java.lang.Class<\/code><\/strong>\uff1a\u8868\u793a\u7c7b\u7684\u5bf9\u8c61\u3002\u63d0\u4f9b\u4e86\u65b9\u6cd5\u6765\u83b7\u53d6\u7c7b\u7684\u5b57\u6bb5\u3001\u65b9\u6cd5\u3001\u6784\u9020\u51fd\u6570\u7b49\u3002<\/li>\n\n\n\njava.lang.reflect.Field<\/code><\/strong>\uff1a\u8868\u793a\u7c7b\u7684\u5b57\u6bb5\uff08\u5c5e\u6027\uff09\u3002\u63d0\u4f9b\u4e86\u8bbf\u95ee\u548c\u4fee\u6539\u5b57\u6bb5\u7684\u80fd\u529b\u3002<\/li>\n\n\n\njava.lang.reflect.Method<\/code><\/strong>\uff1a\u8868\u793a\u7c7b\u7684\u65b9\u6cd5\u3002\u63d0\u4f9b\u4e86\u8c03\u7528\u65b9\u6cd5\u7684\u80fd\u529b\u3002<\/li>\n\n\n\njava.lang.reflect.Constructor<\/code><\/strong>\uff1a\u8868\u793a\u7c7b\u7684\u6784\u9020\u51fd\u6570\u3002\u63d0\u4f9b\u4e86\u521b\u5efa\u5bf9\u8c61\u7684\u80fd\u529b\u3002<\/li>\n<\/ul>\n\n\n\n\u4e00\u822c\u6765\u8bf4\uff0c\u53cd\u5c04\u7684\u5de5\u4f5c\u6d41\u7a0b\u662f\uff1a\u83b7\u53d6Class\u5bf9\u8c61=>\u83b7\u53d6\u6210\u5458\u4fe1\u606f(\u901a\u8fc7Class\u83b7\u53d6\u5b57\u6bb5\u3001\u65b9\u6cd5\u3001\u6784\u9020\u51fd\u6570\u7b49)=>\u64cd\u4f5c\u6210\u5458(\u8bfb\u53d6\u6216\u8005\u4fee\u6539\u503c\u3001\u8c03\u7528\u65b9\u6cd5\u3001\u521b\u5efa\u5bf9\u8c61\u7b49)<\/p>\n\n\n\n
\u57fa\u672c\u64cd\u4f5c<\/h2>\n\n\n\n\u83b7\u53d6\u5bf9\u8c61<\/h3>\n\n\n\n
\u4e00\u5171\u6709\u4e09\u79cd\u65b9\u6cd5\u83b7\u53d6\u5bf9\u8c61\uff1a<\/p>\n\n\n\n
\n- \u901a\u8fc7\u7c7b\u7684\u5b57\u9762\u91cf\uff1a
Class<?> clazz = String.class;<\/code><\/li>\n\n\n\n- \u901a\u8fc7\u5bf9\u8c61\u5b9e\u4f8b\uff1a
String str = \"Hello\"; Class<?> clazz = str.getClass();<\/code><\/li>\n\n\n\n- \u901a\u8fc7
Class.forName()<\/code>\u65b9\u6cd5\uff1aClass<?> clazz = Class.forName(\"java.lang.String\");<\/code><\/li>\n<\/ul>\n\n\n\n\u4e09\u79cd\u65b9\u6cd5\u6709\u4ec0\u4e48\u5dee\u522b\u5462\uff1f<\/p>\n\n\n\n
\u5bf9\u4e8e\u7b2c\u4e00\u79cd\u65b9\u6cd5\uff0c\u5373\u901a\u8fc7\u7c7b\u7684\u5b57\u9762\u91cf\u83b7\u53d6\u5bf9\u8c61\u662f\u9700\u8981\u4f60\u7f16\u8bd1\u65f6\u5df2\u77e5\u7c7b(\u6bd4\u5982String\u7c7b)\uff0c\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528 .class<\/code> \u8bed\u6cd5\u83b7\u53d6 Class<\/code> \u5bf9\u8c61\u3002<\/p>\n\n\n\npackage chapter10;\n\npublic class Java05_Reflect_test {\n public static void main(String[] args) {\n Class<?> clazz = Test.class;\n System.out.println(\"Class obtained using .class: \" + clazz.getName());\n\n Class<?> clazz2 = String.class;\n System.out.println(\"Class obtained using .class: \" + clazz2.getName());\n }\n}\n\nclass Test {\n\n}<\/code><\/pre>\n\n\n\n![\"\"\/](\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\")
<\/div><\/figure>\n\n\n\n\u8fd9\u91cc\u6211\u7528\u4e86\u4e24\u79cd\u65b9\u6cd5\u83b7\u53d6Class\uff0c\u7b2c\u4e00\u79cd\u662f\u8fd9\u4e2a\u4ee3\u7801\u91cc\u5b9a\u4e49\u7684Test\u7c7b\uff0c\u7b2c\u4e8c\u79cd\u662f\u9ed8\u8ba4\u6709\u7684String\u7c7b\uff0c\u5bf9\u4e8e\u8fd9\u79cd\u6211\u4eec\u5df2\u7ecf\u52a0\u8f7d\uf9ba\u7684\u7c7b\uff0c\u53ea\u9700\u8981\u76f4\u63a5\u4f7f\u7528.class\u5373\u53ef\u83b7\u53d6Class\u3002<\/p>\n\n\n\n
\u800c\u5bf9\u4e8e\u7b2c\u4e8c\u79cd\u60c5\u51b5\uff0c\u6211\u4eec\u9700\u8981\u5df2\u7ecf\u6709\u4e00\u4e2a\u5bf9\u8c61\u5b9e\u4f8b\uff0c\u624d\u80fd\u4f7f\u7528.getClass()\u83b7\u53d6\u4ed6\u7684Class<\/p>\n\n\n\n
package chapter10;\n\npublic class Java05_Reflect_test {\n public static void main(String[] args) {\n String str = \"Hello, World!\";\n Class<?> clazz = str.getClass();\n System.out.println(\"Class obtained using getClass(): \" + clazz.getName());\n\n Test a = new Test();\n Class<?> clazz2 = a.getClass();\n System.out.println(\"Class obtained using getClass(): \" + clazz2.getName());\n }\n}\n\nclass Test {\n}<\/code><\/pre>\n\n\n\n<\/div><\/figure>\n\n\n\n\u53ef\u4ee5\u770b\u5230\u8fd9\u91cc\u6211\u540c\u6837\u7528\u4e86\u4e24\u79cd\u65b9\u6cd5\u83b7\u53d6\uff0c\u4e00\u79cd\u662f\u7528String str=xxx\u8fdb\u884c\u8d4b\u503c(\u8fd9\u4e2a\u5176\u5b9e\u76f8\u5f53\u4e8e\u7279\u6b8a\u7684String\u5b9e\u4f8b\u5316\u8fc7\u7a0b)\uff0c\u53e6\u4e00\u79cd\u662f\u628a\u6211\u4eec\u8fd9\u91cc\u5b9a\u4e49\u7684Test\u7c7b\u5b9e\u4f8b\u5316\u4e4b\u540e\u83b7\u53d6\u7684Class<\/p>\n\n\n\n
\u7b2c\u4e09\u79cd\u60c5\u51b5\u76f8\u5bf9\u6700\u7b80\u5355\uff0c\u5982\u679c\u4f60\u77e5\u9053\u67d0\u4e2a\u7c7b\u7684\u540d\u5b57\uff0c\u60f3\u83b7\u53d6\u5230\u8fd9\u4e2a\u7c7b\uff0c\u5c31\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528 forName \u6765\u83b7\u53d6\uff1a<\/p>\n\n\n\n
package chapter10;\n\npublic class Java05_Reflect_test {\n public static void main(String[] args) throws Exception {\n Class<?> clazz = Class.forName(\"java.lang.String\");\n System.out.println(\"Class obtained using Class.forName(): \" + clazz.getName());\n }\n}<\/code><\/pre>\n\n\n\n<\/div><\/figure>\n\n\n\n\u6bd4\u5982\u6211\u4eec\u77e5\u9053String\u7684\u5168\u540d\u662fjava.lang.String\uff0c\u5c31\u53ef\u4ee5\u7528Class.forName(\"java.lang.String\")<\/code>\u83b7\u53d6\u8fd9\u4e2aClass\uff0c\u53ef\u4ee5\u770b\u5230\u8fd9\u79cd\u65b9\u6cd5\u76f8\u5bf9\u800c\u8a00\u6700\u7b80\u5355\uff0c\u4ee3\u4ef7\u5c31\u662f\u5176\u4ed6\u4e24\u79cd\u65b9\u6cd5\u4e0d\u9700\u8981throws Exception\uff0c\u800c\u8fd9\u79cd\u65b9\u6cd5\u7531\u4e8e\u8fd0\u884c\u65f6\u53ef\u80fd\u627e\u4e0d\u5230\u6307\u5b9a\u7684\u7c7b\uff0c\u6240\u4ee5\u5fc5\u987b\u629b\u51fa\u5f02\u5e38\u3002<\/p>\n\n\n\n\u8fd9\u79cd\u52a8\u6001\u7684\u6267\u884c\u65b9\u6cd5\u4e5f\u4e3a\u6211\u4eec\u5b89\u5168\u4eba\u5458\u63d0\u4f9b\u4e86\u53ef\u4e58\u4e4b\u673a\uff0c\u5373\u4f7f\u4e0a\u4e0b\u6587\u4e2d\u53ea\u6709Integer\u7c7b\u578b\u7684\u6570\u5b57\uff0c\u6211\u4eec\u4e5f\u53ef\u4ee5\u901a\u8fc7\u53cd\u5c04\u83b7\u53d6\u53ef\u4ee5\u6267\ufa08\u547d\u4ee4\u7684Runtime\u7c7b\uff1a1.getClass().forName(\"java.lang.Runtime\")<\/code>\u3002(\u771f\u597d\uff0c\u6ca1\u6709\u8fd9\u4e9b\u52a8\u6001\u7684\u6267\u884c\u65b9\u5f0f\uff0c\u6211\u4eec\u5b89\u5168\u4eba\u5458\u5c31\u6ca1\u996d\u5403\u4e86)<\/p>\n\n\n\n\u5bf9\u4e8eforName\u5b9e\u9645\u4e0a\u6709\u4e24\u4e2a\u51fd\u6570\u91cd\u8f7d\uff1a<\/p>\n\n\n\n
