Absolutely wrong. Are we writing the same code here? Page guards are for all userspace access. (In fact, I think kernel space might also trigger them, but can be circumvented. PS: I'm being polite :) Kernel space 100% triggers them, but can be cleverly circumvented by fucking with logs.)
Absolutely wrong. Are we writing the same code here? Page guards are for all userspace access. (In fact, I think kernel space might also trigger them, but can be circumvented. PS: I'm being polite :) Kernel space 100% triggers them, but can be cleverly circumvented by fucking with logs.)
Could you not use VirtualProtectEx to strip PAGE_GUARD?
Even so, none if these methods offer protection, at best you can get some detection, but that doesn't matter when they got your passwords already.
[dead]