俺也不太清,可能有些程序检测到它是其它程序的子进程,就自动关闭,反调试,试下隐藏OD看行不行.

已经隐藏了OD了，在不下内存断点的时候没有任何问题

一旦下了内存断点，当可能断下的时候，程序就消失了。

可能这个程序在内部也拦截到了内存被修改了，然后直接退出了。

内存断点主要就是修改 内存页的属性。 PAGE_GUARD

From MSDN:
Pages in the region become guard pages. Any attempt to access a guard page causes the system to raise a STATUS_GUARD_PAGE exception and turn off the guard page status. Guard pages thus act as a one-shot access alarm.
The PAGE_GUARD flag is a page protection modifier. An application uses it with one of the other page protection flags, with one exception: it cannot be used with PAGE_NOACCESS. When an access attempt leads the system to turn off guard page status, the underlying page protection takes over.

If a guard page exception occurs during a system service, the service typically returns a failure status indicator.

他拦截内存是否被修改会用到什么方法？