\nClass.forName(className)<\/code><\/li>\n\n\n\nClass.forName(className, true, currentLoader<\/code>)<\/li>\n<\/ul>\n\n\n\n\u867d\u7136\u4e8c\u8005\u672c\u8d28\u4e0a\u5dee\u4e0d\u592a\u591a\uff0c\u4f46\u5176\u5b9e\u7b2c\u4e00\u79cd\u7528\u6cd5\u53ea\u662f\u7b2c\u4e8c\u79cd\u65b9\u6cd5\u7684\u4e00\u4e2a\u5c01\u88c5\uff0c\u4e5f\u5c31\u63a9\u76d6\u4e86\u4e0d\u5c11\u7684\u7ec6\u8282\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c forName \u7684\u7b2c\u4e00\u4e2a\u53c2\u6570\u662f\u7c7b\u540d\uff1b\u7b2c\u2f06\u4e2a\u53c2\u6570\u8868\u793a\u662f\u5426\u521d\u59cb\u5316\uff1b\u7b2c\u4e09\u4e2a\u53c2\u6570\u5c31\u662f ClassLoader(\u7c7b\u7684\u52a0\u8f7d\u5668)\u3002\u662f\u5426\u521d\u59cb\u5316\u8fd9\u4e2a\u53c2\u6570\u5176\u5b9e\u662f\u544a\u8bc9JVM\u662f\u5426\u6267\ufa08\u201d\u7c7b\u521d\u59cb\u5316\u201c\uff0c\u5728 forName \u7684\u65f6\u5019\uff0c\u6784\u9020\u51fd\u6570\u5e76\u4e0d\u4f1a\u6267\u884c\uff0c\u800c\u662f\u6267\u884c\u7c7b\u521d\u59cb\u5316\uff0c\u4e5f\u5c31\u662f\u4f1a\u6267\u884cstatic{}<\/code>\u9759\u6001\u5757\u91cc\u9762\u7684\u5185\u5bb9\u3002<\/p>\n\n\n\n\u8fd9\u6837\u8bf4\u8d77\u6765\u53ef\u80fd\u4f1a\u6709\u70b9\u62bd\u8c61\uff0c\u8fd9\u91cc\u8bb2\u8bb2Java\u7684\u4e09\u79cd\u4ee3\u7801\u5757\uff1a\u9759\u6001\u521d\u59cb\u5316\u5757\uff08static block\uff09<\/strong>\u3001\u5b9e\u4f8b\u521d\u59cb\u5316\u5757\uff08instance initializer block\uff09<\/strong> \u548c \u6784\u9020\u65b9\u6cd5\uff08constructor\uff09<\/strong>\uff0c\u5bf9\u4e8e\u4e0b\u9762\u7684\u4ee3\u7801\uff0c\u6267\u884c\u7ed3\u679c\u5982\u4e0b\uff1a<\/p>\n\n\n\npackage chapter10;\n\npublic class Java05_Reflect_test {\n public static void main(String[] args) throws Exception {\n new Test();\n }\n}\n\nclass Test {\n public Test() {\n System.out.println(\"\u6211\u662f\u6784\u9020\u65b9\u6cd5\");\n }\n\n static {\n System.out.println(\"\u6211\u662f\u9759\u6001\u521d\u59cb\u5316\u5757\");\n }\n\n {\n System.out.println(\"\u6211\u662f\u5b9e\u4f8b\u521d\u59cb\u5757\");\n }\n}<\/code><\/pre>\n\n\n\n<\/div><\/figure>\n\n\n\n\n- \u9759\u6001\u521d\u59cb\u5316\u5757\uff08
static {}<\/code>\uff09\u5728\u7c7b\u88ab\u52a0\u8f7d\u5230 JVM \u65f6\u6267\u884c\uff0c\u4ec5\u6267\u884c\u4e00\u6b21\uff0c\u53ea\u80fd\u8bbf\u95ee\u9759\u6001\u6210\u5458\uff0c\u540c\u65f6\u5728\u4efb\u4f55\u5bf9\u8c61\u521b\u5efa\u4e4b\u524d\u6267\u884c\u3002<\/li>\n\n\n\n- \u5b9e\u4f8b\u521d\u59cb\u5316\u5757\uff08
{}<\/code>\uff09\u6bcf\u6b21\u521b\u5efa\u5bf9\u8c61\u65f6\uff0c\u5728\u6784\u9020\u65b9\u6cd5\u4e4b\u524d\u6267\u884c\u3002<\/li>\n\n\n\n- \u6784\u9020\u65b9\u6cd5\uff08
public ClassName() {}<\/code>\uff09\u6bcf\u6b21\u521b\u5efa\u5bf9\u8c61\u65f6\uff0c\u5728\u5b9e\u4f8b\u521d\u59cb\u5316\u5757\u4e4b\u540e\u6267\u884c\u3002<\/li>\n<\/ul>\n\n\n\n\u800cforName\u7684\u8fd9\u4e2a\u53c2\u6570\u5c31\u662f\u63a7\u5236\u9759\u6001\u521d\u59cb\u5316\u5757\u7684\uff0c\u53ef\u4ee5\u770b\u5230\u5b83\u7684\u4f18\u5148\u7ea7\u975e\u5e38\u9ad8\uff0c\u5982\u679c\u6211\u4eec\u53ef\u4ee5\u7f16\u5199\u6076\u610f\u7c7b\uff0c\u5c31\u53ef\u4ee5\u628a\u6076\u610f\u4ee3\u7801\u653e\u5728static{}\u91cc\uff0c\u7136\u540e\u7528\u7b2c\u4e8c\u4e2a\u53c2\u6570\u76f4\u63a5\u5bf9\u8fd9\u4e2a\u7c7b\u8fdb\u884c\u8c03\u7528\uff0c\u6bd4\u5982\u6211\u4eec\u73b0\u5728\u518d\u6539\u52a8\u4e00\u4e0b\u4ee3\u7801\u770b\u770b\u6267\u884c\u7ed3\u679c\uff1a<\/p>\n\n\n\n
package chapter10;\n\npublic class Java05_Reflect_test {\n public static void main(String[] args) throws Exception {\n Class<?> clazz = Class.forName(\"chapter10.Test\");\n }\n}\n\nclass Test {\n public Test() {\n System.out.println(\"\u6211\u662f\u6784\u9020\u65b9\u6cd5\");\n }\n\n static {\n System.out.println(\"hacked by fushuling\");\n }\n\n {\n System.out.println(\"\u6211\u662f\u5b9e\u4f8b\u521d\u59cb\u5757\");\n }\n}<\/code><\/pre>\n\n\n\n<\/div><\/figure>\n\n\n\n\u521b\u5efa\u5bf9\u8c61<\/h3>\n\n\n\n
\u6211\u4eec\u53ef\u4ee5\u4f7f\u7528\u53cd\u5c04\u52a8\u6001\u521b\u5efa\u5bf9\u8c61\uff0c\u7528\u6cd5\u5c31\u662fClass<?> clazz = Class.forName(\"java.lang.String\");
Object obj = clazz.getDeclaredConstructor().newInstance();<\/code>\uff0c\u4e3b\u8981\u5c31\u662f\u83b7\u53d6Class\u4e4b\u540e\u8fdb\u884c\u4e00\u6b21newInstance<\/code><\/p>\n\n\n\npackage chapter10;\n\npublic class Java05_Reflect_test {\n public static void main(String[] args) throws Exception {\n Class<?> clazz = Class.forName(\"chapter10.Test\");\n Object obj = clazz.getDeclaredConstructor().newInstance();\n }\n}\n\nclass Test {\n public Test() {\n System.out.println(\"\u6211\u662f\u6784\u9020\u65b9\u6cd5\");\n }\n\n static {\n System.out.println(\"hacked by fushuling\");\n }\n\n {\n System.out.println(\"\u6211\u662f\u5b9e\u4f8b\u521d\u59cb\u5757\");\n }\n}<\/code><\/pre>\n\n\n\n<\/div><\/figure>\n\n\n\n\u53ef\u4ee5\u770b\u5230\u6211\u4eec\u628a\u4e09\u4e2a\u4ee3\u7801\u5757\u90fd\u89e6\u53d1\u4e86\uff0c\u548c\u4e4b\u524d\u76f4\u63a5new\u4e00\u4e2a\u5bf9\u8c61\u7684\u6267\u884c\u7ed3\u679c\u5dee\u4e0d\u591a\u3002<\/p>\n\n\n\n
