Byte code of 'jmp' loaders is always resident somewhere. It is stored in executable memory and a high speed bus is used to transfer bytes from the memory to the processor (DMA, direct memory access). This is the most basic way of transferring a program from one place to another and is used by the OS, BIOS, disk and other devices.
In order to protect against piracy pirate developers therefore made their programs to remove 'illegal' code like jmp instructions in favor of some kind of jump. But we can find these instructions by ourselves.
Many shareware, demo/trial and crack programs use the jmp jumps to execute code from the beginning of a program to the end when OS or installer terminate the program.Jumps from the end are used by cracker to use only free space in the game to save the crack. The cracker then re-creates the noggin.
A more advanced way of anti-cracking is to remove all jmp instructions from the program. A program is called static (stuck), if containing no instructions can not be launched by OS itself (jmp its self or self execute code). Then only the'self' instruction should be executed.
- Jump to bootstrap (BSX = Byte Shifted eXecute) - The jmp instruction is copied to an offset address where it is executed. This offset is a number from 0 to (address - 747) indicating the offset of the jmp & the code instruction. d2c66b5586