frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Writing a Self-Mutating x86_64 C Program (2013)

https://ephemeral.cx/2013/12/writing-a-self-mutating-x86_64-c-program/
118•kepler471•1y ago

Comments

belter•1y ago
I guess in OpenBSD because of W ^ X this would not work?
akdas•1y ago
I was thinking the same thing. Usually, you'd want to write the new code to a page that you mark as read and write, then switch that page to read and execute. This becomes tricky if the code that's doing the modifying is in the same page as the code being modified.
timewizard•1y ago
The way it's coded it wouldn't; however, you can map the same shared memory twice. Once with R|W and a second time with R|X. Then you can write into one region and execute out of it's mirrored mapping.
rkeene2•1y ago
In Linux it also needs mprotect() to change the permissions on the page so it can write it. The OpenBSD man page[0] indicate that it supports this as well, though notes that not all implementations are guaranteed to allow it, but my guess is it would generally work.

[0] https://man.openbsd.org/mprotect.2

Retr0id•1y ago
It's not required on linux, if the ELF headers are set up such that the page is mapped rwx to begin with. (but rwx mappings are generally frowned upon from a security perspective)
mananaysiempre•1y ago
Not as is, but I think OpenBSD permits you to map the same memory twice, once as W and once as X (which would be a reasonable hoop to jump through for JITs etc., except there’s no portable way to do it). ARM64 MacOS doesn’t even permit that, and you need to use OS-specific incantations[1] that essentially prohibit two JITs coexisting in the same process.

[1] https://developer.apple.com/documentation/apple-silicon/port...

saagarjha•1y ago
No, the protection is per-thread. You can run the JITs in different threads
alcover•1y ago
I often think this could maybe allow fantastic runtime optimisations. I realise this would be hardly debuggable but still..
Retr0id•1y ago
It already does, in the form of JIT compilation.
alcover•1y ago
OK but I meant in already native code, like in a C program - no bytecode.
Retr0id•1y ago
I mean that, too.
connicpu•1y ago
LuaJIT has a wonderful dynamic code generation system in the form of the DynASM[1] library. You can use it separately from LuaJIT for dynamic runtime code generation to create machine code optimized for a particular problem.

[1]: https://luajit.org/dynasm.html

lmm•1y ago
If you are generating or modifying code at runtime then how is that different from bytecode? Standardised bytecodes and JITs are just an organised way of doing the same thing.
oxcabe•1y ago
It's impressive how well laid out the content in this article is. The spacing, tables, and code segments all look pristine to me, which is especially helpful given how dense and technical the content is.
AStonesThrow•1y ago
It was designed by Elves on Christmas Island where Dwarves run the servers and Hobbits operate the power plant
f1shy•1y ago
I have the suspicion that there is a high correlation between how organized the content is, and how organized and clear the mind of the writer is.
ivanjermakov•1y ago
I had a great experience writing self modified programs is a single instruction programming game SIC-1: https://store.steampowered.com/app/2124440/SIC1/
ycombinatrix•1y ago
Cool recommendation, will give it a try.
Someone•1y ago
Fun article, but the resulting code is extremely brittle:

- assumes x86_64

- makes the invalid assumption that functions get compiled into a contiguous range of bytes (I’m not aware of any compiler that violates that, but especially with profile-guided optimization or compilers that try to minimize program size, that may not be true, and there is nothing in the standard that guarantees it)

- assumes (as the article acknowledges) that “to determine the length of foo(), we added an empty function, bar(), that immediately follows foo(). By subtracting the address of bar() from foo() we can determine the length in bytes of foo().”. Even simple “all functions align at cache lines” slightly violates that, and I can see a compiler or a linker move the otherwise unused bar away from foo for various reasons.

- makes assumptions about the OS it is running on.

- makes assumptions about the instructions that its source code gets compiled into. For example, in the original example, a sufficiently smart compiler could compile

  void foo(void) {
    int i=0;
    i++;
    printf("i: %d\n", i);
  }
as

  void foo(void) {
    printf("1\n");
  }
or maybe even

  void foo(void) {
    puts("1");
  }
Changing compiler flags can already break this program.

Also, why does this example work without flushing the instruction cache after modifying the code?

nekitamo•1y ago
For the mainstream OSes (Windows, OSX, Linux Android) You don't need to flush the instruction cache on most x86 CPUs after modifying the code segment dynamically, but you do on ARM and MIPS.

This has burned me before while writing a binary packer for Android.

saagarjha•1y ago
They check all those assumptions by disassembling the code.
Cloudef•1y ago
xixixao•1y ago
I’ve been thinking a lot about this topic lately, even studying how executables look on arm macOS. My motivation was exploring truly fast incremental compilation for native code.

