Self-transfer is a rare property of some computer programs that allows them to change their memory locations during execution. This gives them more control over the process, but can also be dangerous if used maliciously.
Self-transfer is a property possessed by a very small number of computer programs. These programs can alter their memory locations during execution. Most programs have little or no control over their core programming; instead that it is managed by higher-order programs. These systems can change their location by shifting their programming or by making a copy of themselves. When a copy is made, the execution location typically changes to the new program and the old code is left inactive.
In most cases, a running computer program is in two areas at the same time. It is found in the computer’s physical memory, such as a hard drive or other storage unit, and in volatile memory. The program is moved to volatile memory at execution time to speed up access times and make it run faster. Its location in both of these locations is usually determined by the computer’s operating system.
The locations of these programs are called addresses. These addresses are used by the system and other programs to quickly find a program when needed. If a program is split into memory, it will run slower than if it were all together; therefore, most systems try to store larger programs on sequential addresses. Again, the choice to do this usually falls to the operating system, and the program has no direct control over it.
When a program uses auto-relocation, it has significantly more control over these processes than typical programs. It has the ability to control the addresses at which it runs. While in use, the program can move its total programming from where it is to another location within the same computer’s memory. Some programs can change only one of the two addresses, while others can change both.
By itself, self-transfer is a rare but unproblematic process. The real danger comes when self-transfer is used in conjunction with malicious intent. It is possible for a program to do a large number of unexpected things when it has control over itself. It can create numerous physical or volatile copies to clog a computer’s memory. This can cause a reboot and can be a precursor to a boot attack.
Also, the program can make backups of itself to prevent its removal. If an auto-relocated program were to be executed and then copied, the original program would still exist even when not being used. If the program is malicious and the system tries to remove it, the active program can simply reactivate the original code before it is removed.
Protect your devices with Threat Protection by NordVPN
