Is there any real application being self modifying code?

Question

There are few examples on the web demonstrating how to write a self-modifying code. But they're just examples. I would like to know if there is any real application being self modifying code. Thanks!

Like the one defined on the [link](http://en.wikipedia.org/wiki/Self-modifying_code). To my understanding, self-modifying code changes it's original code at run-time. — chenwj, Oct 04 '11 at 01:50

score 2 · Answer 1 · answered Sep 30 '12 at 23:46

2

Am I allowed to reference other architectures? Because, when you're working with weaker systems, like embedded applications, SMC is often used, since there is only a limited amount of RAM available for the programs to run in.

Also, wikipedia has quite a nice list.

answered Sep 30 '12 at 23:46

William Shipley

153
4

Sure. If you can name it that would be greater. :-) – chenwj Oct 01 '12 at 07:21
N64's MIPS architecture. z80 architecture older ARM architectures. The way it worked was that you loaded your program into RAM, so it could run. Then, while your program was running, you would jump to previous sections of the code and write into them. Mostly, this is in cases where you need to load a new piece of code from your nonRAM storage, but there are special use cases. For example, you might have a section of RAM that is streamed to audio every frame, but it's part of your code block, so it's continuously being modified so as to stream new sound. – William Shipley Oct 02 '12 at 22:30
Keep in mind, though, most of those optimizations are for space, rather than speed. Given a 4 GB Ram space, you don't really need to worry about it. most of the systems quoted above have 4 MB of ram or less. The specific z80 implementation I was referring to (TI Calculators) only have 8000 bytes of RAM available to any given running program, so it's important to save space. – William Shipley Oct 02 '12 at 22:38

score 2 · Answer 2 · answered Oct 03 '11 at 10:26

2

The first thing that comes to mind are viruses, trojaners and the likes.

Self-modifying code makes it harder for anti-virus applications to identify your application as malicious.

Another area were self-modifying code is used is genetic programming

There's also a Wikipedia article covering your question.

answered Oct 03 '11 at 10:26

yas4891

4,774
3
34
55

Yes, I saw there is a list. If you know what program being self-modifying code, please tell me. I'll be very appreciate it. :-) – chenwj Oct 04 '11 at 02:00
So you want to know about example *applications* ? – yas4891 Oct 04 '11 at 03:55

score 1 · Answer 3 · answered Oct 22 '18 at 18:26

I know a program that contains a self modifying code (works as a protection scheme), it's role is to decrypt itself if the right password was entered and the decrypted code plays a big role into saving the opened file to disk, this program is called 'WinHEX'.. you can find the SMC code right above the call to virtual protect, and if the right password is entered, the program calls the write process memory api to decrypt the section, and to eventually save the file to disk.

score 1 · Answer 4 · answered Jul 23 '19 at 23:27

The Dynamic Language Runtime (DLR) uses self-modifying code to optimize for the common types of a given call site.

Let's say you're writing a dynamically typed language on top of .NET, and you have source code in your language as follows:

x + y

Now, in a statically typed language, the types of x and y can be determined at compile time -- say x and y are ints, then x + y will use the IL "add" instruction.

But in a dynamically typed language, this resolution could be different every time. Next time, x and y could be strings, in which case the value resolution for this call site would use String.Concat. But resolving which IL to use is liable to be very costly. In fact, if in the first hit of the call site x and y are a pair of ints, it's highly likely that successive hits on this call site will also be with a pair of ints.

So the DLR iterates as follows: The compiled code of the callsite looks like this:

return site.Update(site, x, y);

The first time a given set of types is passed in -- say, a pair of ints, the Update method turns to the language implementation to resolve which method/instruction should be used with a pair of ints and a +. Those rules are then recompiled into the callsite; the resulting compiled code looks something like this:

if (x is int x1 && y is int y1) { return x1 + y1; }
return site.Update(site, x, y);

Successive calls with pairs of ints leave the compiled code unchanged.

If a new type pair is encountered, the code self-rewrites into something like this:

if (x is int x1 && y is int y1) { return x1 + y1; }
if (x is string x2 && y is string y2) { return String.Concat(x2, y2); }
return site.Update(site, x, y);

For more information on how this works, see Jim Hugunin's talk at PDC 2008 on dynamic languages and the DLR design documentation at the DLR project.

score 1 · Answer 5 · answered Oct 03 '11 at 10:34

'Self modifying code' may also refer to bytecode modifications in Java. This is used by many frameworks like Guice, JPA, EJB- and Webcontainers and almost all AOP (Aspect Oriented Programming) frameworks. Basically they modify the bytecode before it is loaded and executed by the JVM. All those frameworks try to add behaviour to the class without the need to code cross-cutting concerns by hand. Transaction control, dependency injection, scope or context injection are the usual suspects.

Thanks for the reply. But I am looking for native binary which is self-modifying code, not like JVM. — chenwj, Oct 04 '11 at 01:57

Is there any real application being self modifying code?

5 Answers5