The PAGE_GUARD Anti-Dumping Trick

1. //http://waleedassar.blogspot.com - (@waleedassar)
2. //Code to show how to use the "PAGE_GUARD" anti-dumping trick.
3. #include "stdafx.h"
4. #include "windows.h"
5.  
6.  
7. #pragma data_seg("walied4")
8. int x=1;
9. #pragma data_seg()
10.  
11.  
12. int __stdcall watch()
13. {
14.     while(1)
15.     {
16.         MEMORY_BASIC_INFORMATION MBI={0};
17.         VirtualQuery(&x,&MBI,sizeof(MBI));
18.         if(!((MBI.Protect)&PAGE_GUARD)) ExitProcess(0);
19.     }
20. }
21.  
22. int main(int argc, char* argv[])
23. {
24.     unsigned long fake_base=(unsigned long)(&x);  //the page is initially PAGE_WRITECOPY
25.     *(unsigned long*)fake_base=0xCECECECE;        //Now it is PAGE_READWRITE
26.     unsigned long old;
27.     VirtualProtect((void*)fake_base,0x1000,PAGE_READWRITE|PAGE_GUARD,&old);
28.     unsigned long tid;
29.     CreateThread(0,0x1000,(LPTHREAD_START_ROUTINE)&watch,0,0,&tid);
30.     //---------------Useless stuff--------------
31.     MessageBox(0,"Try to dump me","waliedassar",0);
32.     ExitProcess(0);
33.     return 0;
34. }