I wanted to observe the protection permission requests, I expected to see intermittently calls to RW & RX, but the actual requests were RWX & RX instead:
Why is it happening? shouldn't I see calls that revoke the X permissions also? like NtVirtualProtect(...RW...)
I wanted to observe the protection permission requests, I expected to see intermittently calls to RW & RX, but the actual requests were RWX & RX instead:
Why is it happening? shouldn't I see calls that revoke the X permissions also? like NtVirtualProtect(...RW...)
Also, I think it's missing some steps: