Self Modifying Program

[Darrel]

Michael,

Thanks for clarifying my understanding of how a program functions. I'm always learning.

I can’t really see any good reason to change the application icon while the program is running, but if you must do so, instead of resorting to malware techniques, why not try to use the methods that Microsoft provided?

Let me reiterate: I have a program that calculates the phase of the moon for any given time past, present, or future accurate to within five minutes of the actual phase. Is it not logical to have as the application icon the present phase of the moon updated every couple hours and the most logical way would be to have the application update its' icon itself ? This may not be a good reason to someone who has no interest in astronomy.

I am unfamiliar with malware techniques and have no interest in them.

I will probably just write a seperate program to run at certain intervals and update the application icon of concern.

[Synfire]

I can't really see any good reason to change the application icon while the program is running, but if you must do so, instead of resorting to malware techniques, why not try to use the methods that Microsoft provided?

It's not technically a malware technique. Polymorphic code has many legitimate uses (such as in copyright protection of executables) but the fact is almost any information regarding Polymorphic code is usually in relation to malware as that is where it's used more often than not.

[Mark Jones]

I will probably just write a seperate program to run at certain intervals and update the application icon of concern.

That may be a possibility, if you do that be sure to make the "watcher" app as small as possible so it doesn't use much RAM. You could use the free tool MemProof to see if there are any memory leaks in the watcher thread. Or alernatively, make a "scheduled task" and stick it into the Control Panel\Scheduled Tasks. Might be different on all versions of windows (not sure if 9x even had "scheduled tasks") but all will act differently. Have fun. :)

[xbox7887]

Not sure if this will help or not but it's what I use when writing to read-only addresses.  The method is somewhat inefficient since you'll need to manually poke in the data or opcodes needed but it gets the job done :)

Code Select Expand

pushad
mov     eax, cr0
push    eax
and     eax, 0FFFEFFFFh
mov     cr0, eax

;/////PUT PATCH CODE HERE/////

pop     eax
mov     cr0, eax
popad


[Darrel]

Ok, I've wrote a program which updates the application icon to the correct phase, but this change is not reflected on the desktop link.

[PBrennick]

Really?

[Ar-ras]

F5?

[Darrel]

F5 doesn't work. I'm looking to update it in code. It displays the icon which is present at log on and does not refresh with the new icon.

[P1]

F5 doesn't work. I'm looking to update it in code. It displays the icon which is present at log on and does not refresh with the new icon.

This is why you make a link file for the desktop and re-write it to the correct icon.

Regards,  P1  :8)

[Darrel]

Thanks,

Everything is working now.

Darrel

[evlncrn8]

Not sure if this will help or not but it's what I use when writing to read-only addresses.  The method is somewhat inefficient since you'll need to manually poke in the data or opcodes needed but it gets the job done :)

Code Select Expand

pushad
mov     eax, cr0
push    eax
and     eax, 0FFFEFFFFh
mov     cr0, eax

;/////PUT PATCH CODE HERE/////

pop     eax
mov     cr0, eax
popad


erm correct me if im wrong, but thats ring 0 code, and its been known for a while...
and it wont work in ring 3, it causes an exception.....