How is malicious reflection used during the original running of an application

Question

I can use Reflection under my own main method to access and look at the private fields of a jar file as made and corrected here.

I would like to know when the vulnerable jar file has it's own main and is running, how is reflection used on the instance objects of that runtime from my malicious code which is external to the jar file? How would my program reference instances in the original program?

Am I misunderstanding something, Do I call main of the vulnerable code from my code???

Answer 1

You list two variables in this problem: First you want to manipulate the jar, second you want to manipulate an already running program.

Modify a runnable jar By adding your own main class to the classpath and manipulate the main-class attribute in the manifest file, you are able to decide on when an how the vulnerable program is started. Easy! As an alternative, you could create an agent class and register it as premain-class in the manifest.

Modify a running program I am certain that you need to manipulate the classloader to inject your malicious code to the running program.