what if a page code read itself in memory hack?

Question

what if a page code read itself in memory hack?

coolboy4me opened this issue 8 years ago · 1 comments

in memory hack module, when a page code read itself , ept voilation will happen again and agian...
when set a page read/write only, the code reading the page that the code is in will cause voilation (because of executing)
when set a page execute only, the code reading the page that the code is in will cause voilation (because of reading)

Answer 1 · 2017-01-21T16:25:13.000Z

You're right, but eventually it will get to read it and it'll be ok, but if you want to avoid that, then probably checking RIP in the EPT violation against the page hook CPA (after translation) will do.