Windows malfind: fix unbound page variable access

volatility3/framework/plugins/windows/malfind.py

@@ -120,8 +120,7 @@ def list_injections(
                 vadinfo.winnt_protections,
             )
             write_exec = "EXECUTE" in protection_string and "WRITE" in protection_string
-            dirty_page_check = False
-
+            dirty_page = None
             if not write_exec:
                 """
                 # Inspect "PAGE_EXECUTE_READ" VAD pages to detect
@@ -135,12 +134,12 @@ def list_injections(
                         try:
                             # If we have a dirty page in a non writable "EXECUTE" region, it is suspicious.
                             if proc_layer.is_dirty(page):
-                                dirty_page_check = True
+                                dirty_page = page
                                 break
                         except exceptions.InvalidAddressException:
                             # Abort as it is likely that other addresses in the same range will also fail.
                             break
-                    if not dirty_page_check:
+                    if dirty_page is None:
                         continue
                 else:
                     continue
@@ -152,10 +151,10 @@ def list_injections(
                 if cls.is_vad_empty(proc_layer, vad):
                     continue
 
-                if dirty_page_check:
+                if dirty_page is not None:
                     # Useful information to investigate the page content with volshell afterwards.
                     vollog.warning(
-                        f"[proc_id {proc_id}] Found suspicious DIRTY + {protection_string} page at {hex(page)}",
+                        f"[proc_id {proc_id}] Found suspicious DIRTY + {protection_string} page at {hex(dirty_page)}",
                     )
                 data = proc_layer.read(vad.get_start(), 64, pad=True)
                 yield vad, data