I tried several methods(eg. custom classloader、jvmti) to protected my java program from decompile. They work well until meeting hotspot sa. "Hotspot sa classdump" is so powerf that it can directly dump class from java process's memory in a non invasive debug mode, which make any protect method useless. Is there any way to protect from "hotspot sa classdump"?
There's really no secure way to protect code, in the way that you imagine.
However, your code is most likely not so important that it matters (if it were important, you would already know that it's impossible to give your code away to someone and protect it at the same time).
Of course if you provide your software as a service, the code is never executed by the client and he can't decompile it. Of course not all software can be provided as a service.