How to enable Code section (Read / Write) in x64

[Rasmus]

Quote:

Originally Posted by New Tiger

Thanks for your reply. I tried already CCF and Stud_PE. Both show that the section flag for read and write are already ticked, meaning you can write to the specified section but no way. I tried also to patch the VirtualProtect function using the same way in x32 OS's but it always returns zero !!!!
I used the same way as below:

PUSH ESP
PUSH 40 // code writable
PUSH 1000 // size of code to make writable
PUSH 401000 // start address of code to make writable
CALL VirtualProtect // xxxxxxxx is address of VirtualProtect

I did this in several x32 app's and worked just fine but in x64 no way

With my limited knowledge I will try to help
@New Tiger The calling convention in 64-bit is different from that of 32-bit.

The x64 Application Binary Interface (ABI) uses a four-register fast-call calling convention by default. Space is allocated on the call stack as a shadow store for callees to save those registers.

Meaning that the parameters are passed to the function through registers as a default which differs significantly from the 32-bit manner where the stack can be wholly used for passing the parameters.

Example:

Quote:

func1(int a, int b, int c, int d, int e, int f);
// a in RCX, b in RDX, c in R8, d in R9, f then e pushed on stack

The addresses and registers in your example are also 32-bit. Maybe my mistake but you should check them once again

Please read these 2 pages for more info:

Quote:

https://learn.microsoft.com/en-us/cpp/build/x64-calling-convention?view=msvc-170
https://accu.org/journals/overload/22/120/orr_1897/

They highlight the differences in the 64-bit calling conventions.

Then the VirtualProtect should work just fine in 64-bit also