From 04fbcbbbd3de5d579fbedd1fe74149ef882ade73 Mon Sep 17 00:00:00 2001
From: Willi Ballenthin <wballenthin@google.com>
Date: Wed, 2 Aug 2023 12:36:42 +0000
Subject: [PATCH] linter: skip native API check for NtProtectVirtualMemory

closes #1675
---
 CHANGELOG.md    | 3 ++-
 scripts/lint.py | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f285d59e..5735ccf5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,7 +16,8 @@
 
 ### Bug Fixes
 
-- Fix binja backend stack string detection. [#1473](https://github.com/mandiant/capa/issues/1473) [@xusheng6](https://github.com/xusheng6)
+- Fix binja backend stack string detection. #1473 @xusheng6
+- linter: skip native API check for NtProtectVirtualMemory #1675 @williballenthin 
 
 ### capa explorer IDA Pro plugin
 
diff --git a/scripts/lint.py b/scripts/lint.py
index 847f574a..f155c89b 100644
--- a/scripts/lint.py
+++ b/scripts/lint.py
@@ -569,6 +569,7 @@ class FeatureNtdllNtoskrnlApi(Lint):
                     "ZwCreateProcess",
                     "ZwCreateUserProcess",
                     "RtlCreateUserProcess",
+                    "NtProtectVirtualMemory",
                 ):
                     # ntoskrnl.exe does not export these routines
                     continue