Self-relocation is property possessed by a very small number of computer programs. These programs can alter their locations in memory while executing. Most programs have little to no control over their own base programming; instead that is handled by higher order programs. These systems can change their location by either moving their programming or by creating a copy of themselves. When a copy is made, the execution location typically changes to the new program and the old code is left dormant.
In most cases, an executing computer program is located in two areas simultaneously. It is located in the computer’s physical storage, like a hard drive or other storage unit, and in the volatile memory. The program is moved into volatile memory at execution in order to speed up access time and make it work faster. Its position in both of these locations is generally determined by the computer’s operating system.
The locations of these programs are called addresses. These addresses are used by the system and other programs to quickly find a program when needed. If a program is broken up in storage, it will operate more slowly than if it is all together; therefore, most systems try to store larger programs over sequential addresses. Once again, the choice to do this typically falls on the operating system and the program has no direct control over it.
When a program uses self-relocation, it has significantly more control over these processes than typical programs. It has the ability to control the addresses at which it executes. While it is in use, the program can move its total programming from the location that it is in to another location within the memory of the same computer. Some programs can only change one of the two addresses, while others can change both.
By itself, self-relocation is an uncommon, but not problematic, process. The true danger comes when self-relocation is used along with malicious intent. It is possible for a program to do a large number of unexpected things when it has control over itself. It can create numerous physical or volatile copies in order to clog a computer’s memory. This can cause a restart and may be a precursor to a boot attack.
In addition, the program can make backups of itself to prevent its removal. If a program with self-relocation were to execute and then copy itself, the original program will still exist even when it isn’t being used. If the program is malicious and the system attempts to remove it, the active program can simply re-enable the original code before it is removed.