NtProtectVirtualMemory document

서우혁·2020년 7월 8일
1

About ntdll!NtProtectVirtualMemory

Syntax

// C++
NTSYSAPI 
NTSTATUS
NTAPI

NtProtectVirtualMemory(
  IN HANDLE               ProcessHandle,
  IN OUT PVOID            *BaseAddress,
  IN OUT PULONG           NumberOfBytesToProtect,
  IN ULONG                NewAccessProtection,
  OUT PULONG              OldAccessProtection 
);

Information

The 'Virtual Protect' API internals call API

Parameters

  • Process Handle
    • process handle
  • Base address
    • pointer of the base address
    • this parameter is volatile (overwrite by function)
  • Number Of Bytes To Protect
    • pointer of the variable holds number of bytes to protect
  • New access protection
    • new page access protection value
  • Old access protection
    • old page access protection value

For example

NTSTATUS MyVirtualProtectEx(
    IN HANDLE               ProcessHandle,
    IN OUT PVOID            BaseAddress,
    IN OUT ULONG            NumberOfBytesToProtect,
    IN ULONG                NewAccessProtection,
    OUT PULONG              OldAccessProtection 
)
{
    LPVOID temp = BaseAddress;
    ULONG size = NumberOfBytesToProtect;

    return NtProtectVirtualMemory (
       ProcessHandle,
       &temp,
       &size,
       PAGE_EXECUTE_READWRITE,
       OldAccessProtection
    );
}
profile
서우혁
reverser
이전 포스트

memcpy, memset 구현

다음 포스트

About windows manual loader

5개의 댓글

comment-user-thumbnail
이순지
2020년 7월 15일

하이

답글 달기
comment-user-thumbnail
x0reaxeax
2023년 7월 11일

Hey there, could you please change IN OUT ULONG NumberOfBytesToProtect to IN OUT SIZE_T NumberOfBytesToProtect? The correct type is SIZE_T, which size scales according to the underlying architecture, whereas ULONG will be 32-bit on both x86 and x86-64.
I was scratching my head looking at STATUS_INVALID_PARAMETER_3 in RAX, since pinvoke.net also shows UINT32 :'D
Super useful docs though!

답글 달기
comment-user-thumbnail
Anny Key
2023년 7월 21일

Hello! Please tell me where can I buy high-quality fake documents? I would like to buy myself a quality fake ID.

답글 달기
comment-user-thumbnail
Lisa Lisa
2023년 7월 21일

An identity card is a very important document for US residents. And of course each state has an original identity card design. You can order south carolina fake id online for little money. This service produces fake ID cards in accordance with the original and using modern technologies. Therefore, your fake ID will be extremely difficult to distinguish from the original.

답글 달기
comment-user-thumbnail
ASMR Katie
2023년 10월 20일

Where can I find a reliable way to create a powerful software fast? Actually there are so many different ways to do it and https://www.rolique.io/news/how-to-build-an-efficient-healthcare-solution-experience-of-the-rolique-team is one of such an amazing solutions. i personally suggest to use it if you are going to create your own app or software idea.

답글 달기

관련 채용 정보