I am making an antiCheating program for java game. I want to monitor the loading of all classes and find out which jar file it is loaded from, or is dynamically generated, so that I can calaulate hash and confirm whether the jar package is legal.
The legality cannot be confirmed by verifying the signature of the jar package because most jar packages are not signed. I tried to use the callback function of jvmti, but I couldn’t find a callback method that can track the jar package.
I also try to find url from URLClassloader but I found many classes are loaded by custom classloader. Custom classloader are too many to adapt.