Self Modifying Code using MASM
					         	 By: magikh0e
					                                                
					                    '\v/`  
                                                            (o 0)  m0o. 
                                                             (_)  / magikh0e.ihtb.org
                                                             
     Intro: A quick write up on self modifying code using VirtualProtect API and MASM.
     
     If you have ever tried to change the code of any program, this normally leads to getting a memory
     exception error. If you are wondering why, this is due to the fact that code sections are 'read and 
     execute' ONLY. They are never writable...
     
     Luckily for us this is where the VirtualProtect API comes into play. Using this API we are able to 
     change the protections on a region of commited pages in the virtual address space of the calling process. 
     In order to write this code, we need to change the protection options to read/write before changing 
     the code. Once the code has been changed, we can then restore the execute option back onto the region.
     
     Code Example:
      .data?
      Old dw ?
      AddressToChange LPVOID ?
      
      .code
      mov AddressToChange, offset CodeToChange
      invoke VirtualProtect, AddressToChange,2000,PAGE_READWRITE,offset Old
      mov word ptr [AddressToChange], 9090h
      Invoke VirtualProtect, AddressToChange,4,PAGE_EXECUTE,offset Old
      
      infinite:
      ADD EBX, EAX
      INC EAX
      CodeToChange:
      JMP infinite
      
      This example will run in a continuous loop, if the self modifying code portion is not executed. 
      The JMP infinite call is changed to 'NOP NOP' '9090' by the code within the .code region.