Learn how to a build a cloud-first strategyRegister Now


Self-modifying code in Win32

Posted on 1997-05-29
Medium Priority
Last Modified: 2013-12-03
In Win16, one used PrestoChangoSelector() to convert a DS segment into a CS segment and then run code that's constructed at runtime.  This was done by loader applications that: 1) allocated memory, 2) loaded a binary image into the memory, and 3) executed the contents of the memory.  How does one do something like this from a Win32 program.I'm trying to do the following.  I have an application which has a scripting subsystem.  I want to add the functionality of Visual Basic's "AddressOf" operator -- basically on-the-floy Callback's.  AddressOf is a function returns a "void*" to a newly defined callback.  I basically need to be able to create a "Thunk" the way MakeProcInstance worked in Win16.Anyone have a clue on how to do this from a straight Win32program?
Question by:Shrif
  • 2

Expert Comment

ID: 1397713
Have you tried using a function referance to a memoty area that was new'd (malloc'ed) and in which you have constructed/loaded the binary code?

The pointer referance could be defined as a Callback function pointer to this memory area.

Accepted Solution

byang earned 40 total points
ID: 1397714
Here's a way:
1. use VirtualAlloc to allocate memory
2. load your code image into this memory
3. patch your code
4. use VirtualProtect to change memory to executable
5. call FlushInstructionCache(). I think this step is optional
6. run your code

Sadly, Win95 doesn't support writable-and-runnable memory block at the same time. This means your code cannot modify
itself when it's running. You must exit from it, call VirtualProtect(), then repeat step 3-6.


Author Comment

ID: 1397715
byang, if what you say works, then I will accept the answer.However, before I give you the A grade, could you explain something to me that you said in your answer that I do not understand.  "Sadly, Win95 doesn't support writable-and-runnable memory block at the same time. This means your code cannot modify
itself when it's running. You must exit from it, call VirtualProtect(), then repeat step 3-6.
"What do you mean by I must exit from "it".  What is "it"?  Exit Windows 95?  Exit my application?Can you give me the steps that I should do in Windows 95?  

Expert Comment

ID: 1397716
By "it" I mean the block of code you want to modify. It cannot modify itself in Win95. In DOS, you can do something like this:

label0: mov ax,1234h ;will be self-modified here
           ;... more code
           mov word ptr cs:[label0+1],bx ;self-modify
           loop label0

This is not possible (at least not easily possible) in Win95. To do it, the cs segment must be readable, writable, and executable. Win95 does not support all three attribute at the same time. So the code above would cause an access violation.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article surveys and compares options for encoding and decoding base64 data.  It includes source code in C++ as well as examples of how to use standard Windows API functions for these tasks. We'll look at the algorithms — how encoding and decodi…
With most software applications trying to cater to multiple user needs nowadays, the focus is to make them as configurable as possible. For e.g., when creating Silverlight applications which will connect to WCF services, the service end point usuall…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question