Content deleted Content added
for a given memory page, |
Noone~enwiki (talk | contribs) mNo edit summary |
||
Line 53:
Self-modifying code was used in the early days of computers in order to save memory space, which was limited. It was also used to implement [[subroutine]] calls and returns when the instruction set only provided simple branching or skipping instructions to vary the flow of control (this is still relevant in certain ultra-[[RISC]] architectures, at least theoretically, e.g. one such system has a sole branching instruction with three operands: subtract-and-branch-if-negative).
Self-modifying code was used to hide copy protection instructions in [[1980s]] [[MS-DOS]] based games. The [[floppy disk]] drive access instruction '[[interrupt|int]] 0x13' would not appear in the executable program's image but it would be written into the executable's memory image after the program started executing. Self-modifying code is also sometimes used by programs that do not want to reveal their presence -- such as [[computer virus]]es and some [[shellcode]]s. Viruses and shellcodes that use self-modifying code mostly does this in combination with [[polymorphic code]]. Modifying a piece of running code is also used in certain attacks, such as [[buffer overflow]]s.
Because of the security implications of self-modifying code, some [[operating system]]s go to lengths to rule it out. Recent versions of [[OpenBSD]], for instance, have a feature known as W^X (for "write [[xor]] execute", meaning that, for a given memory page, a program can only write, or execute, ''but not both'') which inhibits alteration of memory pages which harbor executable code. Programs which depend upon rewriting their own machine code cannot execute in such an environment.
| |||