Detection vector fix: RWX allocation removed

[werw58]

Removed global RWX protection applied after MmAllocateIndependentPages. Implemented per-section protection logic matching PE section characteristics to avoid long-lived RWX memory regions, minimizing behavioral detection vectors.

[TheCruZ]

Change the default PAGE_NOACCESS to PAGE_READONLY to prevent any issue with packed/modified drivers and also check that the section has a VirtualSize > 0
for the rest, I don't think that this will help with any detection since anticheats base his detections in threads that enter in executable memory that they don't recognize(e.g. path guard) more than the size of the executable section

[werw58]

for the rest, I don't think that this will help with any detection since anticheats base his detections in threads that enter in executable memory that they don't recognize(e.g. path guard) more than the size of the executable section

Splitting protections per PE section is still better than keeping a long-lived single RWX region. At least it reduces the footprint of writable executable memory, which can help minimize heuristic flags (probably l0l)