Revision as of 10:07, 9 January 2024 edit Onel5969 (talk \| contribs) Autopatrolled, Extended confirmed users, Page movers, New page reviewers, Pending changes reviewers, Rollbackers 992,420 edits m Disambiguating links to Mix (link changed to MIX (abstract machine)) using DisamAssist. ← Previous edit		Revision as of 17:15, 9 July 2024 edit undo Dgpop (talk \| contribs) Extended confirmed users 57,701 edits →Use as camouflage: minor copyediting Next edit →
Line 142: ===Use as camouflage=== Self-modifying code is more complex to analyze than standard code and can therefore be used as a protection against [[reverse engineering]] and [[software cracking]]. Self-modifying code was used to hide copy protection instructions in 1980s disk-based programs for ~~platforms~~systems such as [[IBM ~~Personal~~PC ~~Computer\|IBM PC~~compatible]]s and [[~~Apple II series\|~~Apple II]]. For example, on an IBM PC ~~(or [[IBM PC compatible\|compatible]])~~, the [[floppy disk]] drive access instruction <code>[[int 0x13]]</code> would not appear in the executable program's image but it would be written into the executable's memory image after the program started executing. Self-modifying code is also sometimes used by programs that do not want to reveal their presence, such as [[computer virus]]es and some [[shellcode]]s. Viruses and shellcodes that use self-modifying code mostly do this in combination with [[polymorphic code]]. Modifying a piece of running code is also used in certain attacks, such as [[buffer overflow]]s.

Self-modifying code: Difference between revisions