RWX
memory to copy your shellcode over to by using VirtualAlloc
API which is heavily monitored by EDRs and can get you caught. Instead, the code will get embedded into the PE's .TEXT
section which is executable by default as this is where the rest of your application's code resides.spotless
, so I can easily identify the shellcode location when debugging the program:spotless
is going to be printed out and straight after it, we have the 4 NOP instructions: