When a program is activated on your computer it goes through many different stages. The stages that it goes through are diverse and very interesting. While the casual user of the computer will never have to know about these stages, if you are a person who is in the reverse engineering world then it pays for you to know about them. If you do not then you will not be as effective as you could be in your job. And not only should you know the stages, you should also realize the stages of an executable in the many different type of systems that are available.
The first stage that a program goes through is living on the hard drive. If you are on a cloud system then that hard drive is in some remote place that you do not know about. All that you know is that you are offered access to that server through the use of the internet. While a lot of people are on the cloud now, most people still use the computer in a traditional way and they have the program stored on their local hard drive. While the hard drive is the slowest part of this process, it lives there because the hard drive offers more space than any other part of the system.
When the program is activated for you to use, it goes from living on the hard drive to now going in the memory of your computer. You might know the memory by its other name RAM. The RAM on your computer is the second most important part of your system followed only by the CPU. Without it you do not have a system that works at all. The RAM is divided into what is known as virtual memory. We will not get into the particulars of how virtual memory works but it does and sets the data and instructions to go to the next stage and that is the L caches.
Some computers have one, some systems have two, and others have 3 L caches. This is where data that is going to be executed by the next step resides. It is a small amount of storage but it is very quick. This next stage that we are talking about is the CPU. The CPU is what makes the computer come alive and allows you to be able to see all your actions come alive on the screen.
In this article it is the second stage that we are most concerned about. In the second stage of the executable process is where most black hat hackers target their attack. When you are trying to twist the outcome of the computing process the best place to start is the memory. This is because the data is just sitting there waiting to be used. When it is it’s turned to be use, it is pointed to by an instruction pointer. Black hat hackers have found many ways where they are able to get that instruction pointer to point at any place in the memory. If you are one of the bad guys, your goal is to get one of your programs loaded into memory and change one of the other programs on the system to point to it.
This is where the ability to reconstruct the program comes into place. The most talented black hat hackers are able to hook into a safe program, change one of the functions in that program, and get the return to go anywhere they want to. This is what causes all of the problems.
A hacker being able to change the program while it is in memory is dangerous but sometimes unavoidable.