ChangeProtection works, but flags dll as virus

Memory/Methods/Write.cs

@@ -170,11 +170,11 @@ public bool WriteMemory(string code, string type, string write, string file = ""
             //Debug.Write("DEBUG: Writing bytes [TYPE:" + type + " ADDR:" + theCode + "] " + String.Join(",", memory) + Environment.NewLine);
             MemoryProtection OldMemProt = 0x00;
             bool WriteProcMem = false;
-            if (RemoveWriteProtection)
-                ChangeProtection(code, MemoryProtection.ExecuteReadWrite, out OldMemProt, file); // change protection
+            //if (RemoveWriteProtection)
+            //    ChangeProtection(code, MemoryProtection.ExecuteReadWrite, out OldMemProt, file); // change protection
             WriteProcMem = WriteProcessMemory(mProc.Handle, theCode, memory, (UIntPtr)size, IntPtr.Zero);
-            if (RemoveWriteProtection)
-                ChangeProtection(code, OldMemProt, out _, file); // restore
+            //if (RemoveWriteProtection)
+            //    ChangeProtection(code, OldMemProt, out _, file); // restore
             return WriteProcMem;
         }
 

Memory/Structures/Imports.cs

@@ -104,9 +104,9 @@ public static extern UIntPtr VirtualAllocEx(
             uint flProtect
         );
 
-        [DllImport("kernel32.dll")]
-        public static extern bool VirtualProtectEx(IntPtr hProcess, UIntPtr lpAddress,
-            IntPtr dwSize, MemoryProtection flNewProtect, out MemoryProtection lpflOldProtect);
+        //[DllImport("kernel32.dll")]
+        //public static extern bool VirtualProtectEx(IntPtr hProcess, UIntPtr lpAddress,
+        //    IntPtr dwSize, MemoryProtection flNewProtect, out MemoryProtection lpflOldProtect);
 
         [DllImport("kernel32.dll", CharSet = CharSet.Ansi, ExactSpelling = true)]
         public static extern UIntPtr GetProcAddress(

Memory/memory.cs

@@ -322,21 +322,22 @@ public void ThreadStartClient(string func, string name)
             }
         }        
 
-        #region protection
-
-        public bool ChangeProtection(string code, MemoryProtection newProtection, out MemoryProtection oldProtection, string file = "")
-        {
-	        UIntPtr theCode = GetCode(code, file);
-	        if (theCode == UIntPtr.Zero 
-	            || mProc.Handle == IntPtr.Zero)
-	        {
-		        oldProtection = default;
-		        return false;
-	        }
-
-	        return VirtualProtectEx(mProc.Handle, theCode, (IntPtr)(mProc.Is64Bit ? 8 : 4), newProtection, out oldProtection);
-        }
-        #endregion
+        // WARNING: Works, but flags as virus
+        //#region protection
+
+        //public bool ChangeProtection(string code, MemoryProtection newProtection, out MemoryProtection oldProtection, string file = "")
+        //{
+	       // UIntPtr theCode = GetCode(code, file);
+	       // if (theCode == UIntPtr.Zero 
+	       //     || mProc.Handle == IntPtr.Zero)
+	       // {
+		      //  oldProtection = default;
+		      //  return false;
+	       // }
+
+	       // return VirtualProtectEx(mProc.Handle, theCode, (IntPtr)(mProc.Is64Bit ? 8 : 4), newProtection, out oldProtection);
+        //}
+        //#endregion
 
         /// <summary>
         /// Convert code from string to real address. If path is not blank, will pull from ini file.

appveyor.yml

@@ -27,7 +27,7 @@ deploy:
     release: Build $(APPVEYOR_REPO_COMMIT_TIMESTAMP)
     description: Latest Compile Date %APPVEYOR_REPO_COMMIT_TIMESTAMP%
     auth_token:
-      secure: selr4mVDE+XfNJ6jFTKiLTbSbDe8COHTNVRsFblZDVWS5/0qAFVym/Bcy/OoHRTT
+      secure: y+vnpDslJlfpQVrm2NaPq4dZR9T5yD/e+Z4fKna+fq9m25G3THlrUVp35pCTRc2lS+BmGxxQVhDLNN5EgmQQeERYgVSdPNsbD7GgGFlHrO2Yxl/EX1WXAGBzCRYlnT5Y
     artifact: Build_%PLATFORM%.zip
     force_update: true
     draft: false