The only way to do this now on macOS is remapping whole pages as JIT. This makes it quite a challenge but still it might work…

Cloudef•1y ago
Kaze Emanuar's "Optimizing with Bad Code" video also goes briefly go through self-modifying code https://www.youtube.com/watch?v=4LiP39gJuqE
pfdietz•1y ago
A program that can generate, compile, and execute new code is nothing special in the Common Lisp world. One can build lambda expressions, invoke the compile function on them, and call the resulting compiled functions. One can even assign these functions to the symbol-function slot of symbols, allowing them to be called from pre-existing code that had been making calls to that function named by that symbol.
BenjiWiebe•1y ago
I know that no other language can match Lisp, but many languages can generate and execute new code, if they're interpreted. Compile, too, if they're JITted. They all require quite a bit of runtime support though.
DrZhvago•1y ago
Someone correct me if I am wrong, but self-mutating code is not as uncommon as the author portrays it. I thought the whole idea of hotspot optimization in a compiler is essentially self-mutating code.

Also, I spent a moderately successful internship at Microsoft working on dynamic assemblies. I never got deep enough into that to fully understand when and how customers where actually using it.

https://learn.microsoft.com/en-us/dotnet/fundamentals/reflec...

iamcreasy•1y ago
Is it possible to mutate the text segment by another process? For example, injecting something malicious instead of exec-ing a shell?
vbezhenar•1y ago
I used GNU lightning library once for such optimisation. I think it was ICFPC 2006 task. I had to write an interpreter for virtual machine. Naive approach worked but was slow, so I decided to speed it up a bit using JIT. It wasn't a 100% JIT, I think I just implemented it for loops but it was enough to tremendously speed it up.
userbinator•1y ago
Programs from the 80s-90s are likely to have such tricks. I have done something similar to "hardcode" semi-constants like frame sizes and quantisers in critical loops related to audio and video decompression, and the performance gain is indeed measurable.
alcover•1y ago
> "hardcode" semi-constants

You mean you somehow avoided a load. But what if the constant was already placed in a register ? Also how could you pinpoint the reference to your constant in the machine code ? I'm quite profane about all this.

ronsor•1y ago
> Also how could you pinpoint the reference to your constant in the machine code?

Not OP, but often one uses an easily identifiable dummy pattern like 0xC0DECA57 or 0xDEADBEEF which can be substituted without also messing up the machine code.

mananaysiempre•1y ago
If you’re willing to parse object files (a much easier proposition for ELF than for just about anything else), another option is to have the source code mention the constants as addresses of external symbols, then parse the relocations in the compiled object. Unfortunately, I’ve been unable to figure out a reliable recipe to get a C compiler to emit absolute relocations in position-independent code, even after restricting myself to GCC and Clang for x86 Linux; in some configurations it works and in others you (rather pointlessly) get a PC-relative one followed by an add.
userbinator•1y ago
All the registers were already taken.

You use a label.

econ•1y ago
The 80's:

Say you set a value for some reason. Later you have to check IF it is set. If the condition needs to be checked many times you replace it with the code (rather than set a value to check some place). If you need to check if something is still true repeatedly you replace the condition check with no-ops when it isn't true.

Also funny are insanely large loop unrolls with hard coded valued. You could make a kind of rainbow table of those.

barchar•1y ago
It sometimes can, but you then have to balance the time spent optimizing against the time spent actually doing whatever you were optimizing.

Also on modern chips you must wait quite a number of cycles before executing modified code or endure a catastrophic performance hit. This is ok for loops and stuff, but makes a lot of the really clever stuff pointless.

The debuggers software breakpoints _are_ self-modifying code :)

112233•1y ago
Linux kernel had the same idea, and now they have "static keys". It's both impressive and terrifying.
> self-modifying code > brittle

I mean that is to be very much expected, unless someone comes up with a programming language that fully embraces the concept.

znpy•1y ago
The author clearly explained that the whole article is more a demonstration for illustrative purposes than anything else.

> Changing compiler flags can already break this program.

That's not the point of the article.

