virb3 / jvm-dump-proxy Goto Github PK

View Code? Open in Web Editor NEW

71.0 3.0 11.0 101 KB

A proxy DLL for Windows to dump JVM classes at JNI level

CMake 0.27% C++ 23.24% C 76.49%

jvm dump proxy classes security windows jni reverse-engineering dll

jvm-dump-proxy's Introduction

JVM Dump Proxy

A proxy DLL for Windows to dump JVM classes at JNI level.

Introduction

Some Java programs use reflection to hide their code by loading and executing classes dynamically. You can dump them from memory, but what if they are unloaded right after they execute? You could edit rt.jar and place a hook on various reflection methods. But what if the program uses the native class loading methods directly, bypassing any bytecode-level hooks?

This project aims to be a universal solution to all your dumping needs. By hooking at the lowest reliably accessible JNI level, it will dump all classes as they are being loaded.

Limitations

x64 only
Only hooks DefineClass*. It is possible to bypass this method by implementing your own class loader in JNI.

Usage

Download the latest release. Place version.dll in your Java bin directory, next to java.exe. You may want to use a separate Java installation so you don't affect all processes. On your desktop, create a new directory called JVMDUMP.

When you run any program with the modified Java installation, you will see a message box with the hooking result. Once you press OK, all loaded classes will be saved under the directory on your desktop.

FAQ

Q: I am getting Error 2
A: JVMDUMP is not accessible on your desktop
Q: But duplicate classes?
A: They will be appended with a number, nothing will be overwritten

Technical details

proxy.h, library.def

A simple proxy DLL implementation to inject into the JVM painlessly and reliably. For more information, check the references.

hook.cpp

Installs the hooks that redirect methods to our code. Powered by mhook.

dump.h

The class dumping logic.

parser.h

A fast and simple Java class parser. It will parse the class name of each hooked byte buffer and use it to save the file under the appropriate name.

Compilation

mingw-w64 7.0.0+
CMake 3.16+

References

If you would like to learn more about the proxy DLL technique, check out the base project PerfectProxyDLL
Control flow of findClass
JDK Classloader.c
JDK jvm.cpp

jvm-dump-proxy's People

Contributors

Stargazers

Watchers

Forkers

longjohncoder crackercat killvxk gavz hello-xbugs mmg1 xuan-tuyen prorok5247 0x7c3d7c lighting1986 pmatoso

jvm-dump-proxy's Issues

Unable to compile 32-bit version

This is an awesome tool, but I need this in 32-bit version. I tried to compile it with MinGW i686-7.3.0-release-posix-sjlj and CMake 3.23 but I am getting the following linker error:

cmake --build .
[ 71%] Built target mhook
[ 85%] Building CXX object CMakeFiles/version.dir/hook.cpp.obj
[100%] Linking CXX shared library version.dll
CMakeFiles\version.dir/objects.a(hook.cpp.obj):hook.cpp:(.text+0x2d): undefined reference to orig_GetFileVersionInfoA' CMakeFiles\version.dir/objects.a(hook.cpp.obj):hook.cpp:(.text+0x39): undefined reference to orig_GetFileVersionInfoByHandle'
CMakeFiles\version.dir/objects.a(hook.cpp.obj):hook.cpp:(.text+0x45): undefined reference to orig_GetFileVersionInfoExW' CMakeFiles\version.dir/objects.a(hook.cpp.obj):hook.cpp:(.text+0x51): undefined reference to orig_GetFileVersionInfoExA'
CMakeFiles\version.dir/objects.a(hook.cpp.obj):hook.cpp:(.text+0x5d): undefined reference to orig_GetFileVersionInfoSizeA' CMakeFiles\version.dir/objects.a(hook.cpp.obj):hook.cpp:(.text+0x69): undefined reference to orig_GetFileVersionInfoSizeExA'
CMakeFiles\version.dir/objects.a(hook.cpp.obj):hook.cpp:(.text+0x75): undefined reference to orig_GetFileVersionInfoSizeExW' CMakeFiles\version.dir/objects.a(hook.cpp.obj):hook.cpp:(.text+0x81): undefined reference to orig_GetFileVersionInfoSizeW'
CMakeFiles\version.dir/objects.a(hook.cpp.obj):hook.cpp:(.text+0x8d): undefined reference to orig_GetFileVersionInfoW' CMakeFiles\version.dir/objects.a(hook.cpp.obj):hook.cpp:(.text+0x99): undefined reference to orig_VerFindFileA'
CMakeFiles\version.dir/objects.a(hook.cpp.obj):hook.cpp:(.text+0xa5): undefined reference to orig_VerFindFileW' CMakeFiles\version.dir/objects.a(hook.cpp.obj):hook.cpp:(.text+0xb1): undefined reference to orig_VerInstallFileA'
CMakeFiles\version.dir/objects.a(hook.cpp.obj):hook.cpp:(.text+0xbd): undefined reference to orig_VerInstallFileW' CMakeFiles\version.dir/objects.a(hook.cpp.obj):hook.cpp:(.text+0xc9): undefined reference to orig_VerLanguageNameA'
CMakeFiles\version.dir/objects.a(hook.cpp.obj):hook.cpp:(.text+0xd5): undefined reference to orig_VerLanguageNameW' CMakeFiles\version.dir/objects.a(hook.cpp.obj):hook.cpp:(.text+0xe1): undefined reference to orig_VerQueryValueA'
CMakeFiles\version.dir/objects.a(hook.cpp.obj):hook.cpp:(.text+0xed): undefined reference to `orig_VerQueryValueW'
collect2.exe: error: ld returned 1 exit status
mingw32-make.exe[2]: *** [CMakeFiles\version.dir\build.make:101: version.dll] Error 1
mingw32-make.exe[1]: *** [CMakeFiles\Makefile2:99: CMakeFiles/version.dir/all] Error 2
mingw32-make.exe: *** [Makefile:135: all] Error 2

Any idea how to fix this ?

relocation truncated to fit: R_X86_64_32S against `.bss'

I get some problems when I try to compile vm-dump-proxy: CMakeFiles\version.dir/objects.a(hook.cpp.obj):D:/xxxx/jvm-dump-proxy-master/proxy.h:13:(.text+0x3f): relocation truncated to fit: R_X86_64_32S against .bss' ;CMakeFiles\version.dir/objects.a(hook.cpp.obj):D:/teng/jvm-dump-proxy-master/proxy.h:14:(.text+0x49): relocation truncated to fit: R_X86_64_32S against .bss'
all these problems aims to:

#define WRAPPER_GENFUNC(name)
FARPROC orig_##name;
extern "C" __declspec(naked) void ##name()
{
asm("jmp *orig"#name);
}
Look forward to receiving your immediate reply,thank you!