) -> {
             try {
-                vm.detach();
-            } catch (IOException ioe) {
-                System.out.println("Unable to detach from process");
+                report.dump(clazz, bytecode);
+                writeZipEntry(jar, base + Utils.toNativeClassName(clazz.getName()) + ".class", bytecode);
+            } catch (IOException e) {
+                throw new RuntimeException(String.format("Failed to add %s with size %d to jar", clazz.getName(), bytecode.length), e);
             }
+        });
+
+        for (ClassTree.Node child : node.getChildren()) {
+            addNodeToJar(jar, report, child, base + Utils.toClassLoaderName(child.getLoader()) + "/");
         }
+    }
 
-        System.out.println("Done");
+    private static void writeZipEntry(JarOutputStream jar, String name, byte[] data) throws IOException {
+        jar.putNextEntry(new ZipEntry(name));
+        jar.write(data);
     }
 
 }

src/main/java/io/github/benjaminsoelberg/jft/ClassTree.java

@@ -0,0 +1,80 @@
+package io.github.benjaminsoelberg.jft;
+
+import java.util.*;
+import java.util.stream.Collectors;
+
+public final class ClassTree {
+    private final Map<ClassLoader, Node> root = new HashMap<>();
+
+    public static class Node {
+        private final ClassLoader loader;
+        private final List<Node> children = new ArrayList<>();
+        private final Map<Class<?>, byte[]> classes = new HashMap<>();
+
+        public Node(ClassLoader loader) {
+            this.loader = loader;
+        }
+
+        public void add(Node node) {
+            children.add(node);
+        }
+
+        public void add(Class<?> clazz, byte[] bytecode) {
+            // "putIfAbsent" ensures uniqueness
+            classes.putIfAbsent(clazz, bytecode);
+        }
+
+        public ClassLoader getLoader() {
+            return loader;
+        }
+
+        public List<Node> getChildren() {
+            return children;
+        }
+
+        public Map<Class<?>, byte[]> getClasses() {
+            return classes.entrySet()
+                    .stream()
+                    .sorted(Map.Entry.comparingByKey(Comparator.comparing(Class::getName)))
+                    .collect(Collectors.toMap(
+                            Map.Entry::getKey,
+                            Map.Entry::getValue,
+                            (a, b) -> a, // Dummy merge
+                            LinkedHashMap::new  // Preserve order
+                    ));
+        }
+    }
+
+    public ClassTree() {
+        // Create explicit bootstrap root
+        Node bootstrap = new Node(null);
+        root.put(null, bootstrap);
+    }
+
+    public synchronized void add(Class<?> clazz, byte[] bytecode) {
+        ClassLoader loader = clazz.getClassLoader();
+        Node node = ensureNode(loader);
+        node.add(clazz, bytecode);
+    }
+
+    private Node ensureNode(ClassLoader loader) {
+        if (root.containsKey(loader)) {
+            return root.get(loader);
+        }
+
+        Node node = new Node(loader);
+        root.put(loader, node);
+
+        if (loader != null) {
+            Node parent = ensureNode(loader.getParent());
+            parent.add(node);
+        }
+
+        return node;
+    }
+
+    public Node getRoot() {
+        return root.get(null);
+    }
+
+}

src/main/java/io/github/benjaminsoelberg/jft/Main.java

@@ -0,0 +1,73 @@
+package io.github.benjaminsoelberg.jft;
+
+import com.sun.tools.attach.VirtualMachine;
+
+import java.io.IOException;
+import java.net.URL;
+
+public class Main {
+
+    private static void showUsage() {
+        System.out.println("usage: java -jar JavaForensicsToolkit.jar [-v] [-e] [-d destination.jar] [-s] [-p] [-f filter]... [-x] <pid>");
+        System.out.println();
+        System.out.println("options:");
+        System.out.println("-v\tverbose agent logging");
+        System.out.println("-e\tagent will log to stderr instead of stdout");
+        System.out.println("-d\tjar file destination of dumped classes");
+        System.out.println("\tRelative paths will be relative with respect to the target process.");
+        System.out.println("\tA jar file in temp will be generated if no destination was provided.");
+        System.out.println("-s\tignore system class loader (like java.lang.String)");
+        System.out.println("-p\tignore platform class loader (like system extensions)");
+        System.out.println("-f\tregular expression class name filter");
+        System.out.println("\tCan be specified multiple times.");
+        System.out.println("-x\texclude classes matching the filter");
+        System.out.println("pid\tprocess id of the target java process");
+        System.out.println();
+        System.out.println("example:");
+        System.out.println("java -jar JavaForensicsToolkit.jar -d dump.jar -f 'java\\\\..*' -f 'sun\\\\..*' -f 'jdk\\\\..*' -f 'com\\\\.sun\\\\..*' -x 123456");
+    }
+
+    /**
+     * Get the absolut file location of the jar embedding this class
+     *
+     * @return absolut file location of jar
+     */
+    private static String getJarLocation() {
+        URL url = Main.class.getProtectionDomain().getCodeSource().getLocation();
+        String file = url.getFile();
+        if (url.getProtocol().equals("file") && file.startsWith("/") && file.endsWith(".jar")) {
+            return file;
+        }
+        return null;
+    }
+
+    public static void main(String[] args) throws Exception {
+        System.out.printf(Utils.getVersionHeader());
+        String absolutJarLocation = getJarLocation();
+        if (args.length < 1 || absolutJarLocation == null) {
+            showUsage();
+            System.exit(1);
+        }
+
+        // We pre-parse the command line to be sure that it is syntactically correct prior to sending it to agentmain
+        Options options = new Options(args);
+
+        String pid = options.getPid();
+        System.out.println("Injecting agent into JVM with pid: " + pid);
+        VirtualMachine vm = VirtualMachine.attach(pid);
+        try {
+            System.out.println("Dumping classes to: " + options.getDestination());
+            String[] cmdLine = options.getArgs();
+            vm.loadAgent(absolutJarLocation, Utils.encodeArgs(cmdLine));
+        } finally {
+            try {
+                vm.detach();
+            } catch (IOException ioe) {
+                System.out.println("Unable to detach from process");
+            }
+        }
+
+        System.out.println("Done");
+    }
+
+}