Here's my problem:

MODULE .txt 0003 0167:0217A000 00001E25 CODE RO

I want to patch the code inside using my own code executed directly from SICE. Of course it cannot happen as long as the memory above is RO. The result is nice GPF when trying to patch. So I wanted to change flags from RO to RW, I played with /pageflag from icedump but it didn't change anything for me. Guess I don't know how to use /pageflag I tried also to play with VirtualProtectEx but since proc/thread won't show MODULE anywhere I can't get its PID thus I can't get the handle - so I can't use VirtualProtectEx.

So I'm asking - how to use /pageflag or how to manually change the flags for this section?

Merry Christmas everyone

Use a PEeditor, for simplicity.
Or look thru some essays bout createprocess and virtualprotectex.

Fake

The trick is that I can't use PE editor. This code is unpacked from another code and probably protects itself using VirtualProtect. I don't want to change this. I want to deprotect it after that. I looked all over this board and googled searching for virtualprotectex. All I found was examples with known handler (you create the process so you know the handler).

And what stops you from doing the same?

Fake

The page directories/tables are cached.

So if you manipulate the page table and/or page directory,
you have to force the processor to reload the tables.

You should really read up on the paging mechanism.
You can download intel docs here:

hxxp://x86.ddj.com/intel.doc/inteldocs.htm

(change the xx to tt of course)

This is a great resource for intel processor info,
as it includes information on undocumented opcodes and the like.

Hope this will help you along.

Regards,

tgodd

P.S. Merry Christmas and have a Happy New Year.

Thanks, I'll have a look then