Instrumenting self-modifying code
نویسندگان
چکیده
Adding small code snippets at key points to existing code fragments is called instrumentation. It is an established technique to debug certain otherwise hard to solve faults, such as memory management issues and data races. Dynamic instrumentation can already be used to analyse code which is loaded or even generated at run time. With the advent of environments such as the Java Virtual Machine with optimizing Just-In-Time compilers, a new obstacle arises: self-modifying code. In order to instrument this kind of code correctly, one must be able to detect modifications and adapt the instrumentation code accordingly, preferably without incurring a high penalty speedwise. In this paper we propose an innovative technique that uses the hardware page protection mechanism of modern processors to detect such modifications. We also show how an instrumentor can adapt the instrumented version depending on the kind of modificiations as well as an experimental evaluation of said techniques.
منابع مشابه
On the use of Threads in Mobile Object Systems
We have developed a portable mechanism for transparent thread migration in Java. This thread migration mechanism is implemented by instrumenting the original application code through a bytecode transformer without modifying the Java Virtual Machine. In this paper we examine how this thread state capturing mechanism can be extended such that JVM thread semantics can be maintained in mobile objec...
متن کاملHarnessing Self-modifying Code for Resilient Software
In this paper we argue that self-modifying code can become a better strategy for realizing long-lived autonomous software systems than static code, regardless how well it was validated and tested. We base our discussion on three facets – self-repairing software, adaptive software and networked systems – for which we point out ongoing and related work before presenting a roadmap towards a contro...
متن کاملA Model for Self-Modifying Code
Self-modifying code is notoriously hard to understand and therefore very well suited to hide program internals. In this paper we introduce a program representation for this type of code: the state-enhanced control flow graph. It is shown how this program representation can be constructed, how it can be linearized into a binary program, and how it can be used to generate, analyze and transform s...
متن کاملThe State-Enhanced Control Flow Graph
In the omnipresent model of the stored-program computer, both the instructions and data are held in a single storage structure. Therefore, instructions can be read and written as if they were data. In practice however, instructions rarely change during the execution of the program. As a result, it is often assumed that the instructions are constant. Therefore, many tools and analyses fail in th...
متن کاملA taxonomy of self-modifying code for obfuscation
Self-modifying code is frequently used as an additional layer of complexity when obfuscating code. Although it does not provide a provable level of obfuscation, it is generally assumed to make attacks more expensive. This paper attempts to quantify the cost of attacking self-modified code by defining a taxonomy for it and systematically categorising an adversary’s capabilities. A number of publ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره cs.SE/0309029 شماره
صفحات -
تاریخ انتشار 2003