20.2.1 Memory protections

Another way to setup read/write exceptions is done by changing the protection properties of the memory pages of a program.

These properties must have an aligned size like 4096 bytes or so. This depends on the operating system and the cpu, but it is supported by all the architectures with MMU.

[0x4A13C000]> !mp?
Usage: !mp [rwx] [addr] [size]
  > !mp       - lists all memory protection changes
  > !mp --- 0x8048100 4096
  > !mp rwx 0x8048100 4096
- addr and size are aligned to memory (-=%4).

Using '!maps' you can get a list of all the mapped regions of the program, but this ones will not refer to the changes done by this command, because they are handled submappings and not all OS allows you a fine-grained control over this.

For this reason, radare handles a list of changes done by this command to allow you to reset the changes done.

Here's an example... you are interested on getting the point where a program tries to write in a buffer at a certain address. The way to catch this is by changing the properties of this page, dropping the write permission and kepping the read one.

[0x4A13C000]> !mp r-- 0x8054180 4096
[0x4A13C000]> !cont

.. write exception ..

[0x4A13C000]> !mp rw- 0x8054180 4096 ; restore change