Generalised memory protection revert to reuse protection originally met after locating shellcode for the first time.

mgeeky · mgeeky · commit 21a7194ca70b · 2021-10-07T16:49:14.000+02:00
diff --git a/ShellcodeFluctuation/header.h b/ShellcodeFluctuation/header.h
@@ -31,6 +31,7 @@ struct FluctuationMetadata
     SIZE_T shellcodeSize;
     bool currentlyEncrypted;
     DWORD encodeKey;
+    DWORD protect;
 };
 
 struct HookedSleep
diff --git a/ShellcodeFluctuation/main.cpp b/ShellcodeFluctuation/main.cpp
@@ -291,7 +291,7 @@ void shellcodeEncryptDecrypt(LPVOID callerAddress)
                 g_fluctuationData.shellcodeAddr,
                 g_fluctuationData.shellcodeSize,
                 PAGE_READWRITE,
-                &oldProt
+                &g_fluctuationData.protect
             );
 
             log("[>] Flipped to RW.");
@@ -330,11 +330,11 @@ void shellcodeEncryptDecrypt(LPVOID callerAddress)
             ::VirtualProtect(
                 g_fluctuationData.shellcodeAddr,
                 g_fluctuationData.shellcodeSize,
-                Shellcode_Memory_Protection,
+                g_fluctuationData.protect,
                 &oldProt
             );
 
-            log("[<] Flipped to RX.\n");
+            log("[<] Flipped back to RX/RWX.\n");
         }
 
         g_fluctuationData.currentlyEncrypted = !g_fluctuationData.currentlyEncrypted;
