4

some programs generates the executable code at run-time. i.e computer virus, packed binary. this makes static analysis very difficult.

aside from packing algorithms, is there any general algorithm for self-modifying code generation? or compiler support? where can I get related documentation or paper? and what is the difference between self-modifying code and polymorphic code?

I am curious.

thank you in advance.

daehee
  • 5,047
  • 7
  • 44
  • 70
  • Programs are, at some level, just data, so there's no single general algorithm for self-modifying code than there is a single general algorithm operating on sets of integers. –  Jan 29 '13 at 13:32
  • polymorphic code just does different stuff in different instances, kind of an abstraction. self modifyinig code actually does some modfing of its self (obviously), while polymorphic code doesn't necessarily do this – Hurricane Hamilton Jan 29 '13 at 13:35
  • Polymorphic code IMO means code that rewrites itself to perform essentially the same task with different set of instructions. Aside of a virus trying to have no fixed sequence of code to be matched, one could also use the concept for DRM. – Aki Suihkonen Jan 29 '13 at 13:49
  • Self-modifying code doesn't associate mainly with viruses, but 8-bit architectures, where more complex instructions (e.g. indirect jump to subroutine) are most easily emulated by changing an immediate containing the target at run-time. Loops with constant parameters can be speeded up by writing the parameters directly to the instructions. – Aki Suihkonen Jan 29 '13 at 13:56
  • What you are attempting to do? Any code that modifies itself upon execution is a piece of self-modifying code. Polymorphic code and metamorphic code are specific cases of self-modifying code, and mostly used in code obfuscation. In the malicious computer virus industry, polymorphic and metamorphic code are used to make simple pattern-matching detections not a viable option due to the number of different opcode encodings used to realize the same algorithm, possibly with some randomization too. See [Hunting for Metamorphic](http://www.symantec.com/avcenter/reference/hunting.for.metamorphic.pdf). – nrz Jan 29 '13 at 15:33
  • I was wondering if there is any formal method of transforming a binary code into equivalent self-modifying form. I think self-modifying code will be useful to protecting a program from reversing – daehee Feb 01 '13 at 17:14

1 Answers1

1

As delnan already mentioned, any program is just data until the processor attempts to run it.

To practice self-modifying code, perform the following steps:

  • copy notepad.exe to notepad_orig.exe
  • start notepad_orig.exe
  • open notepad.exe in the now opened notepad window
  • type whatever you want
  • save and close

A stupid example perhaps, but there's nothing more happening here. Notepad takes an external data source (you!) to change its code.

If you are looking for algorithms, I suggest you look for a framework that provide automatic updates to an application. It's the only practical example I can think of that's not illegal.

In a response to your comment, you could of course encrypt a portion of your application, and decrypt it before it is used. However for an application to run, it has to exist in memory in its decrypted form, and can be read. You will probably only make your application harder to maintain.

C.Evenhuis
  • 25,996
  • 2
  • 58
  • 72