Content deleted Content added
mNo edit summary |
attacks; OpenBSD W^X |
||
Line 5:
Self-modifying code was used in the early days of computers in order to save memory space, which was limited. It was also used to implement [[subroutine]] calls and returns when the instruction set only provided simple branching or skipping instructions to vary the flow of control (this is still relevant in certain ultra-[[RISC]] architectures, at least theoretically, e.g. one such system has a sole branching instruction with three operands: subtract-and-branch-if-negative).
Self-modifying code was used to hide copy protection instructions in [[1980s]] [[MS-DOS]] based games. The [[floppy disk]] drive access instruction '[[interrupt|int]] 0x13' would not appear in the executable program's image but it would be written into the executable's memory image after the program started executing. Self-modifying code is also sometimes used by programs that do not want to reveal their presence -- such as [[computer virus]]es and some [[shellcode]]s. Modifying a piece of running code is also used in certain attacks, such as [[buffer overflow]]s.
Because of the security implications of self-modifying code, some [[operating system]]s go to lengths to rule it out. Recent versions of [[OpenBSD]], for instance, have a feature known as W^X (for "write [[xor]] execute") which inhibits alteration of memory pages which harbor executable code. Programs which depend upon rewriting their own machine code cannot execute in such an environment.
==Example algorithm (theoretical!)==
| |||