\u5f53\u7136\uff0c\u6bd4\u5982\u5bf9\u4e8e\u4e00\u4e2aFushuling\u7c7b\uff0c\u5728\u6211\u4eec\u83b7\u53d6Class\u540e\uff0c\u6211\u4eec\u4e5f\u53ef\u4ee5\u901a\u8fc7Fushuling fushuling = (Fushuling) clazz.newInstance();<\/code>\u521b\u5efa\u5bf9\u8c61\u3002<\/p>\n\n\n\n\u8bbf\u95ee\u5b57\u6bb5<\/h3>\n\n\n\n
\u4e3b\u8981\u7684\u7528\u6cd5\u5982\u4e0b\uff1a<\/p>\n\n\n\n
\n- clazz.getField(String name)\uff1a\u83b7\u53d6\u516c\u6709\u5b57\u6bb5\uff08\u5305\u62ec\u7ee7\u627f\u7684\uff09<\/li>\n\n\n\n
- clazz.getDeclaredField(String name)\uff1a\u83b7\u53d6\u672c\u7c7b\u4e2d\u58f0\u660e\u7684\u5b57\u6bb5\uff08\u5305\u62ec\u79c1\u6709\u5b57\u6bb5\uff09<\/li>\n\n\n\n
- field.setAccessible(true)\uff1a\u5141\u8bb8\u8bbf\u95ee\u79c1\u6709\u5b57\u6bb5<\/li>\n\n\n\n
- field.get(Object obj)\uff1a\u83b7\u53d6\u5b57\u6bb5\u503c<\/li>\n\n\n\n
- field.set(Object obj, Object value)\uff1a\u8bbe\u7f6e\u5b57\u6bb5\u503c<\/li>\n<\/ul>\n\n\n\n
\u4ee3\u7801\u793a\u4f8b\u5982\u4e0b\uff1a<\/p>\n\n\n\n
package chapter10;\n\nimport java.lang.reflect.Field;\n\npublic class Java05_Reflect_test {\n public static void main(String[] args) throws Exception {\n \/\/ 1. \u83b7\u53d6 Class \u5bf9\u8c61\n Class<?> clazz = Class.forName(\"chapter10.Fushuling\");\n \/\/ 2. \u5b9e\u4f8b\u5316\n Fushuling fushuling = (Fushuling) clazz.newInstance();\n \/\/ === \u8bbf\u95ee\u516c\u6709\u5b57\u6bb5 ===\n Field publicField = clazz.getField(\"publicName\");\n System.out.println(\"Public Field Value: \" + publicField.get(fushuling));\n publicField.set(fushuling, \"yulate\");\n System.out.println(\"Updated Public Field Value: \" + publicField.get(fushuling));\n\n \/\/ === \u8bbf\u95ee\u79c1\u6709\u5b57\u6bb5 ===\n Field privateField = clazz.getDeclaredField(\"privateAge\");\n privateField.setAccessible(true); \/\/ \u5141\u8bb8\u8bbf\u95ee\u79c1\u6709\u5b57\u6bb5\n System.out.println(\"Private Field Value: \" + privateField.get(fushuling));\n privateField.set(fushuling, 25);\n System.out.println(\"Updated Private Field Value: \" + privateField.get(fushuling));\n }\n}\n\nclass Fushuling {\n public String publicName = \"fushuling\";\n private int privateAge = 20;\n}<\/code><\/pre>\n\n\n\n<\/div><\/figure>\n\n\n\n\u8c03\u7528\u65b9\u6cd5<\/h3>\n\n\n\n
\u5229\u7528\u53cd\u5c04\u8c03\u7528\u65b9\u6cd5\u7684\u6d41\u7a0b\u5927\u6982\u662f\uff1a<\/p>\n\n\n\n
\u83b7\u53d6 Class<\/code> => \u83b7\u53d6\u76ee\u6807 Method<\/code> \u5bf9\u8c61\uff08\u516c\u6709\u7528 getMethod<\/code>\uff0c\u79c1\u6709\u7528 getDeclaredMethod<\/code>\uff09=> \u8bbe\u7f6e\u53ef\u8bbf\u95ee\uff08\u79c1\u6709\u65b9\u6cd5\u8981 setAccessible(true)<\/code>\uff09=> \u4f7f\u7528 invoke()<\/code> \u8c03\u7528\u65b9\u6cd5<\/p>\n\n\n\n\n- clazz.getMethod(String name, Class\u2026 parameterTypes)\uff1a\u83b7\u53d6 \u516c\u6709\u65b9\u6cd5<\/strong>\uff08\u5305\u62ec\u7ee7\u627f\u7684\uff09\uff08\u6ce8\u610f\uff0c\u8fd9\u91cc\u7b2c\u4e00\u4e2a\u53c2\u6570\u662f\u65b9\u6cd5\u540d\uff0c\u540e\u9762\u7684\u53c2\u6570\u8868\u793a\u7684\u662f\u8fd9\u4e2a\u65b9\u6cd5\u4f20\u5165\u53c2\u6570\u7684\u7c7b\u578b\uff0c\u6bd4\u5982\u53c2\u6570\u662fString\u5c31\u662fString.class\uff09<\/li>\n\n\n\n
- clazz.getDeclaredMethod(String name, Class\u2026 parameterTypes)\uff1a\u83b7\u53d6 \u672c\u7c7b\u58f0\u660e\u7684\u65b9\u6cd5<\/strong>\uff08\u5305\u62ec\u79c1\u6709\u65b9\u6cd5\uff09<\/li>\n\n\n\n
- method.setAccessible(true)\uff1a\u5141\u8bb8\u8bbf\u95ee\u79c1\u6709\u65b9\u6cd5<\/li>\n\n\n\n
- method.invoke(Object obj, Object\u2026 args)\uff1a\u8c03\u7528\u65b9\u6cd5\uff0c\u7b2c\u4e00\u4e2a\u53c2\u6570\u662f\u5bf9\u8c61\uff0c\u540e\u9762\u662f\u4f20\u5165\u65b9\u6cd5\u7684\u53c2\u6570<\/li>\n<\/ul>\n\n\n\n
\u975e\u9759\u6001\u65b9\u6cd5\u7684\u8c03\u7528\u4f8b\u5b50\uff1a<\/p>\n\n\n\n
package chapter10;\n\nimport java.lang.reflect.Method;\n\npublic class Java05_Reflect_test {\n public static void main(String[] args) throws Exception {\n \/\/ 1. \u83b7\u53d6 Class \u5bf9\u8c61\n Class<?> clazz = Class.forName(\"chapter10.Fushuling\");\n \/\/ 2. \u5b9e\u4f8b\u5316\n Fushuling fushuling = (Fushuling) clazz.newInstance();\n\n \/\/\u8c03\u7528\u516c\u6709\u65b9\u6cd5 sayHello\n Method publicMethod = clazz.getMethod(\"sayHello\", String.class);\n publicMethod.invoke(fushuling, \"yulate\");\n\n \/\/\u8c03\u7528\u79c1\u6709\u65b9\u6cd5 add\n Method privateMethod = clazz.getDeclaredMethod(\"add\", int.class, int.class);\n privateMethod.setAccessible(true); \/\/ \u5141\u8bb8\u8bbf\u95ee\u79c1\u6709\u65b9\u6cd5\n int result = (int) privateMethod.invoke(fushuling, 5, 7);\n System.out.println(\"Result of add: \" + result);\n }\n}\n\nclass Fushuling {\n public void sayHello(String name) {\n System.out.println(\"Hello, \" + name);\n }\n\n private int add(int a, int b) {\n return a + b;\n }\n}<\/code><\/pre>\n\n\n\n<\/div><\/figure>\n\n\n\n\u8c03\u7528\u9759\u6001\u65b9\u6cd5\uff08\u8fd9\u91cc\u6211\u4eec\u5c31\u4e0d\u9700\u8981\u5b9e\u4f8b\u5316\u5bf9\u8c61\u4e86\uff0c\u76f4\u63a5\u5bf9\u7c7b\u64cd\u4f5c\uff09\uff1a<\/p>\n\n\n\n
package chapter10;\n\nimport java.lang.reflect.Method;\n\npublic class Java05_Reflect_test {\n public static void main(String[] args) throws Exception {\n \/\/\u8c03\u7528\u9759\u6001\u65b9\u6cd5 echo\n Method staticMethod = Fushuling.class.getMethod(\"echo\", String.class);\n String echoed = (String) staticMethod.invoke(null, \"yulate\u597d\u5e05\");\n System.out.println(echoed); \/\/ Echo: Hi\n }\n}\n\nclass Fushuling {\n public static String echo(String input) {\n return \"Echo: \" + input;\n }\n}<\/code><\/pre>\n\n\n\n<\/div><\/figure>\n\n\n\n\u5982\u679c\u65b9\u6cd5\u662f\u9759\u6001\u65b9\u6cd5\uff0cinvoke()<\/code> \u7684\u7b2c\u4e00\u4e2a\u53c2\u6570\u53ef\u4ee5\u4f20 null<\/code>\uff0c\u6bd5\u7adf\u8fd9\u4e2a\u65f6\u5019\u6211\u4eec\u4e5f\u6ca1\u6709\u5177\u4f53\u7684\u5bf9\u8c61\u3002<\/p>\n\n\n\n\u8fd9\u91cc\u4f60\u53ef\u80fd\u5df2\u7ecf\u8feb\u4e0d\u53ca\u5f85\uff0c\u60f3\u901a\u8fc7\u53cd\u5c04\u6267\u884c\u547d\u4ee4\u4e86\uff0c\u4f60\u53ef\u80fd\u4f1a\u6309\u7167\u4e0a\u9762\u7684\u683c\u5f0f\u5199\u51fa\u4e0b\u9762\u7684\u4ee3\u7801\uff1a<\/p>\n\n\n\n
package chapter10;\n\npublic class Java05_Reflect_test {\n public static void main(String[] args) throws Exception {\n Class clazz = Class.forName(\"java.lang.Runtime\");\n clazz.getMethod(\"exec\", String.class).invoke(clazz.newInstance(), \"id\");\n }\n}<\/code><\/pre>\n\n\n\n\u4e00\u8fd0\u884c\u5c31\u62a5\u9519\u4e86\uff1a<\/p>\n\n\n\n<\/div><\/figure>\n\n\n\n\u9519\u56e0\u4e5f\u5199\u7684\u5f88\u660e\u663e\uff0c\u5c31\u662f\u8fd9\u4e2aRuntime \u7c7b\u7684\u6784\u9020\u65b9\u6cd5\u662f\u79c1\u6709\u7684\uff0c\u8fd9\u91cc\u6d89\u53ca\u5230\u5355\u4f8b\u6a21\u5f0f\u7684\u95ee\u9898\uff0c\u5728\u5355\u4f8b\u6a21\u5f0f\u4e0b\u4e00\u4e2a\u7c7b\u5728\u6574\u4e2a\u5e94\u7528\u4e2d\u53ea\u80fd\u6709\u4e00\u4e2a\u5b9e\u4f8b\uff0c\u800c\u4e14\u63d0\u4f9b\u4e00\u4e2a\u5168\u5c40\u8bbf\u95ee\u70b9\uff0c\u597d\u5904\u5c31\u662f\u8282\u7701\u8d44\u6e90\uff08\u53ea\u521b\u5efa\u4e00\u6b21\uff09\u5e76\u4e14\u65b9\u4fbf\u5168\u5c40\u7ba1\u7406\uff0c\u56e0\u6b64\u4e0d\u5141\u8bb8\u5916\u90e8\u968f\u4fbf new \u3002<\/p>\n\n\n\n
\u6240\u4ee5\u8fd9\u91cc\u53ea\u80fd\u901a\u8fc7 Runtime.getRuntime() \u6765\u83b7\u53d6\u5230 Runtime \u5bf9\u8c61\u7136\u540e\u624d\u80fdinvoke\u6211\u4eec\u60f3\u8981\u7684exec\u51fd\u6570\uff1a<\/p>\n\n\n\n
package chapter10;\n\npublic class Java05_Reflect_test {\n public static void main(String[] args) throws Exception {\n\/\/ Class clazz = Class.forName(\"java.lang.Runtime\");\n\/\/ clazz.getMethod(\"exec\", String.class).invoke(clazz.newInstance(), \"id\");\n\n Class clazz = Class.forName(\"java.lang.Runtime\");\n clazz.getMethod(\"exec\", String.class).invoke(clazz.getMethod(\"getRuntime\").invoke(clazz), \"calc.exe\");\n }\n}<\/code><\/pre>\n\n\n\n<\/div>\u6211\u53bb\uff01\u6211\u7535\u8111\u5f39\u8ba1\u7b97\u5668\u4e86\uff01<\/figcaption><\/figure>\n\n\n\n\u8fd8\u539f\u4ee3\u7801\uff0c\u5176\u5b9e\u5c31\u662f\uff1a<\/p>\n\n\n\n
package chapter10;\n\nimport java.lang.reflect.Method;\n\npublic class Java05_Reflect_Test_Expanded {\n public static void main(String[] args) throws Exception {\n \/\/ 1. \u83b7\u53d6 Runtime \u7c7b\u7684 Class \u5bf9\u8c61\n Class<?> runtimeClass = Class.forName(\"java.lang.Runtime\");\n\n \/\/ 2. \u83b7\u53d6 getRuntime() \u65b9\u6cd5\u5bf9\u8c61\uff08\u8fd9\u662f\u4e00\u4e2a\u9759\u6001\u65b9\u6cd5\uff09\n Method getRuntimeMethod = runtimeClass.getMethod(\"getRuntime\");\n\n \/\/ 3. \u8c03\u7528 getRuntime() \u9759\u6001\u65b9\u6cd5\uff0c\u83b7\u53d6 Runtime \u5b9e\u4f8b\n Object runtimeInstance = getRuntimeMethod.invoke(null); \/\/ \u56e0\u4e3a\u662f\u9759\u6001\u65b9\u6cd5\uff0c\u6240\u4ee5\u4f20 null\n\n \/\/ 4. \u83b7\u53d6 exec(String command) \u65b9\u6cd5\u5bf9\u8c61\n Method execMethod = runtimeClass.getMethod(\"exec\", String.class);\n\n \/\/ 5. \u8c03\u7528 exec \u65b9\u6cd5\uff0c\u6267\u884c\u7cfb\u7edf\u547d\u4ee4 \"calc.exe\"\n execMethod.invoke(runtimeInstance, \"calc.exe\");\n }\n}<\/code><\/pre>\n\n\n\n\u8fd9\u91cc\u5176\u5b9e\u6709\u4e24\u4e2a\u95ee\u9898\uff1a<\/p>\n\n\n\n
\n- \u5982\u679c\u4e00\u4e2a\u7c7b\u6ca1\u6709\u65e0\u53c2\u6784\u9020\u65b9\u6cd5\uff0c\u4e5f\u6ca1\u6709\u7c7b\u4f3c\u5355\u4f8b\u6a21\u5f0f\u91cc\u7684\u9759\u6001\u65b9\u6cd5\uff0c\u6211\u4eec\u600e\u6837\u901a\u8fc7\u53cd\u5c04\u5b9e\u4f8b\u5316\u8be5\u7c7b\u5462\uff1f<\/li>\n\n\n\n
- \u5982\u679c\u4e00\u4e2a\u65b9\u6cd5\u6216\u6784\u9020\u65b9\u6cd5\u662f\u79c1\u6709\u65b9\u6cd5\uff0c\u6211\u4eec\u662f\u5426\u80fd\u6267\u884c\u5b83\u5462\uff1f<\/li>\n<\/ul>\n\n\n\n
\u95ee\u9898\u4e00\u7684\u89e3\u51b3\u529e\u6cd5<\/h4>\n\n\n\n
\u5bf9\u4e8e\u95ee\u9898\u4e00\uff0c\u6211\u4eec\u9700\u8981\u4f7f\u7528getConstructor\uff0cgetConstructor \u63a5\u6536\u7684\u53c2\u6570\u662f\u6784\u9020\u51fd\u6570\u5217\u8868\u7c7b\u578b\uff0c\u56e0\u4e3a\u6784\u9020\u51fd\u6570\u4e5f\u652f\u6301\u91cd\u8f7d\uff0c\u6240\u4ee5\u5fc5\u987b\u7528\u53c2\u6570\u5217\u8868\u7c7b\u578b\u624d\u80fd\u552f\u4e00\u786e\u5b9a\u4e00\u4e2a\u6784\u9020\u51fd\u6570\u3002\u83b7\u53d6\u5230\u6784\u9020\u51fd\u6570\u540e\uff0c\u6211\u4eec\u518d\u4f7f\u7528 newInstance \u6765\u6267\u884c\uff0c\u6bd4\u5982\u5229\u7528ProcessBuilder\u6267\u884c\u547d\u4ee4\u7684\u4f8b\u5b50\uff1a<\/p>\n\n\n\n
Class clazz = Class.forName(\"java.lang.ProcessBuilder\");\n ((ProcessBuilder) clazz.getConstructor(List.class).newInstance(Arrays.asList(\"calc.exe\"))).start();<\/code><\/pre>\n\n\n\nProcessBuilder\u6709\u4e24\u4e2a\u6784\u9020\u51fd\u6570\uff1a<\/p>\n\n\n\n
\n- public ProcessBuilder(List<String> command)<\/li>\n\n\n\n
- public ProcessBuilder(String\u2026 command)<\/li>\n<\/ul>\n\n\n\n
\u4e0a\u9762\u7684\u4f8b\u5b50\u5176\u5b9e\u4f7f\u7528\u7684\u662f\u7b2c\u4e00\u4e2a\u4f8b\u5b50\uff0c\u4f20\u5165\u7684\u662fList.class\uff0c\u4e0d\u8fc7\u4e0a\u9762\u7684payload\u4f7f\u7528\u4e86java\u7684\u5f3a\u5236\u7c7b\u578b\u8f6c\u6362\uff0c\u5982\u679c\u76ee\u6807\u6ca1\u6709\u8fd9\u79cd\u8bed\u6cd5\uff0c\u5c31\u8fd8\u5f97\u4e0a\u53cd\u5c04\u4e86\uff1a<\/p>\n\n\n\n
Class clazz = Class.forName(\"java.lang.ProcessBuilder\");\n clazz.getMethod(\"start\").invoke(clazz.getConstructor(List.class).newInstance(Arrays.asList(\"calc.exe\")));<\/code><\/pre>\n\n\n\n\u5148\u901a\u8fc7 getMethod(“start”) \u83b7\u53d6\u5230start\u65b9\u6cd5\uff0c\u7136\u540e invoke \u6267\u884c\uff0c invoke \u7684\u7b2c\u4e00\u4e2a\u53c2\u6570\u5c31\u662fProcessBuilder Object<\/p>\n\n\n\n
package chapter10;\n\nimport java.util.Arrays;\nimport java.util.List;\n\npublic class Java05_Reflect_test {\n public static void main(String[] args) throws Exception {\n Class clazz = Class.forName(\"java.lang.ProcessBuilder\");\n clazz.getMethod(\"start\").invoke(clazz.getConstructor(List.class).newInstance(Arrays.asList(\"calc.exe\")));\n }\n}<\/code><\/pre>\n\n\n\n<\/div><\/figure>\n\n\n\n\u5982\u679c\u60f3\u901a\u8fc7\u7b2c\u4e8c\u79cd\u6784\u9020\u51fd\u6570\u5b9e\u73b0RCE\uff0c\u8fd9\u91cc\u5c31\u9700\u8981\u7528\u5230\u53ef\u53d8\u957f\u53c2\u6570\u4e86\uff0c\u7528...<\/code>\u8868\u793a\u53c2\u6570\u53ef\u53d8\uff0c\u800c\u7531\u4e8e\u7f16\u8bd1\u65f6\u53ef\u53d8\u957f\u53c2\u6570\u5176\u5b9e\u4f1a\u88ab\u7f16\u8bd1\u6210\u6570\u7ec4\uff0c\u6240\u4ee5String[]\u548cString…\u5176\u5b9e\u6ca1\u6709\u4ec0\u4e48\u5dee\u522b\uff0c\u56e0\u6b64\u6211\u4eec\u53ef\u4ee5\u628apayload\u6539\u5199\u6210\uff1a<\/p>\n\n\n\npackage chapter10;\n\npublic class Java05_Reflect_test {\n public static void main(String[] args) throws Exception {\n Class clazz = Class.forName(\"java.lang.ProcessBuilder\");\n ((ProcessBuilder) clazz.getConstructor(String[].class).newInstance(new String[][]{{\"calc.exe\"}})).start();\n }\n}<\/code><\/pre>\n\n\n\n<\/div><\/figure>\n\n\n\n\u95ee\u9898\u4e8c\u7684\u89e3\u51b3\u529e\u6cd5<\/h4>\n\n\n\n
\u8fd9\u91cc\u5176\u5b9e\u5f88\u5bb9\u6613\u60f3\u5230\uff0c\u6211\u4eec\u76f4\u63a5\u7528setAccessible\u628a\u4e4b\u524d\u4e0d\u80fd\u8bbf\u95ee\u7684\u65b9\u6cd5\u8bbe\u7f6e\u6210\u53ef\u8bbf\u95ee\u5c31\u884c\u4e86<\/p>\n\n\n\n
package chapter10;\n\nimport java.lang.reflect.Constructor;\n\npublic class Java05_Reflect_test {\n public static void main(String[] args) throws Exception {\n Class clazz = Class.forName(\"java.lang.Runtime\");\n Constructor m = clazz.getDeclaredConstructor();\n m.setAccessible(true);\n clazz.getMethod(\"exec\", String.class).invoke(m.newInstance(), \"calc.exe\");\n }\n}<\/code><\/pre>\n\n\n\n\u503c\u5f97\u6ce8\u610f\u7684\u662f\uff0c\u8fd9\u6837\u7684\u5199\u6cd5\u5728 Java 9 \u4e4b\u540e\u9ed8\u8ba4\u4f1a\u629b\u51fa\u62a5\u9519\uff1a<\/p>\n\n\n\n
Unable to make private java.lang.Runtime() accessible<\/code><\/pre>\n\n\n\n\u770b\u6765\u5b98\u65b9\u4e5f\u662f\u6709\u8111\u5b50\u7684\uff0c\u90fdprivate\u4e86\u600e\u4e48\u8fd8\u80fd\u8ba9\u4f60\u968f\u4fbf\u8bbf\u95ee\uff0c\u4e0d\u8fc7\u6211\u4eec\u4ecd\u7136\u53ef\u4ee5\u5728java 9\u4e2d\u52a0 VM \u53c2\u6570\uff1a--add-opens java.base\/java.lang=ALL-UNNAMED<\/code> \u6765\u4e34\u65f6\u7ed5\u8fc7\uff0c\u6240\u4ee5\u5176\u5b9e\u4e5f\u6ca1\u5565\u7528\u3002<\/p>\n\n\n\nRMI<\/h1>\n\n\n\n
RMI\uff08Remote Method Invocation\uff09<\/strong> \u662f Java \u7684\u4e00\u79cd\u673a\u5236\uff0c\u5141\u8bb8\u4e00\u4e2a Java \u5bf9\u8c61\u8c03\u7528\u53e6\u4e00\u4e2a Java \u865a\u62df\u673a\uff08JVM\uff09\u4e0a\u7684\u5bf9\u8c61\u7684\u65b9\u6cd5\uff0c\u5c31\u50cf\u672c\u5730\u8c03\u7528\u4e00\u6837\u3002\u6362\u53e5\u8bdd\u8bf4\uff0c\u5b83\u652f\u6301 \u8de8\u7f51\u7edc\u7684\u5bf9\u8c61\u65b9\u6cd5\u8c03\u7528<\/strong>\u3002<\/p>\n\n\n\n\u5b83\u7684\u6838\u5fc3\u601d\u60f3\u662f\u8ba9\u65b9\u6cd5\u8c03\u7528\u201c\u7a7f\u8d8a\u201dJVM\uff0c\u5b9e\u73b0\u5206\u5e03\u5f0f\u5bf9\u8c61\u901a\u4fe1\u3002<\/p>\n\n\n\n
RMI\u7684\u7ec4\u4ef6\u4e00\u822c\u5305\u62ec\u4e0b\u9762\u56db\u79cd\uff1a<\/p>\n\n\n\n
\n- \u8fdc\u7a0b\u63a5\u53e3\uff08Remote Interface\uff09<\/strong>\uff1a\u5b9a\u4e49\u8fdc\u7a0b\u5bf9\u8c61\u53ef\u8c03\u7528\u7684\u65b9\u6cd5\u3002<\/li>\n\n\n\n
- \u8fdc\u7a0b\u5bf9\u8c61\u7684\u5b9e\u73b0\u7c7b\uff08Remote Object Implementation\uff09<\/strong>\u3002<\/li>\n\n\n\n
- \u670d\u52a1\u5668\uff08Server\uff09<\/strong>\uff1a\u6ce8\u518c\u8fdc\u7a0b\u5bf9\u8c61\u5230 RMI \u6ce8\u518c\u4e2d\u5fc3\u3002<\/li>\n\n\n\n
- \u5ba2\u6237\u7aef\uff08Client\uff09<\/strong>\uff1a\u67e5\u627e\u8fdc\u7a0b\u5bf9\u8c61\u5e76\u8c03\u7528\u5176\u65b9\u6cd5\u3002<\/li>\n<\/ul>\n\n\n\n
\u8fd9\u91cc\u6211\u4eec\u6765\u5206\u522b\u5b9e\u73b0\u8fd9\u56db\u4e2a\u4e1c\u897f\uff1a<\/p>\n\n\n\n
\u8fd9\u91cc\u6211\u4eec\u5b9a\u4e49\u8fdc\u7a0b\u63a5\u53e3 Hello.java\uff0c<\/code>\u8be5\u63a5\u53e3\u7ee7\u627f\u81ea Remote\uff0c\u58f0\u660e\u4e86\u4e00\u4e2a\u8fdc\u7a0b\u65b9\u6cd5 sayHello(String name)(\u6ce8\u610f\uff1a\u6240\u6709\u8fdc\u7a0b\u65b9\u6cd5\u90fd\u5fc5\u987b\u58f0\u660e\u629b\u51fa RemoteException\uff0c\u548c\u4e4b\u524d\u7684forName\u4e00\u6837)\uff1a<\/p>\n\n\n\nimport java.rmi.Remote;\nimport java.rmi.RemoteException;\n\npublic interface Hello extends Remote {\n String sayHello(String name) throws RemoteException;\n}<\/code><\/pre>\n\n\n\n\u6211\u4eec\u518d\u5b9e\u73b0\u8fdc\u7a0b\u63a5\u53e3 HelloImpl.java<\/code>\uff0c\u8fd9\u91cc\u6211\u4eec\u7ee7\u627f UnicastRemoteObject \u5e76\u5b9e\u73b0 Hello \u63a5\u53e3\uff0c\u540c\u65f6\u5177\u4f53\u5b9e\u73b0\u8fd9\u4e2asayHello\u65b9\u6cd5\u548c\u6784\u9020\u65b9\u6cd5\uff1a<\/p>\n\n\n\nimport java.rmi.RemoteException;\nimport java.rmi.server.UnicastRemoteObject;\n\npublic class HelloImpl extends UnicastRemoteObject implements Hello {\n protected HelloImpl() throws RemoteException {\n super();\n }\n\n public String sayHello(String name) throws RemoteException {\n return \"Hello \" + name;\n }\n}\n<\/code><\/pre>\n\n\n\n\u670d\u52a1\u5668\u7aef Server.java<\/code>\uff0c\u4f5c\u7528\u4e3b\u8981\u662f\u521b\u5efa RMI \u6ce8\u518c\u8868(\u4f7f\u7528\u9ed8\u8ba4\u7aef\u53e3 1099)\uff0c\u521b\u5efa\u670d\u52a1\u5b9e\u73b0\u7c7b\u7684\u5b9e\u4f8b\uff0c\u5c06\u8fdc\u7a0b\u5bf9\u8c61\u7ed1\u5b9a\u5230\u6ce8\u518c\u8868\u4e2d\uff0c\u4f7f\u7528\u540d\u79f0 “HelloService”<\/p>\n\n\n\nimport java.rmi.registry.LocateRegistry;\nimport java.rmi.registry.Registry;\n\npublic class Server {\n public static void main(String[] args) {\n try {\n HelloImpl obj = new HelloImpl();\n\n \/\/ \u542f\u52a8\u672c\u5730\u7684 RMI \u6ce8\u518c\u670d\u52a1\uff081099 \u7aef\u53e3\uff09\n LocateRegistry.createRegistry(1099);\n\n \/\/ \u7ed1\u5b9a\u8fdc\u7a0b\u5bf9\u8c61\n Registry registry = LocateRegistry.getRegistry();\n registry.rebind(\"HelloService\", obj);\n\n System.out.println(\"RMI start\");\n } catch (Exception e) {\n e.printStackTrace();\n }\n }\n}\n<\/code><\/pre>\n\n\n\n\u6700\u540e\u5ba2\u6237\u7aef Client.java<\/code>\u7684\u4f5c\u7528\u6bd4\u8f83\u7b80\u5355\uff0c\u8fde\u63a5\u5230\u672c\u5730\uff08localhost\uff09\u7684 RMI \u6ce8\u518c\u8868\u7136\u540e\u67e5\u627e\u540d\u4e3a “HelloService” \u7684\u8fdc\u7a0b\u5bf9\u8c61\uff0c\u6700\u540e\u8c03\u7528\u8fdc\u7a0b\u65b9\u6cd5 sayHello\uff0c\u4f20\u5165\u53c2\u6570 “fushuling”<\/p>\n\n\n\nimport java.rmi.registry.LocateRegistry;\nimport java.rmi.registry.Registry;\n\npublic class Client {\n public static void main(String[] args) {\n try {\n \/\/ \u8fde\u63a5\u5230\u670d\u52a1\u5668\uff08\u9ed8\u8ba4\u672c\u673a\uff09\n Registry registry = LocateRegistry.getRegistry(\"localhost\");\n\n \/\/ \u67e5\u627e\u8fdc\u7a0b\u5bf9\u8c61\n Hello stub = (Hello) registry.lookup(\"HelloService\");\n\n \/\/ \u8c03\u7528\u8fdc\u7a0b\u65b9\u6cd5\n String response = stub.sayHello(\"fushuling\");\n System.out.println(\"Server response:\" + response);\n } catch (Exception e) {\n e.printStackTrace();\n }\n }\n}<\/code><\/pre>\n\n\n\n\u63a5\u7740\u5728\u8fd9\u4e2a\u76ee\u5f55\u4e0b\u8fdb\u884c\u7f16\u8bd1\uff1a<\/p>\n\n\n\n
javac -source 1.8 -target 1.8 -encoding UTF-8 *.java<\/code><\/pre>\n\n\n\n\u7136\u540e\u5148\u8fd0\u884c\u670d\u52a1\u7aef\uff1a<\/p>\n\n\n\n
java Server<\/code><\/pre>\n\n\n\n\u518d\u8fd0\u884c\u5ba2\u6237\u7aef\uff1a<\/p>\n\n\n\n
java Client<\/code><\/pre>\n\n\n\n<\/div><\/figure>\n\n\n\n\u8fd0\u884c\u6d41\u7a0b\u5c31\u662f\uff1a\u8fd0\u884c Server \u7c7b\u542f\u52a8 RMI \u670d\u52a1=>\u8fd0\u884c Client \u7c7b\u8fde\u63a5\u670d\u52a1\u5e76\u8c03\u7528\u8fdc\u7a0b\u65b9\u6cd5=>\u670d\u52a1\u5668\u5904\u7406\u8bf7\u6c42\u5e76\u8fd4\u56de\u7ed3\u679c=>\u5ba2\u6237\u7aef\u63a5\u6536\u5e76\u663e\u793a\u7ed3\u679c<\/p>\n\n\n\n
\u53ef\u4ee5\u770b\u5230\u901a\u8fc7\u8fd9\u79cd\u65b9\u5f0f\uff0c\u6211\u4eec\u5c31\u5b9e\u73b0\u4e86\u5728\u4e00\u4e2ajvm\u4e2d\u7684\u5bf9\u8c61\u8c03\u7528\u53e6\u4e00\u4e2ajvm\u4e2d\u5bf9\u8c61\u4e0a\u7684\u65b9\u6cd5\uff0c\u6709\u70b9\u50cfRPC\uff0c\u4e0d\u8fc7\u8fd9\u91cc\u5b58\u5728\u4e00\u4e2aRMI Registry\u7f51\u5173\uff0c\u4ed6\u81ea\u5df1\u4e0d\u4f1a\u6267\u884c\u65b9\u6cd5\uff0c\u4f46\u662fRMI Server\u53ef\u4ee5\u5728\u4e0a\u2faf\u6ce8\u518c\u4e00\u4e2aName\u5230\u5bf9\u8c61\u7684\u7ed1\u5b9a\u5173\u7cfb\uff1bRMI Client\u901a\u8fc7Name\u5411RMI Registry\u67e5\u8be2\uff0c\u5f97\u5230\u8fd9\u4e2a\u7ed1\u5b9a\u5173\u7cfb\uff0c\u7136\u540e\u518d\u8fde\u63a5RMI
Server\uff1b\u6700\u540e\uff0c\u8fdc\u7a0b\u65b9\u6cd5\u5b9e\u9645\u4e0a\u5728RMI Server\u4e0a\u8c03\u7528\u3002<\/p>\n\n\n\n
\u53ef\u60f3\u800c\u77e5\uff0c\u65e2\u7136\u80fd\u8fdc\u7a0b\u8c03\u7528\u6076\u610f\u65b9\u6cd5\uff0c\u5c31\u5f88\u5bb9\u6613\u4fc3\u8fdb\u6076\u610f\u4ee3\u7801\u7684\u6267\u884c\uff0c\u4e3a\u6211\u4eec\u5b89\u5168\u4eba\u5458\u63d0\u4f9b\u66f4\u591a\u996d\u7897\u3002<\/p>\n\n\n\n<\/div><\/figure>\n\n\n\n\u53cd\u5e8f\u5217\u5316<\/h1>\n\n\n\n
\u5927\u90e8\u5206\u8bed\u8a00\u90fd\u5b58\u5728\u53cd\u5e8f\u5217\u5316\uff0c\u53cd\u5e8f\u5217\u5316\u672c\u8eab\u662f\u4e3a\u4e86\u5728\u7f51\u7edc\u4e2d\u4f20\u8f93\u5bf9\u8c61\u800c\u4f7f\u7528\u7684\uff0c\u6bd4\u5982php\u6216\u8005java\u91cc\u7684\u5e8f\u5217\u5316\u65b9\u6cd5\uff0c\u5c31\u53ef\u4ee5\u628a\u4e00\u4e2a\u5bf9\u8c61\u8f6c\u5316\u6210\u4e00\u4e32\u4e8c\u8fdb\u5236\u6570\u636e\u8fdb\u884c\u4f20\u8f93\u3002<\/p>\n\n\n\n
\u5728 Java \u7684\u5e8f\u5217\u5316\u8fc7\u7a0b\u4e2d\u6709\u4e00\u4e2a\u5f88\u5173\u952e\u7684\u65b9\u6cd5 writeObject<\/code> \uff0c\u4ed6\u7528\u4e8e\u81ea\u5b9a\u4e49\u5bf9\u8c61\u5982\u4f55\u88ab\u5199\u5165\uff08\u5e8f\u5217\u5316\uff09\u5230\u5b57\u8282\u6d41\u8fd9\u4e2a\u8fc7\u7a0b\u4e2d\uff0c\u8ba9\u6211\u4eec\u5728\u5e8f\u5217\u5316\u6d41\u4e2d\u53ef\u4ee5\u63d2\u5165\u4e00\u4e9b\u81ea\u5b9a\u4e49\u6570\u636e\uff0c\u8fdb\u800c\u5728\u53cd\u5e8f\u5217\u5316\u7684\u65f6\u5019\u80fd\u591f\u4f7f\u7528 readObject \u8fdb\u884c\u8bfb\u53d6\u3002<\/p>\n\n\n\nreadObject \u503e\u5411\u4e8e\u89e3\u51b3\u201c\u53cd\u5e8f\u5217\u5316\u65f6\u5982\u4f55\u8fd8\u539f\u4e00\u4e2a\u5b8c\u6574\u5bf9\u8c61\u201d\u8fd9\u4e2a\u95ee\u9898\uff0c\u800cPHP\u7684 __wakeup \u66f4\u503e\u5411\u4e8e\u89e3\u51b3\u201c\u53cd\u5e8f\u5217\u5316\u540e\u5982\u4f55\u521d\u59cb\u5316\u8fd9\u4e2a\u5bf9\u8c61\u201d\u7684\u95ee\u9898\u3002\u4e8b\u5b9e\u4e0a\u5728PHP\u7684\u53cd\u5e8f\u5217\u5316\u8fc7\u7a0b\u4e2d\uff0c\u4e00\u65e6\u5f00\u59cb\u53cd\u5e8f\u5217\u5316(\u8c03\u7528unserialize)\uff0c\u5f00\u53d1\u8005\u5c31\u6ca1\u529e\u6cd5\u65b0\u589e\u5185\u5bb9\u4e86\uff0c\u60f3\u53c2\u4e0e\u53ea\u80fd\u5728\u5e8f\u5217\u5316\u4e4b\u524d\u6539\u5c5e\u6027\uff0c\u800cJava\u7684\u53cd\u5e8f\u5217\u5316\u5f88\u591a\u65f6\u5019\u9700\u8981\u5f00\u53d1\u8005\u6df1\u5165\u53c2\u4e0e\uff0c\u56e0\u6b64\u6211\u4eec\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528 writeObject<\/code> \u5411\u5e8f\u5217\u5316\u6d41\u91cc\u5199\u5165\u6570\u636e\uff0c\u8fd9\u4e00\u70b9\u4e0ePHP\u662f\u6709\u5f88\u5927\u7684\u4e0d\u540c\u7684\u3002<\/p>\n\n\n\n\u4e0b\u9762\u662f\u4e00\u4e2a\u7b80\u5355\u7684Java\u53cd\u5e8f\u5217\u5316\u7684\u4f8b\u5b50<\/p>\n\n\n\n
package Unserialize;\n\nimport java.io.*;\n\npublic class EasyDemo {\n public static void main(String[] args) throws Exception {\n Person p = new Person(\"Fushuling\");\n \/\/ \u5e8f\u5217\u5316\n ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream(\"p.ser\"));\n oos.writeObject(p);\n oos.close();\n\n \/\/ \u53cd\u5e8f\u5217\u5316\n ObjectInputStream ois = new ObjectInputStream(new FileInputStream(\"p.ser\"));\n Person deserialized = (Person) ois.readObject();\n ois.close();\n\n System.out.println(\"\u2705 name: \" + deserialized.name);\n }\n}\n\nclass Person implements Serializable {\n private static final long serialVersionUID = 1L;\n\n String name;\n\n public Person(String name) {\n this.name = name;\n }\n\n private void writeObject(ObjectOutputStream out) throws IOException {\n System.out.println(\"\ud83d\udd12 writeObject \u88ab\u8c03\u7528\");\n out.defaultWriteObject();\n }\n\n private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException {\n System.out.println(\"\ud83d\udd13 readObject \u88ab\u8c03\u7528\");\n in.defaultReadObject();\n }\n}<\/code><\/pre>\n\n\n\n<\/div><\/figure>\n\n\n\n\u5728\u4e0a\u9762\u7684\u4ee3\u7801\u4e2d\uff0c\u6211\u4eec\u9996\u5148\u521b\u5efa\u5bf9\u8c61\u5e76\u5e8f\u5217\u5316\uff0c\u4e5f\u5c31\u662f<\/p>\n\n\n\n
Person p = new Person(\"Fushuling\");\nObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream(\"p.ser\"));\noos.writeObject(p);\noos.close();<\/code><\/pre>\n\n\n\n\u8fd9\u91cc\u6211\u4eec\u521b\u5efa\u4e86\u4e00\u4e2a Person<\/code> \u5b9e\u4f8b\uff0c\u4f20\u5165\u540d\u5b57 \"Fushuling\"<\/code>\uff0c\u521b\u5efa\u6587\u4ef6\u8f93\u51fa\u6d41\uff0c\u6307\u5411 p.ser<\/code> \u6587\u4ef6\uff08\u4fdd\u5b58\u5e8f\u5217\u5316\u540e\u7684\u5b57\u8282\uff09\uff0c\u5305\u88c5\u6210 ObjectOutputStream<\/code>\uff0c\u5b83\u652f\u6301 .writeObject()<\/code>\u3002\u8fd9\u91ccoos.writeObject(p)\u4f1a\u81ea\u52a8\u8c03\u7528 p<\/code> \u7684writeObject()<\/code> \u65b9\u6cd5\uff08\u5982\u679c\u5b9a\u4e49\u4e86\u7684\u8bdd\uff0c\u4e5f\u5c31\u662f\u90a3\u4e2aprivate void writeObject\uff0c\u5426\u5219\u5c31\u9ed8\u8ba4\u5e8f\u5217\u5316\u5b57\u6bb5\uff09\uff0c\u6700\u540e\u5173\u95ed\u4e86\u8f93\u51fa\u6d41\u3002<\/p>\n\n\n\n\u63a5\u7740\u8fdb\u884c\u53cd\u5e8f\u5217\u5316\u5bf9\u8c61<\/p>\n\n\n\n
ObjectInputStream ois = new ObjectInputStream(new FileInputStream(\"p.ser\"));\nPerson deserialized = (Person) ois.readObject();\nois.close();<\/code><\/pre>\n\n\n\n\u5177\u4f53\u800c\u8a00\uff0c\u5148\u6253\u5f00 p.ser<\/code> \u6587\u4ef6\uff0c\u8bfb\u53d6\u521a\u521a\u5199\u5165\u7684\u5bf9\u8c61\uff0c\u63a5\u7740\u4f7f\u7528 ObjectInputStream<\/code> \u53cd\u5e8f\u5217\u5316(readObject()<\/code> \u4f1a\u8fd4\u56de\u4e00\u4e2a Object<\/code>\uff0c\u6240\u4ee5\u8981\u5f3a\u5236\u8f6c\u6210 Person<\/code>)\u3002ois.readObject()\u4f1a\u5224\u65ad\u8fd9\u4e2a\u5bf9\u8c61\u7684\u7c7b\uff08\u8fd9\u91cc\u662f Person<\/code>\uff09\u6709\u6ca1\u6709\u5b9a\u4e49\u4e00\u4e2a\u79c1\u6709\u7684 readObject(ObjectInputStream)<\/code> \u65b9\u6cd5\uff0c\u6709\u7684\u8bdd\u5c31\u4f1a\u8c03\u7528\u540e\u518d\u628a\u5bf9\u8c61\u8fd4\u56de\u3002\u7531\u4e8e\u83b7\u5f97\u4e86\u4e00\u4e2a\u5b8c\u597d\u7684\u5bf9\u8c61\uff0c\u6240\u4ee5\u6211\u4eec\u5728\u6700\u540e\u53ef\u4ee5\u76f4\u63a5\u7528deserialized.name\u8f93\u51fa\u4ed6\u7684name\u3002<\/p>\n\n\n\n\u5f53\u7136\uff0c\u5373\u4f7f\u6211\u4eec\u6ca1\u6709\u5b9e\u73b0private void writeObject(...)<\/code> \u548c readObject(...)<\/code>\uff0c\u6211\u4eec\u4f9d\u7136\u9700\u8981\u5199\u8fd9\u4e24\u884c\u4ee3\u7801\uff1a<\/p>\n\n\n\noos.writeObject(p); \/\/ \u5199\u5165\u5bf9\u8c61\nois.readObject(); \/\/ \u8bfb\u53d6\u5bf9\u8c61<\/code><\/pre>\n\n\n\n\u4ed6\u4e5f\u4f1a\u6b63\u5e38\u7684\u8fdb\u884c\u5e8f\u5217\u5316\u548c\u53cd\u5e8f\u5217\u5316\uff0c\u53ea\u662f\u5982\u679c\u6211\u4eec\u989d\u5916\u5b9e\u73b0\u4e86\u8fd9\u4fe9\u65b9\u6cd5\u7684\u8bdd\u5c31\u53ef\u4ee5\u589e\u52a0\u989d\u5916\u903b\u8f91\u4e86\uff0c\u6bd4\u5982\u6211\u4eec\u5728\u4e4b\u524d\u7684\u4ee3\u7801\u7684\u57fa\u7840\u4e0a\u7a0d\u5fae\u4fee\u6539\u4e00\u4e0b\uff1a<\/p>\n\n\n\n
