Revision as of 05:34, 16 February 2004 edit Chris Roy (talk \| contribs) 3,991 edits m basicly->basically ← Previous edit		Revision as of 11:50, 16 February 2004 edit undo Noone~enwiki (talk \| contribs) 131 edits No edit summary Next edit →
Line 59: Most modern processors load the machine code before they execute it, which means that if an instruction that is too near the [[instruction pointer]] is modified, the processor will not notice, but instead execute the code as it was <i>before</i> it was modified. See [[Prefetch Input Queue]] (PIQ) ==Example [[NASM]]-[[syntax]] self-modifying [[x86]]-assembly algorithm that determines the size of [[Prefetch Input Queue~~\|PIQ~~]]== Line 81: dw 0 ; and then the code segment (calculated above) flush_queue: mov [nop_field+cx], 0x40 ; 0x40 = opcode "inc ax" (INCrease ax) Line 88: jmp around found_size: ; ; register cx now contains the size of the PIQ Line 96 ⟶ 97: ; What this code does is basically that it changes the execution flow, and determines by [[brute force]] how large the PIQ is. "How far away does I have to change the code in front of me for it to ~~change~~affect ~~the value in ax~~me?", ~~if it is too near (it is already in the PIQ) the update will not have any affect.~~ If it is too near (it is already in the PIQ) the update will not have any affect. If it is far enugh, the change of the code will affect the program and the program has then found the size of the processors PIQ. ==Example algorithm (theoretical!)==

Self-modifying code: Difference between revisions