Process Memory Basics for Reverse Engineers Module 3 - Memory Protections (Patreon)

This is the third and final part in our three-part series on process memory with a focus on tracking memory with a debugger. In this tutorial we look at process memory protections and specifically how the PAGE_GUARD works, and what a memory "breakpoint" is in x64dbg.

Further Reading

• X64dbg (hopefully you already have this installed)
• X64dbg command line reference 
• Memory Protection Constants 
• DEP 
• NtProtectVirtualMemory 
• VirtualProtect 
• Creating Guard Pages 

Hands-On Example

Attached to this post is the compiled example we analyzed in the tutorial. You are encouraged to analyze the binary with x64dbg. See if you can use a memory breakpoint to halt execution before the shell code is run.