0.index

  1. reflect
  2. 0.index

反射越权

这里呢, 讲的反射, 并不是常用的反射, 而是一种更加猛的东西, UnsafeAccessor

我会在这里说出他的实现原理, 以及如何做到绝对越权.

通过 UnsafeAccessor, 我们能干, 一切能干的事情, Unsafe, 基本相当于 JVM 的 ROOT. 用得好封神, 用不好, 那就爆炸.

这篇文章, 将会讲述, 如何在不触发任何JVM警告的情况下, 获得 JVM 的 ROOT.

此篇文章不会触发以下任何警告.

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by .... (...) to ....
WARNING: Please consider reporting this to the maintainers of code.Code
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

java.lang.IllegalAccessError: class .... (in unnamed module @0xb4c966a) cannot access class jdk.internal.misc.Unsafe (in module java.base) because module java.base does not export jdk.internal.misc to unnamed module @0xb4c966a

完成越权所必须的权限:

("java.lang.RuntimePermission" "createClassLoader")
("java.lang.reflect.ReflectPermission" "suppressAccessChecks")
("java.lang.RuntimePermission" "accessSystemModules")
("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.access")
("java.lang.RuntimePermission" "accessDeclaredMembers")
("java.lang.reflect.ReflectPermission" "suppressAccessChecks")
("java.util.PropertyPermission" "jdk.proxy.debug" "read")
("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.access")
("java.lang.reflect.ReflectPermission" "suppressAccessChecks")
("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.access")
("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.module")
("java.lang.RuntimePermission" "accessClassInPackage.sun.nio.ch")
("java.lang.RuntimePermission" "accessClassInPackage.sun.reflect.annotation")
("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.reflect")
("java.lang.reflect.ReflectPermission" "suppressAccessChecks")
("java.lang.RuntimePermission" "getClassLoader")
("java.util.PropertyPermission" "jdk.proxy.ProxyGenerator.saveGeneratedFiles" "read")
("java.lang.reflect.ReflectPermission" "suppressAccessChecks")
("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.access")
("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.misc")

我们不探讨 Java8 或者更低版本, 因为 Java8 或者更低版本没有模块权限控制, 也不会输出警告, 没有任何必要需要在此处探讨.