I hope everyone has a Happy Halloween.
Try not to eat too much candy tonight. :-)

Andy


; virtual1.asm 
;                Example of self-modifying code
; A friend is someone who understands your past,
; believes in your future,
; and accepts you today just the way you are.
;
; This example runs in an infinite loop if the self modifying code isn't executed.
; The JMP infinite is changed to 'NOP NOP' (no operation).
;
.386
.MODEL FLAT, STDCALL
OPTION CASEMAP: NONE


    include \masm32\include\windows.inc
    include \masm32\include\user32.inc
    include \masm32\include\kernel32.inc
    include \masm32\include\advapi32.inc
    include \masm32\include\shlwapi.inc
    include \masm32\macros\macros.asm

    includelib  \masm32\lib\kernel32.lib
    includelib  \masm32\lib\user32.lib
    includelib  \masm32\lib\advapi32.lib
    includelib  \masm32\lib\shlwapi.lib

.DATA

.data?

Old          dw      ?  ; address of region of committed pages
AddrToChange LPVOID  ?  ; size of the region

.code

start:

mov AddrToChange, offset codeToChange

; Reserve and commit in one step
invoke VirtualAlloc,AddrToChange,4,MEM_COMMIT or MEM_RESERVE,PAGE_READWRITE

mov word ptr , 9090h ;

invoke VirtualAlloc,AddrToChange,4,MEM_COMMIT,PAGE_EXECUTE
 
codeToChange:
 
mov ebx,5 ; Over written over by 2 NOPs ONLY if self-modifying code is executed
 
invoke ExitProcess,2

end start


Posted on 2009-10-31 20:55:07 by skywalker
VirtualProtect, not VirtualAlloc.
Posted on 2009-11-01 08:21:40 by f0dder