VirtualProtect

[HaMaDa..]

Closed.

[florian0]

VirtualProtect changes the access permissions to a memory region. While some areas are writeable without any change (e.g. data-structures), some are forbidden to write (executeable code!).
In case you want to change something in such region, you need to change the access permissions by using VirtualProtect, or the write access will fail on an access violation.
You can also allocate memory and define it as executable. I've seen autoit malware doing this for hiding problematic code. In other native languages, this is a common technique in runtime packers for unpacking the binary payload.

In general, cheats and gamehacks use PAGE_EXECUTE_READWRITE to simply gain all access rights when they need to change executable code.

See:

The same goes for OpenProcess. If you know what you want to do, you can choose lesser permissions, but in general, just take any permission you can get and you are good.

[Devsome]

The Question was

Quote:

Hi everyone ...
Well it may be a stupid question about using virtualprotect
First i wanted to know why we use this function ? i searched on google about and found some functions includes virtualprotect but ... the function will also work without virtualprotect

Global Const $PAGE_EXECUTE = 0x10
Global Const $PAGE_EXECUTE_READ = 0x20
Global Const $PAGE_EXECUTE_READWRITE = 0x40
Global Const $PAGE_EXECUTE_WRITECOPY = 0x80
Global Const $PAGE_NOACCESS = 0x1
Global Const $PAGE_READONLY = 0x2
Global Const $PAGE_READWRITE = 0x4
Global Const $PAGE_WRITECOPY = 0x8
Global Const $MEM_COMMIT = 0x1000
Global Const $MEM_RESERVE = 0x2000
Global Const $MEM_RESET = 0x80000
Global Const $MEM_DECOMMIT = 0x4000
Global Const $MEM_RELEASE = 0x8000

Also what's 0x10 / 0x40 etc ...

Global Const $PROCESS_ALL_ACCESS = 0x1F0FFF

Also here in opening the process why we uses 0x1F0FFF ?

#closed then