-
Notifications
You must be signed in to change notification settings - Fork 75
VM protection
- vm.protect(memoryAddress, numberOfBytes, protection)
- vm.protectionAt(memoryAddress)
vm.protect sets the memory protection to the virtual memory pages residing at memoryAddress through memoryAddress + numberOfBytes.
vm.protectionAt returns the memory protection of the virtual memory page residing at memoryAddress.
Virtual memory is divided into pages. Usually, the page size of a process on macOS is 4096 bytes, though this should not be assumed. Each page has three independent protection attributes: read, write, and execute. Although in practice, if a page is marked writable, it is likely to also be marked readable.
If a page is not marked writable, it is not possible for the process to write directly onto the page for example, unless the memory protection on the page is changed to enable the writable flag.
Raises bitslicer.VirtualMemoryError if vm.protect cannot change the memory protection, or if vm.protectionAt cannot retrieve the memory protection.
import vmprot
address, size = 0x8000400, 0x10
vm.protect(address, size, vmprot.READ | vmprot.WRITE)
debug.log((vm.protectionAt(address) & vmprot.WRITE) != 0) #should log Trueimport vmprot
vmprot.NONE
vmprot.READ
vmprot.WRITE
vmprot.EXECUTE
vmprot.ALL #equivalent to (vmprot.READ | vmprot.WRITE | vmprot.EXECUTE)Searching
- Introduction to Searching
- Data Types
- Storing All Values
- Pointers
- Search Windows
- Pausing Targets
- Web Games
Memory
Debugging
Scripting