代码
类名:wj33333
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.Serializable;
public class wj33333 implements Serializable {
public int age;
public String name;
private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException {
Runtime.getRuntime().exec("calc");
//Runtime.getRuntime().exec("whoami");
// 默认的反序列化操作
in.defaultReadObject();
}
}
类名:wj
import java.io.*;
public class wj {
public static void main(String[] args) throws IOException, ClassNotFoundException {
wj33333 p=new wj33333();
p.age=18;
p.name="wj33";
serialize(p,"wj33.bin");
System.out.println("反序列化结果:" + deserialize("wj33.bin"));
}
public static void serialize(Object obj, String filePath) throws IOException {
try (FileOutputStream fileOut = new FileOutputStream(filePath);
ObjectOutputStream objectOut = new ObjectOutputStream(fileOut)) {
objectOut.writeObject(obj);
}
}
public static Object deserialize(String filePath) throws IOException, ClassNotFoundException {
try (FileInputStream fileIn = new FileInputStream(filePath);
ObjectInputStream objectIn = new ObjectInputStream(fileIn)) {
return objectIn.readObject();
}
}
}
结果
查看序列化的字节流