1. instrucment与Attach API
2. BTrace: VM Attach的两种方式
3. Sun JVM Attach API

1. 编写premain函数
​2. jar文件打包
​3. 运行agent 

1. 列出当前所有的JVM实例描述
2. Attach到其中一个JVM上，建立通信管道
3. 让目标JVM加载Agent

http://iamzhongyong.iteye.com/blog/1843558

1. 指定javaagent参数
2. 运行时动态attach

java -javaagent:xxxx.jar TestMain

package test;public class TestMain
{ public static void main(String[] args) throws InterruptedException{System.out.println("Hello");}}

package test;import java.lang.instrument.Instrumentation;
import java.io.*;public class TestMain
{ public static void agentmain(String args, Instrumentation inst) throws Exception {System.out.println("Args:" + args);}public static void premain(String args, Instrumentation inst) throws Exception {System.out.println("Pre Args:" + args);Class[] classes = inst.getAllLoadedClasses();for (Class clazz : classes) {System.out.println(clazz.getName());}}
}

Agent-Class: TestAgent
Premain-Class: TestAgent
Can-Redine-Classes: true
Can-Retransform-Classes: true

1. 编译TestAgent
javac TestAgent.java2. jar打包
jar cvmf MANIFEST.MF xxx.jar TestAgent.class

1. 编译TestMain
javac TestMain.java 2. 启动TestMain
java -javaagent:xxx.jar TestMain

public class TestMain
{public static void main(String[] args) throws InterruptedException {  while(true){  Thread.sleep(10000);  new Thread(new WaitThread()).start();  }  }  static class WaitThread implements Runnable {  @Override  public void run() {  System.out.println("Hello"); }       }
}

import java.lang.instrument.Instrumentation;
import java.io.*;public class TestAgent
{ public static void agentmain(String args, Instrumentation inst) throws Exception {System.out.println("Args:" + args);}public static void premain(String args, Instrumentation inst) throws Exception {System.out.println("Pre Args:" + args);Class[] classes = inst.getAllLoadedClasses();for (Class clazz : classes) {System.out.println(clazz.getName());}}
}

Agent-Class: TestAgent
Premain-Class: TestAgent
Can-Redine-Classes: true
Can-Retransform-Classes: true

1. 编译TestAgent
javac TestAgent.java2. jar打包
jar cvmf MANIFEST.MF xxx.jar TestAgent.class

import com.sun.tools.attach.VirtualMachine;public class Main
{  public static void main(String[] args) throws Exception{  VirtualMachine vm = null;  String agentjarpath = "C:/Users/zhenghan.zh/Desktop/新建文件夹/xxx.jar"; //agentjar路径  vm = VirtualMachine.attach("9730");//目标JVM的进程ID（PID）  vm.loadAgent(agentjarpath, "This is Args to the Agent.");  vm.detach();  }
}

http://ivanzhangwb.github.io/btrace-vm-attach-api/ 

package test;
import java.util.List;import com.sun.tools.attach.VirtualMachine;
import com.sun.tools.attach.VirtualMachineDescriptor;public class Test
{public static void main(String[] args) {List<VirtualMachineDescriptor> list = VirtualMachine.list();  for (VirtualMachineDescriptor vmd : list)  {  System.out.println("pid:" + vmd.id() + ":" + vmd.displayName());  }  }}
//tools.jar needs to be added to the IDE's library path and the program's classpath. The tools.jar file is found in the JDK's lib directory.

//Attach到JVM上
VirtualMachine virtualmachine = VirtualMachine.attach(pid);
//加载Agent
String javaHome = virtualmachine.getSystemProperties().getProperty("java.home");
String agentPath = javaHome + File.separator + "jre" + File.separator + "lib" + File.separator + "management-agent.jar");
File file = new File(agentPath);
if(!file.exists())
{  agentPath = javaHome + File.separator + "lib" + File.separator + "management-agent.jar";  file = new File(agentPath);  if(!file.exists())  throw new IOException("Management agent not found");  }
}  agentPath = file.getCanonicalPath();
try
{  virtualmachine.loadAgent(agentPath, "com.sun.management.jmxremote");
}
catch(AgentLoadException e)
{  throw new IOException(e);
}
catch(AgentInitializationException agentinitializationexception)
{  throw new IOException(e);
}
Properties properties = virtualmachine.getAgentProperties();
address = (String)properties.get("com.sun.management.jmxremote.localConnectorAddress");
virtualmachine.detach(); 

public VirtualMachine attachVirtualMachine(String vmid) throws AttachNotSupportedException, IOException
{checkAttachPermission();// AttachNotSupportedException will be thrown if the target VM can be determined// to be not attachable.
    testAttachable(vmid);return new WindowsVirtualMachine(this, vmid);
}

WindowsVirtualMachine(AttachProvider provider, String id) throws AttachNotSupportedException, IOException
{//继承HotSpotVirtualMachine
    super(provider, id);int pid;try {pid = Integer.parseInt(id);} catch (NumberFormatException x) {throw new AttachNotSupportedException("Invalid process identifier");}//先连接上目标JVMhProcess = openProcess(pid);// The target VM might be a pre-6.0 VM so we enqueue a "null" command// which minimally tests that the enqueue function exists in the target// VM.try {enqueue(hProcess, stub, null, null);} catch (IOException x) {throw new AttachNotSupportedException(x.getMessage());}
}

/*
* Load JPLIS agent which will load the agent JAR file and invoke
* the agentmain method.
*/
public void loadAgent(String agent, String options) throws AgentLoadException, AgentInitializationException, IOException
{String args = agent;if (options != null) {args = args + "=" + options;}try {loadAgentLibrary("instrument", args);} catch (AgentLoadException x) {throw new InternalError("instrument library is missing in target VM");} catch (AgentInitializationException x) {/** Translate interesting errors into the right exception and* message (FIXME: create a better interface to the instrument* implementation so this isn't necessary)*/int rc = x.returnValue();switch (rc) {case JNI_ENOMEM:throw new AgentLoadException("Insuffient memory");case ATTACH_ERROR_BADJAR:throw new AgentLoadException("Agent JAR not found or no Agent-Class attribute");case ATTACH_ERROR_NOTONCP:throw new AgentLoadException("Unable to add JAR file to system class path");case ATTACH_ERROR_STARTFAIL:throw new AgentInitializationException("Agent JAR loaded but agent failed to initialize");default :throw new AgentLoadException("Failed to load agent - unknown reason: " + rc);}}
}

/*
* Load agent library
* If isAbsolute is true then the agent library is the absolute path
* to the library and thus will not be expanded in the target VM.
* if isAbsolute is false then the agent library is just a library
* name and it will be expended in the target VM.
*/
private void loadAgentLibrary(String agentLibrary, boolean isAbsolute, String options) throws AgentLoadException, AgentInitializationException, IOException
{InputStream in = execute("load",agentLibrary,isAbsolute ? "true" : "false",options);try {int result = readInt(in);if (result != 0) {throw new AgentInitializationException("Agent_OnAttach failed", result);}} finally {in.close();}
}

InputStream execute(String cmd, Object ... args) throws AgentLoadException, IOException
{assert args.length <= 3;        // includes null// create a pipe using a random nameint r = (new Random()).nextInt();String pipename = "\\\\.\\pipe\\javatool" + r;long hPipe = createPipe(pipename);// check if we are detached - in theory it's possible that detach is invoked// after this check but before we enqueue the command.if (hProcess == -1) {closePipe(hPipe);throw new IOException("Detached from target VM");}try {// enqueue the command to the process
        enqueue(hProcess, stub, cmd, pipename, args);// wait for command to complete - process will connect with the// completion status
        connectPipe(hPipe);// create an input stream for the pipePipedInputStream is = new PipedInputStream(hPipe);// read completion statusint status = readInt(is);if (status != 0) {// special case the load command so that the right exception is thrownif (cmd.equals("load")) {throw new AgentLoadException("Failed to load agent library");} else {throw new IOException("Command failed in target VM");}}// return the input streamreturn is;} catch (IOException ioe) {closePipe(hPipe);throw ioe;}
}

http://ayufox.iteye.com/blog/655761
http://docs.oracle.com/javase/7/docs/jdk/api/attach/spec/com/sun/tools/attach/VirtualMachine.html
http://docs.oracle.com/javase/7/docs/jdk/api/attach/spec/index.html