Analysis on SMC Technology

Let's take a look at the advanced technology in win32asm-SMC (Dangdang ......)!!!

What does SMC mean? Its English name is "Self modifying Code". As the name suggests, it is "self-Modification of code "(?) (Sorry, the younger brother hasn't passed cet6 yet. It can only be translated into this ......)

"Code self-modification "? Wow, it's so advanced! Actually not ......

We know that Win32 applications run in protection mode, and each Win32 application has an independent 4 GB address space, in addition, we have abandoned the 16-Bit Memory mode that divides code into data, code, and other segments. Now they only have one memory mode, namely the flat mode, it means "flat" memory mode-there is no annoying 64 kB segment size limit. In this way, all Win32 applications can run in a continuous, flat, and huge 4 GB space. As a programmer, you do not have to deal with segment registers, can you use any block storage device to address any address space?

However, programming in the Win32 age is more than an order of magnitude easier than that in the Win16 era, but there are still some rules to follow after all. One of the most obvious problems is that you cannot change the code segment while the program is running!

(Response? Didn't I just say that Win32 does not have the concept of a segment? Why is there another "code segment? Don't worry, please let me know ......)

Although there is no "segment" in Win32, you can still divide your program into different "segments". The beginning of a "segment" is the end of the previous "segment. Win32 has only two types of segments: Data and code.

In practice, the segments in Win32 are not the same as those in DOS. Different Segments indicate different segments of registers, because Windows has only one 4 GB segment, in a Windows program, segments are represented by assigning different segments with different attributes when the program is loaded. For example, when your program is loaded, for ring3 programs ,. the code segment cannot be written, while. data segments are writable. If you try to write your own code as in DOS, you will get a "cool" blue screen error.

How is it? Dizzy? If not, let's continue! Pai_^

As mentioned above, the code segment cannot be changed while the program is running. Why does it come with the "SMC" technology? How is it implemented?

In fact, the key lies in the parameter during the link. As long as the code segment attribute is specified to be writable, it will be OK! (Default parameters cannot be written ). That is to say, we should do this when compiling and linking win32asm with SMC:

ML/C/coff % 1.asm Link/subsystem: Windows/section:. Text, RWE % 1.obj

How? Do you understand? /Section :. text, RWE specifies the code segment (. the attribute of text is RWE, meaning: R (readable), w (writeable), E (executeable), that is, "readable and writable and executable ". In this way, our program can rewrite its own code segment on the way to running. How? Is it nice?

The following is a complete win32asm example with SMC technology. It is easy to understand. Remember to use the above method to compile and link it!

; **************************************** ******* Program name: demonstrate the principle of SMC ; Author: Luo Cong ; Date: 2002-10-2 Source: http://laoluoc.yeah.net (laoluo's colorful world) ; Note: If you want to reprint it, please keep the program complete and note: ; Reprinted from "Luo's colorful world" (http://laoluoc.yeah.net) ; **************************************** ******* .386 .Model flat,Stdcall Option Casemap: None Include "masm32" include "windows. inc Include "masm32" include "kernel32.inc Include "masm32" include "user32.inc Includelib "masm32" lib "kernel32.lib Includelib "masm32" lib "user32.lib Showmessage proto Replacement proto .Data Szmsg1 DB "this is the code before SMC is executed! ",0 Szmsg2 DB "SMC already executed! ",0 Szcaption DB "SMC demo by LC, 2002",0 Replace_len dd 0 .Code Main: ; The first time the subroutine showmessage is executed, the SMC operation has not been executed yet Invoke showmessage Lea eax,Replacementend; end of the replacement Lea edX,Replacementstart; indicates the start of replacement. Sub eax,EdX; length of the replacement MoV replace_len,Eax; store the length Key code !!!!!!!!! Lea ESI,Replacementstart; indicates the start of replacement. Lea EDI,Showmessagestart; start of the showmessage label of the original program MoV ECx,Replace_len; the length of the replacement Rep movsb; this is the most critical statement !!! Execute the SMC operation! The second time the subroutine showmessage is executed, the SMC operation has been executed. In other words, the showmessage content is not the content of the first run: Invoke showmessage Invoke exitprocess,0 Showmessage proc Here, ":" is used to make the label global. Showmessagestart :: Invoke MessageBox,Null,ADDR szmsg1,ADDR szcaption,Mb_ OK Showmessageend :: ; Use NOP to reserve space so that subsequent SMC can be successfully executed; Otherwise, an unpredictable error may occur if the space is insufficient: NOP NOP NOP NOP NOP NOP NOP NOP RET Showmessage endp Replacement proc ; The Code to be used for SMC: Replacementstart :: ; Invoke MessageBox, null, ADDR szmsg2, ADDR szcaption, mb_ OK or mb_iconinformation Push mb_ OK or mb_iconinformation Lea eax,Szcaption Push eax Lea eax,Szmsg2 Push eax Push null Lea eax,MessageBox Call eax Replacementend :: RET Replacement endp End main

From: http://www.luocong.com/articles/show_article.asp? Article_id = 18