Command set-permission

This command was added to facilitate the exploitation process, by changing the permission rights on a specific page directly from the debugger.

By default, GDB does not allow you to do that, so the command will modify a code section of the binary being debugged, and add a native mprotect syscall stub. For example, for x86, the following stub will be inserted:

mov eax, mprotect_syscall_num
mov ebx, address_of_the_page
mov ecx, size_of_the_page
mov edx, permission_to_set
int 0x80

A breakpoint is added following this stub, which when hit will restore the original context, allowing you to resume execution.

mprotect is an alias for set-permission. As an example, to set the stack as READ|WRITE|EXECUTE on this binary,


Simply run

gef➤ mprotect 0xfffdd000

Et voilà ! gef will use the memory runtime information to correctly adjust the protection of the entire section.


Or for a full demo video on an AARCH64 VM: