I'm trying to write my own mechanism for detecting whether foreign classes have been loaded in a JVM.
To test this, I have written an agent which tries to hide itself from this detection mechanism: the idea is to understand theoretical detection methods, and how they can be circumvented.
I have come up against something quite tricky to circumvent: namely, finding the top level ClassLoader and attempting to load a known illegal class:
private boolean runBadClassLookup() {
for(String bad : KNOWN_BAD_CLASSES) {
try {
Class c = system_loader.loadClass(bad);
if(c != null) {
System.out.println("Found illegal class " + c.getName());
return true;
}
} catch (Exception e) {
System.out.println("Couldn't find: " + bad);
}
}
return false;
}
The loadClass method calls some native methods to find loaded classes, so I am at a loss as to how to hide from this.
This would be a really easy way for Jagex to detect popular bots running inside their JVM.
Let me know your thoughts!