
利用反射hacking java程序

package chentao;

public class A
	private static String getPassword() {
		return "call the method!";

package chentao;

import java.lang.reflect.InvocationTargetException;

public class Test

	 * @param args
	 * @throws ClassNotFoundException 
	 * @throws InvocationTargetException 
	 * @throws IllegalAccessException 
	 * @throws IllegalArgumentException 
	public static void main(String[] args) throws ClassNotFoundException, IllegalArgumentException, IllegalAccessException, InvocationTargetException
		// ERROR
		/*String password = A.getPassword();
		System.out.println("I got it:" + password);*/
		Class cl = Class.forName("chentao.A");
		java.lang.reflect.Method[] m = cl.getDeclaredMethods();
		String password = (String) m[0].invoke(null, null);
		System.out.println("I got it:" + password);

I got it:call the method!*/

package chentao;

public class B
	public static final B singleton = new B("I'm the only instance of class B");
	private String name; 
	private B(String name) {
	    this.name = name;
	public String toString() {
	    return this.name;
package chentao;

package chentao;

import java.lang.reflect.InvocationTargetException;

public class TestB

	 * @param args
	 * @throws ClassNotFoundException 
	 * @throws InvocationTargetException 
	 * @throws IllegalAccessException 
	 * @throws IllegalArgumentException 
	 * @throws InstantiationException 
	public static void main(String[] args) throws ClassNotFoundException, IllegalArgumentException, IllegalAccessException, InvocationTargetException, InstantiationException
		Class cl = Class.forName("chentao.B");
		java.lang.reflect.Constructor[] c = cl.getDeclaredConstructors();
		B anotherB  = (B) c[0].newInstance(new Object[]{"Not anymore!!"});

	I'm the only instance of class B
	Not anymore!!

最后一个例子,Runtime类有一个private static field用来表示当前的runtime实例。我们首先获得当前的runtime实例并打印。然后,因为currentRuntime在class初始化时会被初始化,所以我们设置Runtime.currentRuntime静态域为null,为了验证这次修改,我们再次获取runtime实例并打印。最后,我们通过当前runtime实例调用dos命令dir试试看...
package chentao;

import java.lang.reflect.InvocationTargetException;

public class TestRuntime

	 * @param args
	 * @throws ClassNotFoundException 
	 * @throws InvocationTargetException 
	 * @throws IllegalAccessException 
	 * @throws IllegalArgumentException 
	 * @throws InstantiationException 
	public static void main(String[] args) throws Exception
		Runtime r = Runtime.getRuntime();
		System.out.println("Before: Runtime.getRuntime() yields " + r);

		Class cl = Class.forName("java.lang.Runtime");
		java.lang.reflect.Field f = cl.getDeclaredField("currentRuntime");
		f.set(null, null);
		r = Runtime.getRuntime();
		System.out.println("After: Runtime.getRuntime() yields " + r);
		r.exec("dir"); //raises NullPointerException!!


	 Before: Runtime.getRuntime() yields java.lang.Runtime@cac268
	 After: Runtime.getRuntime() yields null
	 Exception in thread "main" java.lang.NullPointerException
	       at Test.main(Test.java:59)



