Re: change page protection, how to
- From: spamtrap@xxxxxxxxxx
- Date: 27 Jun 2006 03:09:11 -0700
Hi,
I have a very small stub of code (not a virus)
that needs to patch some functions, which reside
on read only pages... by patching I mean
overwrite the begining of the function with a
a 'jmp' to my stub... is there an easy way to
unprotect that page? or do I really have to
call the kernel (windows) to do it?
Thanks, any pointer appreciated
If you are running your code in user mode,
under windows and a page is read only,
then the only way to change that is by
the kernel. If it refuses to do so, then it's
not possible to circumwent it from user mode.
The idea behind hardware protection is to
protect the whole system (inclusive all running
programs) from user mode programs that
want to change something.
Viktor
ps:
Overwriting a function is not a nice way to
patch an application. There are standard
hooks and call tables. For patching dlls,
you can use a wrapper dll linking back
to the original.
.
- References:
- change page protection, how to
- From: spamtrap
- change page protection, how to
- Prev by Date: Re: change page protection, how to
- Next by Date: simple program for freebsd
- Previous by thread: Re: change page protection, how to
- Next by thread: simple program for freebsd
- Index(es):
Relevant Pages
|
