"What if you ran a program then deleted it, and decided you wanted it back?"

Since windows is in control, and it has a certain way of doing things, it won't let files be deleted unless the program is first terminated. So 1: you can't delete a running program - 2: if you did delete a program - then it's not running in memory. If you try to delete the program by executing low-level instructions meant straight for the harddrive - then you run the risk of crashing windows - or at least that program.

"Oh, and you say it HAS been done. Can you tell me how you know?"

I have discussed this topic with a very knowledgeable person and he told me it has been done. He said the BackOrifice 2000 code does this. This code is freely available on the internet. I have a copy if you can't find it.

"For a program to rest control away from windows and to run completely on its own and only FROM memory... I just don't see the point."

I did not mean that remark at face value. I don't see the point of doing all that just to be able to run from memory. It's overkill - and not worth it.

"So, you can't make that utility cause it would have no purpose."

Shall I make an example? Let's say you made a utility who's purpose is to erase a picture of an egg that some virus loves to draw to screen. Even though this virus can never be removed from the computer - unless you reformat - you can still lose no data if you run your utility that makes sure the egg is never drawn to screen. You make this utility very very smart, in how it analyzes the screen picture and filters for all egg pictures - AND hooks into various graphics API to look for telltale signs of a egg about to be drawn - and block it. Pretty powerful program no? Well, guess what. Nobody wants it. It has no purpose. There is no such thing as a program which draws eggs to the screen and cannot be removed except by reformatting. Good job son, here's a cookie.

This fits right into your theoretical utility that debugs another process looking for something that has never been done - cause nobody would want to do it anyway - cause it gains you nothing - and much better and easier and more possible and proven workable methods exist out there. And don't give me crap about - "what if it DOES happen?" - cause you cannot possibly predict all the methods a program may save itself into memory - all the techniques and formats this data may be represented in memory. Only AFTER it has been done may you make a utility which handles whatever technique they employed. THEN it will be useful - so THAT is why I don't want to know if you even can. The argument has no purpose and gains nothing.

Can I express myself any more clearly?
_________________________
Domain Registration, Hosting, Management
http://www.dollardns.net