-1

I want to access memory locations currently used by Java variables. I plan to access these locations using C or another language, and I plan to change the location values.

The program which will access the Java program has no control over the program; it will do this task by searching the memory.

I need advice on how to write this second program.

enter image description here

DKG
  • 1,097
  • 2
  • 8
  • 14
  • You're going to need to reword this for readability. – JoshDM Feb 19 '13 at 17:52
  • Sorry My English is weak – DKG Feb 19 '13 at 17:53
  • 14
    This is one of those "what are you really trying to do" questions. Because modifying *any* program's data from outside that program is a bad way to do almost anything. – parsifal Feb 19 '13 at 17:53
  • @DKG Why don't you write it in Java (or Scala or other JVM language)? This way you will have access to all of Java objects (if you have the reference) – gaborsch Feb 19 '13 at 18:05
  • Actually I want to do some kind of hacking. So that the data being used by a java process is manipulated before being stored in database – DKG Feb 19 '13 at 18:09
  • 2
    Why would you want to do this? – Louis Wasserman Feb 19 '13 at 18:14
  • So you want to access the Java heapspace and auto-magically locate a given variable (a near impossible task in and of itself) edit it and have java pick it up being none-the-wiser? You could do a heap dump to get a bunch of raw unreadable data, but then the current stack frame that you're trying to spoof would not pick it up unless it was marked as volatile (i.e. it would have to know it was coming) In short, no there's no way to do this. Sorry! but if you're feeling masochistic: http://docs.oracle.com/javase/6/docs/jre/api/management/extension/com/sun/management/HotSpotDiagnosticMXBean.html – darkpbj Feb 19 '13 at 18:33
  • 1
    Hacking into another Java process that is not coded to cooperate and share it's local data is not possible. As with many other languages, most variables local to a method are allocated on the stack and may have a different address each time the method is executed. An object is resident in a random place in the heap. It is all designed to be resistant to the type of program you are attempting to code. – jalynn2 Feb 19 '13 at 18:35

3 Answers3

3

Parsifal has it right . . .

That said JNI is your answer. With JNI you can call C executables in java that handle all of the logic that you want to share memory. At that point it's just a matter of doing typical IPC between threads written in C.

This can be quick and dirty (and a pain to debug) but you can pass in the data as parameters without too much trouble, but prepare to do some multithreading.

Alternatively, you could use a JMS compliant messaging engine like ActiveMQ. You would serialize your data into some sort of message as it is available, and Java could then broadcast it to whomever is listening. (It could be 1000 clients, it could be 0--Java doesn't have to know about it) This will take some extra setup however. I believe at a minimum AMQ will be setting up a Jetty server local to do it's thing.

Lastly (as suggested in the comment below,) if your data is simple enough, you could always make a swap file (i.e. a plain old file to hold you data.) Just write your data out as it becomes available, and that way any other process with permissions could get to it provided it was not currently being written to.

darkpbj
  • 2,892
  • 4
  • 22
  • 32
  • But the original java program is **unaware** that other process is viewing its memory – DKG Feb 19 '13 at 18:06
  • Ah ha! and it doesn't have to be but you will need to be running multiple processes. (One for Java to do its thing, and another one to concurrently make the data available) Well how about this, you could also write your data out to a file as it becomes available, and that way anyone else with permissions could access it (given that it isn't currently being written to) – darkpbj Feb 19 '13 at 18:09
  • So I should write another java program using jni, It will call native functions that will manipulate the memory of first java process, right? – DKG Feb 19 '13 at 18:13
  • It really depends on what application your going for. Can you elaborate on what you're trying to accomplish? What kind of data? How much of it? – darkpbj Feb 19 '13 at 18:14
  • I have upload a pic for description – DKG Feb 19 '13 at 18:31
1

You are essentially wanting to write a debugger.

Java has a built-in debugging facility, called JPDA. However, normally the debugged process needs to be started with options that allow the debugger to attach. If you can do this, great.

The JMap program can attach to a running process. I haven't looked at it very deeply, but it appears that there is a way to load a debugging agent into that process through classes in the Sun Tools JAR. Of course, that only works with a Sun/Oracle JVM (or OpenJDK).

The third option is to step outside of the JVM altogether, and use a tool like gdb. To take this route, you'll need to understand the JVM implementation. I'm not sure how much debugging information is left in the distributed executable, but you might be able to identify an entry point once you're sufficiently familiar with the build.

Of course, the OS will enforce access rules, so if the process-to-be-hacked is running as another user and you're not the superuser, you're out of luck.

parsifal
  • 501
  • 2
  • 4
0

Edit:

I missed that the Java side of things had to be unaware of the memory access. For that case See https://stackoverflow.com/questions/5574241/interesting-uses-of-sun-misc-unsafe for how to get the raw addresses for JVM memory.

Community
  • 1
  • 1
JohnKlehm
  • 2,368
  • 15
  • 9