Mutating Code? (ASM w/ C++)

[RobotGymnast]

I tried to write a very simple mutating program the other day, but it keeps failing. Because my program uses addresses that are hardcoded in (I know, bad practice), you compiling the code would likely result in runtime errors anyway.

Therefore, my question is: does anybody have an example of an extremely simple self-modifying ASM program? I'd also like to know if there's a way that doesn't involve hardcoded addresses.

My program was basically:

Code:

unsigned int testvar = 0;
__asm
{
write code that made testvar=0xFFFFFFFF;
execute code;
}
cout << testvar << endl;

I keep getting "read error of memory [0xFFFFFFFF]" when I try writing to the code segment (this is in OllyDBG)

[WingedPanther]

If your goal is to do this in C++, you may want to check out Boost Lambda. You could also try having a scripting language interpreter.

I haven't played with self-modifying code, however.

[RobotGymnast]

My goal isn't to write self-modifying C++ code. Any code that modifies itself and runs will be in ASM. However, surrounding code might be in C++.

[dargueta]

You can get the current address and then use offsets to write code into a buffer, then jump to the buffer.

Code:

call    next
next:
pop    eax
;address now in EAX. for 64-bit code, pop RAX.

[RobotGymnast]

Yes, that gives me my current address. But now, how do I write anything? Writing to the code segment results in a read error of address 0xFFFFFFFF

[dargueta]

Then try writing to a data segment. Try using malloc or something. Operating systems typically block this sort of behavior for security reasons, by the way.

[RobotGymnast]

yeah, writing to the data segment worked fine. Then how do programs create and use code caves?

[dargueta]

Um...no idea.