Can someone tell me some pros/contras why/when I should use self-modyfing code?
Posted on 2004-06-12 12:12:16 by flapper
pros:
- compilers don't do it
- can reduce code size
- can speed execution
- obfuscates code


contras:
- can slow execution (dirty cache)
- obfuscates code


There is usually no reason to use SMC, but that doesn't mean it isn't fun to design/debug. :) Only use it to protect your programs from the naive, or if it truely simplifies the program.
Posted on 2004-06-12 12:33:08 by bitRAKE
SMC can certainly be fun to play around with, and that can be reason enough to use it ;) - but for 'release' applications, I wouldn't do it unless it has a purpose. Like bitRAKE said, it can slow down execution, so you should take some care and time stuff...
Posted on 2004-06-12 12:38:23 by f0dder
I wrote a DLL, but I want it not to be 'detected' in RAM, so there can't be a 'fingerprint' or something from it. Which part should I make self-modifying, and modify with what?
Posted on 2004-06-12 13:33:46 by flapper

I wrote a DLL, but I want it not to be 'detected' in RAM, so there can't be a 'fingerprint' or something from it. Which part should I make self-modifying, and modify with what?


just modify the mz/pe header then, a normal scan wont see it as a dll then, however doing do can also mean loadresource etc calls to get resources from the dll will also fail, as for a 'fingerprint' like it or lump it your code will have a fingerprint unless you really really put some work into it
Posted on 2004-06-12 13:39:50 by evlncrn8
You should use polymorphic code, a technique where the loader compiles the code differently each time it is run. Keep in mind there are many ways to accomplish the same thing. The following all do the same:

xor eax,eax
inc ecx
cdq

lea ecx,
and edx,0
mov eax,edx

sub eax,eax
sbb edx,edx
sbb ecx,-1

You might also want to vary the registers used when possible. Then free the loader when you're done, and there you go.
Posted on 2004-06-12 15:28:46 by Sephiroth3
Thanks for the code, but what do you mean with loader?
Posted on 2004-06-12 16:15:38 by flapper

so there can't be a 'fingerprint' or something from it.

... you're not doing anything viral, are you?
Posted on 2004-06-12 16:26:15 by f0dder
nope
Posted on 2004-06-12 16:33:29 by flapper
I think you should start off writing something simple instead :P This sort of thing is for experts who are very experienced.
Posted on 2004-06-12 17:32:44 by Sephiroth3
i had often used self modifying code.. it doesn't slow down preformance though right, if you aren't modifying it much. i never use self modifying code inside inner loops (or even outter ones), but to set it up

i.e i have an unrolled loop.. but different times the procedure is called the loop needs to be called a different amount of times... so basically i self modify the jmp to jump into the unrolled "loop" at the right place..

other cases is a graphics operation that is applied to a whole image, but i modify certian things at the beginning (i.e the amount something is shifted or whatever (the immediate operands of the code), so as to not have to use another register, or read those from memory..
this sort of thing has more advantages than disadvantages right?
Posted on 2004-06-12 18:36:39 by klumsy
Afternoon, flapper.

I suggest you supply us with your reason for wanting to use SMC, else this thread may suddenly dissappear.

Why do you "want it not to be 'detected' in RAM, so there can't be a 'fingerprint' or something from it." ??

Cheers,
Scronty
Posted on 2004-06-12 18:59:09 by Scronty
anotherreason i use self modify code is to combine different effects together and process in one swoop

for instance
lets say there are 10 different effects, that normally if the user wanted to use, they would cahin them together, and basically each effect would run in serial, reading from a memory buffer of the whole image, outputing to another, and so and so 10 times, moving alot of memory around each time

however if you can code in yhe inner loop comparing the different combinations of each other these things , it would make the inner loop slow when you the user wants a simple combination..

with using self modifying code (where you have certian rules, such as the count is never touched, and the ouput from each section of code is in EAX, or MM0 or whatever..
then at the beginning (which is some cases could be before the main program started, or other cases in the render procedure each frame, some code sees the particular combination the user is wanting of effects, and manually combined some code together and runs it.
Posted on 2004-06-12 23:18:09 by klumsy
Klumsy, that may not necessarily be faster... You end up getting really large loops, and a lot of 'register pressure'. Sometimes it is faster to process one part, write back to a buffer (in L1 cache), then process the next part. That way caching, branch prediction, register renaming, out-of-order execution etc work better.
Posted on 2004-06-13 05:39:43 by Scali
another example of my out of touchness with modern processors.
Posted on 2004-06-13 06:08:53 by klumsy

Afternoon, flapper.

I suggest you supply us with your reason for wanting to use SMC, else this thread may suddenly dissappear.

Why do you "want it not to be 'detected' in RAM, so there can't be a 'fingerprint' or something from it." ??

Cheers,
Scronty



I don't want to go into any details, but it is not illegal ;)

So what would I modify?
Posted on 2004-06-13 13:14:11 by flapper
It may not be illegal outright, but it is used in virus-coding techniques... hence why we ask your intent with the learned information since such things ARE ILLEGAL.
Posted on 2004-06-13 15:45:36 by SpooK
Yeah, self-modifying code is one thing and can certainly be useful, but trying to hide from fingerprints - why? I can only think of a _very_ few legitimate reasons for this, and I'd rather have that flapper mentions one of them than mentioning any myself...
Posted on 2004-06-13 16:02:41 by f0dder