> > Sure, you could generate a list of instructions and the addresses they appear at at > > run-time, which is basically how Graham's method works but you've got to make sure > > that you execute all possible code. > > > So, we arrived to the point where we can realize the ONLY problem is actually how to > get this thing to traverse all possible code, and what we are talking about here > really is DRC that instead of caching the code in memory outputs it to a file, and > what would we normally call "runtime" is simply just a process of static > recompilation taking some time. > > How does that sound, makes sense?
I don't know if Graham's method can handle self-modifying code, or code that is overwritten with new code. Remember, a single RAM location will contain different code at different times. Even if you "detect" all the possibilities, how would you distinguish between them if all you track is the address and opcode that appears there?