Content deleted Content added
Noone~enwiki (talk | contribs) mNo edit summary |
for a given memory page, |
||
Line 55:
Self-modifying code was used to hide copy protection instructions in [[1980s]] [[MS-DOS]] based games. The [[floppy disk]] drive access instruction '[[interrupt|int]] 0x13' would not appear in the executable program's image but it would be written into the executable's memory image after the program started executing. Self-modifying code is also sometimes used by programs that do not want to reveal their presence -- such as [[computer virus]]es and some [[shellcode]]s. Modifying a piece of running code is also used in certain attacks, such as [[buffer overflow]]s.
Because of the security implications of self-modifying code, some [[operating system]]s go to lengths to rule it out. Recent versions of [[OpenBSD]], for instance, have a feature known as W^X (for "write [[xor]] execute", meaning that, for a given memory page, a program can only write, or execute, ''but not both'') which inhibits alteration of memory pages which harbor executable code. Programs which depend upon rewriting their own machine code cannot execute in such an environment.
Most modern processors load the machine code before they execute it, which means that if an instruction that is too near the [[instruction pointer]] is modified, the processor will not notice, but instead execute the code as it was <i>before</i> it was modified. See [[Prefetch Input Queue]] (PIQ)
==Example [[NASM]]-[[syntax]] self-modifying [[x86]]-assembly algorithm that determines the size of [[Prefetch Input Queue]]==
| |||