VirtualProtect

Closed.

VirtualProtect changes the access permissions to a memory region. While some areas are writeable without any change (e.g. data-structures), some are forbidden to write (executeable code!).
In case you want to change something in such region, you need to change the access permissions by using VirtualProtect, or the write access will fail on an access violation.
You can also allocate memory and define it as executable. I've seen autoit malware doing this for hiding problematic code. In other native languages, this is a common technique in runtime packers for unpacking the binary payload.

In general, cheats and gamehacks use PAGE_EXECUTE_READWRITE to simply gain all access rights when they need to change executable code.

See: [Only registered and activated users can see links. Click Here To Register...]

The same goes for OpenProcess. If you know what you want to do, you can choose lesser permissions, but in general, just take any permission you can get and you are good.

The Question was

Quote:

Hi everyone ... Well it may be a stupid question about using virtualprotect First i wanted to know why we use this function ? i searched on google about and found some functions includes virtualprotect but ... the function will also work without virtualprotect Global Const $PAGE_EXECUTE = 0x10 Global Const $PAGE_EXECUTE_READ = 0x20 Global Const $PAGE_EXECUTE_READWRITE = 0x40 Global Const $PAGE_EXECUTE_WRITECOPY = 0x80 Global Const $PAGE_NOACCESS = 0x1 Global Const $PAGE_READONLY = 0x2 Global Const $PAGE_READWRITE = 0x4 Global Const $PAGE_WRITECOPY = 0x8 Global Const $MEM_COMMIT = 0x1000 Global Const $MEM_RESERVE = 0x2000 Global Const $MEM_RESET = 0x80000 Global Const $MEM_DECOMMIT = 0x4000 Global Const $MEM_RELEASE = 0x8000 Also what's 0x10 / 0x40 etc ... Global Const $PROCESS_ALL_ACCESS = 0x1F0FFF Also here in opening the process why we uses 0x1F0FFF ?

#closed then