class Person implements Serializable {\n private static final long serialVersionUID = 1L;\n\n String name;\n\n public Person(String name) {\n this.name = name;\n }\n\n \/\/ \u81ea\u5b9a\u4e49\u5e8f\u5217\u5316\uff1a\u5199\u5165\u539f\u5b57\u6bb5 + \u989d\u5916\u903b\u8f91\n private void writeObject(ObjectOutputStream out) throws IOException {\n System.out.println(\"\ud83d\udd12 writeObject \u88ab\u8c03\u7528\");\n out.defaultWriteObject(); \/\/ \u5199\u5165\u9ed8\u8ba4\u5b57\u6bb5\uff08\u5982 name\uff09\n \n long timestamp = System.currentTimeMillis(); \n System.out.println(\"\ud83d\udd52 \u5199\u5165\u65f6\u95f4\u6233: \" + timestamp);\n out.writeLong(timestamp); \/\/ \u5199\u5165\u4e00\u4e2a\u989d\u5916\u7684\u65f6\u95f4\u6233\n }\n\n \/\/ \u81ea\u5b9a\u4e49\u53cd\u5e8f\u5217\u5316\uff1a\u8bfb\u53d6\u539f\u5b57\u6bb5 + \u989d\u5916\u903b\u8f91\n private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException {\n System.out.println(\"\ud83d\udd13 readObject \u88ab\u8c03\u7528\");\n in.defaultReadObject(); \/\/ \u6062\u590d\u9ed8\u8ba4\u5b57\u6bb5\uff08\u5982 name\uff09\n\n long timestamp = in.readLong(); \n System.out.println(\"\ud83d\udd52 \u53cd\u5e8f\u5217\u5316\u65f6\u8bfb\u53d6\u65f6\u95f4\u6233: \" + timestamp); \/\/ \u8bfb\u53d6\u4e00\u4e2a\u989d\u5916\u7684\u65f6\u95f4\u6233\n }\n}<\/code><\/pre>\n\n\n\n<\/div><\/figure>\n\n\n\n\u8fd9\u91cc\u6211\u4eec\u7528 writeObject()<\/code> \u5199\u5165\u4e00\u4e2a\u989d\u5916\u7684\u65f6\u95f4\u6233\uff0c\u7528\u6765\u8868\u793a\u8fd9\u4e2a\u5bf9\u8c61\u88ab\u5e8f\u5217\u5316\u7684\u65f6\u95f4\uff1breadObject()<\/code> \u5728\u53cd\u5e8f\u5217\u5316\u65f6\u628a\u5b83\u8bfb\u56de\u6765\u5e76\u6253\u5370\u51fa\u6765\uff0c\u53ef\u4ee5\u53d1\u73b0\u73b0\u5728\u6211\u4eec\u5176\u5b9e\u5c31\u6539\u53d8\u4e86\u539f\u59cb\u7684\u5e8f\u5217\u5316\u6d41\uff0c\u800c\u8fd9\u4e00\u70b9PHP\u662f\u505a\u4e0d\u5230\u7684\uff0c\u4e5f\u5bfc\u81f4\u4e3a\u4ec0\u4e48Java\u7684\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\u53c8\u591a\u53c8\u4e25\u91cd\uff0c\u800cPHP\u7684\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\u67d0\u79cd\u610f\u4e49\u4e0a\u5176\u5b9e\u90fd\u4e0d\u7b97\u662f\u6f0f\u6d1e\u3002<\/p>\n\n\n\nURLDNS<\/h1>\n\n\n\n
URLDNS<\/strong> \u662f\u7531 ysoserial<\/a> \u63d0\u4f9b\u7684\u4e00\u79cd\u65e0\u4f9d\u8d56\u3001\u65e0\u56de\u663e\u3001\u65e0\u547d\u4ee4\u6267\u884c\u7684 Java \u53cd\u5e8f\u5217\u5316 gadget \u94fe\uff08gadget\u94fe\u4e5f\u5c31\u662f\u5229\u7528\u94fe\u7684\u7684\u610f\u601d\uff0c\u6709\u65f6\u5019\u6211\u4eec\u4f1a\u8fdb\u4e00\u6b65\u7b80\u79f0\u4e3agadget\uff09\uff0c\u5176\u672c\u8d28\u76ee\u7684\u662f\u89e6\u53d1 DNS \u8bf7\u6c42\uff0c\u7528\u4e8e\u9a8c\u8bc1\u76ee\u6807\u662f\u5426\u5b58\u5728\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\u3002URLDNS\u5b8c\u5168\u7531Java\u5185\u7f6e\u7c7b\u6784\u9020\uff0c\u6ca1\u6709\u5bf9\u7b2c\u4e09\u65b9\u5e93\u7684\u4f9d\u8d56\uff0c\u56e0\u6b64\u975e\u5e38\u9002\u5408\u7528\u6765\u63a2\u6d4b\u4e00\u4e2a\u76ee\u6807\u662f\u5426\u5b58\u5728\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\u3002<\/p>\n\n\n\n
![\"\"\/](\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2025%2F04%2FQQ20250419-214021-19-1.png\")
<\/div><\/figure>\n\n\n\n![\"\"\/](\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2025%2F04%2FQQ20250419-214523-19-2.png\")
<\/div><\/figure>\n\n\n\n![\"\"\/](\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2025%2F04%2FQQ20250419-215047-3.png\")
<\/div><\/figure>\n\n\n\n![\"\"](\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2025%2F04%2FQQ20250419-220953-19-4.png\")
<\/div><\/figure>\n\n\n\n![\"\"](\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2025%2F04%2FQQ20250419-221555-19-5.png\")
<\/div><\/figure>\n\n\n\n![\"\"](\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2025%2F04%2FQQ20250419-222132-19-6.png\")
<\/div><\/figure>\n\n\n\n![\"\"](\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2025%2F04%2FQQ20250419-223828-19-7.png\")
<\/div><\/figure>\n\n\n\n![\"\"](\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2025%2F04%2FQQ20250419-224932-19-8.png\")
<\/div><\/figure>\n\n\n\n![\"\"\/](\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2025%2F04%2FQQ20250419-230509-19-9.png\")
<\/div><\/figure>\n\n\n\n![\"\"](\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2025%2F04%2FQQ20250419-230943-19-10.png\")
<\/div><\/figure>\n\n\n\n![\"\"\/](\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2025%2F04%2FQQ20250419-231723-19-11.png\")
<\/div>![\"\"](\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2025%2F04%2FQQ20250419-233413-19-12.png\")
<\/div><\/figure>\n\n\n\n![\"\"\/](\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2025%2F04%2FQQ20250419-233911-19-13.png\")
<\/div><\/figure>\n\n\n\n![\"\"\/](\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2025%2F04%2FQQ20250420-220927-20-1.png\")
<\/div><\/figure>\n\n\n\n![\"\"](\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2025%2F04%2F798901A4F8EDFB111B154FEA934A9EA3-20-2.png\")
<\/div><\/figure>\n\n\n\n![\"\"\/](\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2025%2F04%2FQQ20250420-225823-20-2.png\")
<\/div><\/figure>\n\n\n\n![\"\"\/](\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2025%2F04%2FQQ20250420-231905-20-3.png\")
<\/div><\/figure>\n\n\n\n![\"\"\/](\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2025%2F04%2FQQ20250421-220722-21-2.png\")
<\/div><\/figure>\n\n\n\n![\"\"\/](\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2025%2F04%2FQQ20250421-221211-21-3.png\")
<\/div><\/figure>\n\n\n\n![\"\"](\"https:\/\/fushuling-1309926051.cos.ap-shanghai.myqcloud.com\/2025%2F04%2FQQ20250421-213711-21-1.png\")
<\/div><\/figure>\n\n\n\n