Help with this api function

[Asmven]

can someone please help me with NtProtectVirtualMemory, I been trying to get to get it to work for over an hour, it says it works but definitely does not

Code Select Expand


.586
.model flat,stdcall
option casemap:none

include \masm32\include\windows.inc
include \masm32\include\user32.inc
includelib \masm32\lib\user32.lib
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib
include \masm32\include\ntdll.inc
includelib \masm32\lib\ntdll.lib
.data
user32 db 'user32.dll',0
MessageBoxAptr db 'MessageBoxA',0

.data?
MsgBoxPtr dd ?
byteswritten dd ?
oldprotect dd ?

.code
start:

invoke LoadLibrary,addr user32
invoke GetProcAddress,eax,addr MessageBoxAptr
mov MsgBoxPtr,eax
invoke NtProtectVirtualMemory,-1, MsgBoxPtr,1,PAGE_EXECUTE_READWRITE,addr oldprotect
;invoke VirtualProtect, MsgBoxPtr,1,PAGE_EXECUTE_READWRITE, addr oldprotect ;this works fine
.if eax!=0
;write test
mov eax, MsgBoxPtr
mov byte ptr [eax], 0CCh ;int 3
.endif

invoke ExitProcess,0
end start



i'm not apihooking, I just used a api address as a quick test. If you run this it'll crash at where you try and modify its memory because you don't have write access.VirtualProtect works fine though :\ http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/Memory%20Management/Virtual%20Memory/NtProtectVirtualMemory.html examples its parameters, i've googled nonstop but it hasn't helped me. If anyone can shed some light, i'll be eternally greateful, thankyou.

[qWord]

why to use an undocumented Api ? ->  VirtualProtect should work as expected

[dedndave]

MsgBoxPtr - try addr MsgBoxPtr
bytes to protect is also a pointer - you have 1 ?

[ToutEnMasm]

VirtualProtect is documented ,made the same thing and can be used without problem.