From 12a977c9b11a60b740541898379688c8160c2105 Mon Sep 17 00:00:00 2001
From: Dreg <dreg@fr33project.org>
Date: Sat, 18 Jun 2022 02:39:56 +0200
Subject: [PATCH] keep x86 and x86_64 FLAGS Register when calls to mprotect.
 Added pushfd, popfd, pushfq, popfq instructions

---
 gef.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/gef.py b/gef.py
index e16bdc5c8..56dd868f5 100644
--- a/gef.py
+++ b/gef.py
@@ -2729,11 +2729,13 @@ def mprotect_asm(cls, addr: int, size: int, perm: Permission) -> str:
         _NR_mprotect = 125
         insns = [
             "pushad",
+            "pushfd",
             f"mov eax, {_NR_mprotect:d}",
             f"mov ebx, {addr:d}",
             f"mov ecx, {size:d}",
             f"mov edx, {perm.value:d}",
             "int 0x80",
+            "popfd",
             "popad",
         ]
         return "; ".join(insns)
@@ -2770,6 +2772,7 @@ class X86_64(X86):
     def mprotect_asm(cls, addr: int, size: int, perm: Permission) -> str:
         _NR_mprotect = 10
         insns = [
+            "pushfq",
             "push rax",
             "push rdi",
             "push rsi",
@@ -2787,6 +2790,7 @@ def mprotect_asm(cls, addr: int, size: int, perm: Permission) -> str:
             "pop rsi",
             "pop rdi",
             "pop rax",
+            "popfq",
         ]
         return "; ".join(insns)