I'm working on MUP'ing a sality variant that was found @ offensive computing. I've found myself at the OEP which was the original module entry point but after it has been decrypted. However when I go to use Ollydump to dump this process I get Unable to read memory of debugged process (00400000..00418fff) then another msgbox with bad dos signature.

I've done some googling and found some articles that this happens on packed dll's (pecompact) but this is an exe written in VB. Pretty sure I'm at the OEP as there is a push instruction then a call to ThunRTMain. Can someone point me in the right direction of things I can research to workaround this issue? Thank you.

if you can't dump some range of memory block, then it probably contains some reserved parts.
just check that range.

I'm going out on a limb here but VirtualAlloc is an API that protects memory but are there any other ones I should be on the lookout for that also can protect memory blocks?

VirtualAlloc is used to allocate a piece of memory and yes you can specify the page protection.
But VirtualProtect is what you describe,VirtualProtectEx,NtProtectVirtualMemory is the inards.And that's about it for modding the protections on memory in user mode..

1. also VirtualFree can free some pages inside mem-block, thusly preventing dump.
2. also OS can free RELOC pages after using it. (and other sections marked as Disacardable)

Hi,
before dumping to disk check the memory tab of olly and set every section of the main exe to full access (right click on section > Set Access > Full Access).