Ok, I've been exploring AI ideas, and I came up with this excellent idea that the AI would write it's own code. Now you're thinking, sure kenny, like that will ever happen... Well, what I want to know is there is a .code section in the PE. This section can be readable, writeable, and execuable. If I were to make an array 256KB in size for the AI to write it's own code, I could potentially just jump to the beginning of that segment and the code will execute right?
Posted on 2001-08-31 23:06:35 by Kenny
Where are you jumping from? :)
Posted on 2001-08-31 23:14:26 by bitRAKE
inside the code segment

so my pe looks like this:

segment '.code' readable writeable execuable

myairoutine: times 30000h db 09h ;09h is nop right?

Then later on I just set esi to point to myaicode, and then start writing dwords into it. Then I can just call myaicode... right?
Posted on 2001-08-31 23:18:31 by Kenny
Nop is 090h, Kenny (MY Kenny??? If yes, what a pity...).

I suppose that you want this to custoimize one routine
under requirement. In this case, the best tech is to write
the longuer one as true code and to overwrite it only if

Posted on 2001-09-01 06:21:52 by Betov
Kenny, basically, i do not know any good reason to write in code. If
you want it for runing different routines depending on what Processor,
for example, it is much simpler to do this:

> MMXroutine:
> ; Do this
> ; Do that
> ret
> NonMMXroutine:
> ; Do this
> ; Do that
> ret
> call CheckTheProcessor
> If eax = '386'
> mov D?MMXorNonMMXroutine NonMMXroutine
> Else_If eax = 'P6'
> mov D?MMXorNonMMXroutine MMXroutine
> ...
> End_If
> ...
> ...
>; call whatever:
> call D?MMXorNonMMXroutine

If you are non planing about this, i would just be curious...
(No idea of what is 'Al Idea').

Posted on 2001-09-01 07:26:14 by Betov
Let?s see...

Self-modifying assembler code... generated by an AI engine rather than a switch statement. Sort of an on-the-fly-assembler for a routine in an asm skell proggie... could be cool but it could be a big fat bear. Are you going to limit the instruction set? You could accidentally set a jmp to outerspace or mov causing a page fault or something. You probably thought about that.


Personal experience on self-modifying asm code has been that keeping the amount of possibilities small helps keep the code "debugable".

Personal experience on code generators (both production utilities & genetic programs... OK all HLL) is that using an "intermediate token set" lets you have more manageability; but of course it will slow thing down a bit.

Hey, I'm **NOT** saying "don't do it", I'm just saying "beware there be dragons."
Posted on 2001-09-01 09:12:44 by rafe
betov: Yeah, it's me. I just now am finally wrapping up another quarter of school, so I have started my programming frenzy again :)

The reason why I want dynamic code, is because I don't want to have a million compares and jumps to do something simple. I want to just have the AI write the code then be able to execute it, and it will only rewrite it when the AI feels the code isn't working anymore. This will take an AI routine that could use up 20% of the processor down to 2% normally and 25% when the AI feels the code doesn't work.

Oh, if you didn't realize what I'm trying to do, here's what: AI stands for "Artificial Inteligence." What I want it to do in my game is to "learn."

rafe: I'm aware of those pitfalls, and I know it will be literally impossible to debug, and the only way to do it would be to dump the memory, and then decompile it later.

It's going to be complex, and it's going to be a pain in the butt to code, but I'm looking at it as a learning experience :)
Posted on 2001-09-01 12:29:42 by Kenny
You should look up the source code for QED (old school editor created at Bell Labs). It has RegEx that causes code to be generated on the fly.
Posted on 2001-09-02 03:34:58 by eet_1024
kenny, there's a few ways to can go to achieve this (the simple
process of writing/executing, the AI sounds like a hard nut ;)).
Win32 is a flat 32bit OS. Thus, at the page level, the only thing you
can differentiate between is read/write or read-only (well, basically.)
There's no execute/dont-execute. So you can put your code anywhere
you want. On the stack (used very often when hacking), in the data
section, on the heap (useful for key-optimized en/decryption), or
in the code section. The code section is normally :) read-only, though.

For 100% "generated" code, I would use the data section or the heap.
It's simpler. For code-section modifications, there's a few ways to
go about it. Either you mark the entire code section read/write at
link time. This is good if you need to make lots of modifications and
very often
(fancy code protection, like the running line encryption, just-in-time
decryption, etc). But this makes it harder to catch stray pointer
errors etc. If you need a few modifications here and there, it's
best to virtualprotect / modify / virtualprotect - so your code section
is read-only most of the time.

Alternatively, you could create another code section of your own,
for "modifyable code", and have it read/write/execute (the "execute"
flag doesn't really matter under windows, but better set it anyway.)
Windows doesn't really care what your sections are called or
what order they come in, you could call your code section "fluff"
and your data section "cream", and windows would execute your
image happily.
Posted on 2001-09-02 09:50:46 by f0dder
There's a file you can download from Iczelion that tells you pretty much everything there is to know about PE files. The link is at the bottom of this page:


Posted on 2001-09-02 20:43:20 by S/390