第一个类名
cjt
import java.io.*;
public class cjt {
public static void main(String[] args) throws IOException, ClassNotFoundException {
cjt666 p=new cjt666();
p.age=18;
p.name="cjt";
serialize(p,"cjt65");
System.out.println("反序列化结果:" + deserialize("cjt65"));
}
public static void serialize(Object obj, String filePath) throws IOException {
try (FileOutputStream fileOut = new FileOutputStream(filePath);
ObjectOutputStream objectOut = new ObjectOutputStream(fileOut)) {
objectOut.writeObject(obj);
}
}
public static Object deserialize(String filePath) throws IOException, ClassNotFoundException {
try (FileInputStream fileIn = new FileInputStream(filePath);
ObjectInputStream objectIn = new ObjectInputStream(fileIn)) {
return objectIn.readObject();
}
}
}
第二个类名
cjt666
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.Serializable;
public class cjt666 implements Serializable {
public int age;
public String name;
private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException {
Runtime.getRuntime().exec("calc");
//Runtime.getRuntime().exec("whoami");
// 默认的反序列化操作
in.defaultReadObject();
}
}
运行结果
查看反序列的字节流