I am trying to patch assembly code on run-time, the module being patched is an OS provided driver, I can get to the exact location where the update is required, however, when writing memory I get A GeneralProtectionFault exception, to go around that I was using the code bellow:
NT_ASSERT(0xed == pAddrStart[7]);
const auto cr0 = __readcr0();
const auto cr0noWP = cr0 & 0x7FFFFFFF;// Clear the WP bit
__writecr0(cr0noWP); // <== GeneralProtectionFault
pAddrStart[7] = 0xfd;// Patch the code!!!
__writecr0(cr0);
When calling “__writecr0” intrinsic I get “GeneralProtectionFault”…
How can I go around this, how can I update a page with executable rights on run-time?
I would expect something such as VirtualProtect though couldn;t find such for Kernel mode …
in reality kernel mode page protection can be achieved by a kernel mode file system filter driver with faster virtual disk. when read request comes to filter try file/folder exist on your virtual disk directly read from virtual disk. if not exist on your virtual disk read from hdd. also when write request comes to filter only write to virtual disk. when modify change information comes to filter copy file data and save to virtual disk.