|
From: Nicholas N. <nj...@cs...> - 2006-10-14 23:10:30
|
On Sat, 14 Oct 2006, James Courtier-Dutton wrote: > Are there any tool available to tell me if a particular executable or > lib can contain self modifying code. I.e. Executes instructions in a > page that does not have Read/Execute set, but instead has > Read/Write/Execute set. > > I understand that valgrind can work with self modifying code so that is > why I ask here. It's possible to have code executed from a RWX page that is not self-modifying. > I want to try to scan an entire system and highlight all executables and > libs that might have self modifying code in them. > > Obviously, things like java jit might have self modifying code, but I > want to detect all such programs. I think you're confusing self-modifying code with dynamically generated code. There are no existing tools to do this, but it would be straightforward to modify Valgrind's core to detect this. But it sounds like you want something that can detect this statically, which Valgrind cannot do. Nick |