Kernel DLL Injector using NX Bit Swapping and VAD hide for hiding injected DLL
- allocate pages with only read and write permission
- get the physical page table entry's of your allocated pages
- add execute permission to your page under the covers
Physical regions can be enumerated using NtQuery* APIs and then tested for the correctness of corresponding protection flags.