waliedassar

The PAGE_GUARD Anti-Dumping Trick

Sep 7th, 2012
1,030
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //http://waleedassar.blogspot.com - (@waleedassar)
  2. //Code to show how to use the "PAGE_GUARD" anti-dumping trick.
  3. #include "stdafx.h"
  4. #include "windows.h"
  5.  
  6.  
  7. #pragma data_seg("walied4")
  8. int x=1;
  9. #pragma data_seg()
  10.  
  11.  
  12. int __stdcall watch()
  13. {
  14.     while(1)
  15.     {
  16.         MEMORY_BASIC_INFORMATION MBI={0};
  17.         VirtualQuery(&x,&MBI,sizeof(MBI));
  18.         if(!((MBI.Protect)&PAGE_GUARD)) ExitProcess(0);
  19.     }
  20. }
  21.  
  22. int main(int argc, char* argv[])
  23. {
  24.     unsigned long fake_base=(unsigned long)(&x);  //the page is initially PAGE_WRITECOPY
  25.     *(unsigned long*)fake_base=0xCECECECE;        //Now it is PAGE_READWRITE
  26.     unsigned long old;
  27.     VirtualProtect((void*)fake_base,0x1000,PAGE_READWRITE|PAGE_GUARD,&old);
  28.     unsigned long tid;
  29.     CreateThread(0,0x1000,(LPTHREAD_START_ROUTINE)&watch,0,0,&tid);
  30.     //---------------Useless stuff--------------
  31.     MessageBox(0,"Try to dump me","waliedassar",0);
  32.     ExitProcess(0);
  33.     return 0;
  34. }
RAW Paste Data