It is known for an operating system to rewrite an application's program code on-the-fly to improve performance. Mechanisms for rewriting include: rescheduling instructions; planting pre-fetches; and software breakpoints.
Some advanced copy-protection and anti-reverse-engineering mechanisms require a program to inspect and checksum its own binary code prior to execution; any modifications due to instrumentation or performance enhancement would cause these checksums to fail.
A program that allows such a mechanism to update parts of its code on-the-fly might also checksum its code prior to applying the update in order to ensure that the update is being applied to the correct version of the code. Furthermore, a program that uses more than one such mechanism needs to protect itself so that the mechanisms do not interact badly with other code.
Rewriting code in-place can cause functional problems if the program jumps into the middle of what was assumed to be a single indivisible code block. The re-ordering of instructions within that block might provide correct behavior if the block is executed in its entirety, but not if only part of the block is executed.
However, currently rewriting mechanisms do not allow modifications to be performed in a way that makes a rewrite to program code invisible to the program itself or any other program in the program layer.
One solution relates to hiding processor processes from detection from a program that is looking for processor processes. The solution, called Shadow Walker, provides a mechanism using page protection and catching faults, it further modifies a page table that program walks prior to allowing the operation to be performed. It is specific to the X86 processor and does not support systems with multiple processors.
Therefore, there is a need in the art to address the aforementioned problem.