Kimi K3 is now live

https://www.kimi.com/en
679•vincent_s•5h ago•377 comments

Microsoft Comic Chat is now open source

https://opensource.microsoft.com/blog/2026/07/16/microsoft-comic-chat-is-now-open-source/
322•jervant•4h ago•77 comments

Decoy Font

https://www.mixfont.com/experiments/decoy-font
197•ray__•3h ago•68 comments

NotebookLM is now Gemini Notebook

https://blog.google/innovation-and-ai/products/gemini-notebook/notebooklm-gemini-notebook/
130•xnx•4h ago•80 comments

OnePlus halts operations in USA and Europe

https://community.oneplus.com/thread/2170715118587871237
468•pilililo2•10h ago•264 comments

Detecting LLM-Generated Texts with “Classical” Machine Learning

https://blog.lyc8503.net/en/post/llm-classifier/
98•uneven9434•3h ago•71 comments

Immersive Linear Algebra Book with Interactive Figures (2015)

https://immersivemath.com/ila/
93•srean•4h ago•14 comments

The lost joy of music piracy

https://www.pigeonsandplanes.com/read/music-piracy-what-cd-oink-nine-inch-nails-streaming
736•mcgin•15h ago•486 comments

How Our Rust-to-Zig Rewrite Is Going

https://rtfeldman.com/rust-to-zig
306•jorangreef•8h ago•168 comments

Goes-19 weather satellite enters Safe Hold mode

https://www.spaceweather.gov/news/goes-19-safe-hold
127•yabones•6h ago•63 comments

How to Train a Gen AI Kick Drum Model on Your Old Linux Desktop with 6GB VRAM

https://www.zhinit.dev/blog/training-a-kick-drum-diffusion-model
65•zhinit•5h ago•40 comments

Adaptional (YC S25) Is Hiring

https://www.ycombinator.com/companies/adaptional/jobs
1•acesohc•3h ago

Show HN: Leaves – A text-UI disk usage treemap visualizer

https://github.com/patonw/leaves
44•patonw•4h ago•12 comments

Optimizing Lua string literals to save 400 bytes

https://purplesyringa.moe/blog/guest/optimizing-lua-string-literals-to-save-400-bytes/
13•ibobev•3d ago•1 comments

Guide to data tools landscape for developers

https://sinja.io/blog/data-landscape-guide-for-developers
84•OlegWock•5h ago•24 comments

Sony deletes more movies from the accounts of people who ‘bought’ them

https://www.techdirt.com/2026/07/15/sony-deletes-a-bunch-more-movies-from-the-accounts-of-people-...
484•nekusar•8h ago•294 comments

Launch HN: Traceforce (YC S26) – Company-wide security monitoring for AI apps

15•XiaHua•3h ago•8 comments

Schema Harness Achieves ~99% on Arc‑AGI‑3 Public

https://schema-harness.github.io/
54•jasondavies•4h ago•24 comments

Ente – Opening Our Books

https://ente.com/open/
198•Sherex•9h ago•71 comments

Let's Build PlanetScale from Scratch: Infrastructure

https://onatm.dev/2026/07/16/homescale-part-1/
122•onatm•8h ago•18 comments

Human Canaries: Remembering the Munitionettes

https://www.historytoday.com/archive/great-debates/human-canaries-remembering-munitionettes
17•Thevet•2d ago•0 comments

German AI consortium releases Soofi S, an open 30B model that tops benchmarks

https://the-decoder.com/german-ai-consortium-releases-soofi-s-an-open-30b-model-that-tops-benchma...
68•amai•2h ago•10 comments

Cottage Computer Programming (1984)

https://www.atariarchives.org/deli/cottage_computer_programming.php
24•lioeters•4d ago•5 comments

Agent-talk: Enabling coding agents to work together

https://github.com/xhluca/agent-talk
25•xhluca•4h ago•10 comments

56,000 lines of DOOM, in a language I made up

https://betlang.dev/about/
29•ghuntley•3h ago•19 comments

GC shape stenciling in Go generics

https://rednafi.com/go/gc-shape-stenciling/
37•ingve•4d ago•9 comments

AttoChess, a complete, playable chess program for 16-bit x86 DOS in 278 bytes

https://nicholas-afk.github.io/AttoChess/
8•SeenNotHeard•1h ago•1 comments

1,300 Beautiful Wildlife Illustrations from the 19th Century Now Restored

https://www.openculture.com/2026/07/explore-1300-beautiful-wildlife-illustrations-from-the-19th-c...
230•gslin•17h ago•45 comments

CD Sales Growth Outpaced Vinyl in the First Half of 2026

https://consequence.net/2026/07/the-cd-revival-is-getting-hard-to-ignore/
9•speckx•2h ago•4 comments

Teardown: A Generic 7-Port USB 3.0 Hub That Wasn't

https://goughlui.com/2026/07/09/teardown-a-generic-7-port-usb-3-0-hub-that-wasnt/
193•speckx•4d ago•89 comments