How do I LoadClass() from outside project build?

Question

I'm trying to create an exploit, I want to load a class from outside the netbeans project, of a subclassed cash register, which should have been made final.

I can load the LegitClass fine from within the original package badclassloader, with:

claz = "badclassloader.LegitClass"
loadClass = this.getClass().getClassLoader().loadClass(claz);
(LegitClass)loadClass.newInstance();

Now I want to load the MalClass which lives in another project and package 'Package Mal'

1. How do I get the Mal.MalClass into the path for the LoadClass() method to find?

I tried the following:

    private void loadLibrary() {
    if (library != null) {
        AccessController.doPrivileged(new PrivilegedAction() {
            @Override
            public Object run() {
                System.loadLibrary("Path/to/Project/mal.jar");
                return null;
            }
        });
    }
}

but firstly I got Directory separator should not appear in library name So that clearly isn't it, I'm pretty sure I'm missing something considerable here.

Answer 1

Create a new, custom class loader...

URLClassLoader cl = new URLClassLoader(
        new URL[]{new File("Path/to/Project/mal.jar").toURI().toURL()}
    );

Load the class from the class loader...

Class clazz = cl.loadClass("Mal.MalClass");

Create a new instance of the class...

Object obj = clazz.newInstance();

Now. You have a problem. Unless the Class you've just loaded implements a interface which is common to both projects, you won't be able to resolve the instance of the Class to an actual type, as the type would be unknown at compile time. Instead, you would be forced to use reflection, which is never pretty...