That doesnt make any sense...getting a handle with ALL_Access should not change the .protect of memory regions...
hopefully this helps; if so, you can re-work code later. Please post full output (if you have more than 100 scan results, maybe put inside [ s p o i l e r ] ... [ / s p o i l e r ] tags. or upload to some external site like pastebin.com -- if your account can't post links yet, just add spaces inside the url).
Don't forget to manually run the executable as admin ...please.
replace your entire for loop() with this:
Code:
bool bChangedProtect;
cout << search_results[cur_result].size() << " items found.\n" << endl;
for (int xy = 0; xy < search_results[cur_result].size(); xy++)
{
bChangedProtect = false;
if (ReadProcessMemory(phandle,(void*)search_results[cur_result][xy],&sResult,8,nullptr) == 8)
{
if (sResult==double_val)
{
cout <<"item #" << xy << "\t";
if (VirtualQueryEx(phandle, (void*)search_results[cur_result][xy], &mBI, sizeof(MEMORY_BASIC_INFORMATION)))
{
if ((mBI.Protect & PAGE_WRITECOPY) || (mBI.Protect & PAGE_EXECUTE_WRITECOPY))
{
cout << hex << search_results[cur_result][xy] << " was WRITE_COPY or EXEC_WRITE_COPY ..skipping, just because." << endl;
continue;
}
else if ((mBI.Protect & PAGE_EXECUTE) || (mBI.Protect & PAGE_EXECUTE_READ))
{
if (VirtualProtectEx(phandle,(void*)search_results[cur_result][xy],8,PAGE_EXECUTE_READWRITE,&OLDPROTECT))
{
cout << hex << search_results[cur_result][xy] << " Was EXEC or EXEC_R --> VirtualProtectEx(EXEC_RW) SUCCESS" << endl;
bChangedProtect = true;
}
else
{
cout << hex << search_results[cur_result][xy] << " Was EXEC or EXEC_R --> VirtualProtectEx(EXEC_RW) FAIL. skipping write." << endl;
continue;
}
}
else if (mBI.Protect & PAGE_READONLY)
{
if (VirtualProtectEx(phandle, (void*)search_results[cur_result][xy],8,PAGE_READWRITE,&OLDPROTECT))
{
cout << hex << search_results[cur_result][xy] << " Was READ_ONLY --> VirtualProtectEx(READ_WRITE) SUCCESS" << endl;
bChangedProtect = true;
}
else
{
cout << hex << search_results[cur_result][xy] << " Was READ_ONLY --> VirtualProtectEx(READ_WRITE) FAIL. skipping write." << endl;
continue;
}
}
//if we get here, apparently it's writable (and not copy-forward).
if (!bChangedProtect)
cout << hex << search_results[cur_result][xy]; //will be first time we show the addr. todo: re-work logic because this feels awkward.
if (WriteProcessMemory(phandle,(void*)search_results[cur_result][xy],&double_ans,8,nullptr))
{
cout << " WriteProcessMemory() OK!" << endl;
}
else
{
cout << " WriteProcessMemory() FAIL!" << endl;
if (VirtualQueryEx(phandle,(void*)search_results[cur_result][xy],&mBI,sizeof(MEMORY_BASIC_INFORMATION)))
{
cout <<"Current Protect: " << hex << mBI.Protect << endl;
}
else
{
cout <<"Current Protect: Unknown. VirtualQueryEx() Failed -- but why? -- does this happen?" << endl;
}
}
//
if (bChangedProtect)
{
DWORD idk = 0;
if (VirtualProtectEx(phandle,(void*)search_results[cur_result][xy],8,OLDPROTECT,&idk)) //not sure if you should use same var for old and new protect. will it set 'oldProtect' to the old protection before writing. is a temporary used? idk. try if you care.
{
cout << hex << search_results[cur_result][xy] << " VirtualProtectEx(ORIG) SUCCESS" << endl;
}
else
{
cout << hex << search_results[cur_result][xy] << " VirtualProtectEx(ORIG) FAIL -- does this happen?" << endl;
}
}
}
else
{
cout <<"VirtualQueryEx FAILED for " << hex << search_results[cur_result][xy] << ". Skipping." << endl;
}
}
else
{
cout << hex << search_results[cur_result][xy] << " sResult != double_val ... It was when we scanned, but not now. Skipped." << endl;
}
}
else
{
cout << hex << search_results[cur_result][xy] << " was found to be a result..but now ReadProcessMemory() fails/partial read -- does this happen?" << endl;
}
}