Well, what if we want to protect a web server, like IIS? Like most modern applications, IIS is assembled at runtime. Furthermore, the builders of the server itself don't know all of the third-party components that will be loaded when the server is deployed at a particular site. So the compiler has access to only a fraction of the executed code.

Even if we move to the linker or the loader, although we will see more of the components being assembled, we won't see everything, like dynamically generated code. Additionally, we'll have a hard time seeing inside code modules: we have code discovery problems and issues resolving indirect branch destinations.