Locate and read objects of a specific type from memory of a running java program

Question

I have to evaluate how difficult it would be to extract some object (e.g. java.security.PrivateKey) from memory of a running java program.

I\'m not ver

Answer 1

This is even easier than you might think :)

HotSpot Serviceability Agent does the magic. It can open a core dump or attach to a live Java process using ptrace and then extract the layout of JVM structures and all Java objects. No cooperation from target JVM is needed. This works even when JMX and Attach Mechanism are disabled.

Here is an example how to inspect the instances of a given class in the remote JVM.
sa-jdi.jar must be in the classpath to work with Serviceability Agent.

Finally the easiest solution ever. Run jmap -F -dump:format=b,file=heap.bin PID
Note -F argument - it forces jmap to use Serviceability Agent to make the heap dump.

P.S. Here are the sources of SA if you'd like to know how it works under the hood.