From d8583ccf28f839632996f0e1714f7b9219cb39fe Mon Sep 17 00:00:00 2001
From: iddoeldor <iddo.eldor.work@gmail.com>
Date: Tue, 21 May 2019 22:07:20 +0300
Subject: [PATCH] OTW explicit description

---
 README.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index e3c652a..000e8ed 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@
 <details>
 <summary>Native</summary>
 
-* [`Watchpoint`](#watchpoint)
+* [`One time watchpoint`](#one-time-watchpoint)
 * [`Socket activity`](#socket-activity)
 * [`Intercept open`](#intercept-open)
 * [`Execute shell command`](#execute-shell-command)
@@ -68,7 +68,7 @@
 <hr />
 
 
-#### Watchpoint
+#### One time watchpoint
 
 For this example I'm intercepting `funcPtr` & I want to know who read/write to `x2` so I remove permissions w/ `mprotect`.
 
@@ -77,6 +77,8 @@ Process.setExceptionHandler(function(exp) {
   console.warn(JSON.stringify(exp, null, 2));
   // can implement a switch case on exp.memory.operation, if read set only 'r--' if write '-w-' etc..
   Memory.protect(exp.memory.address, Process.pointerSize, 'rw-');
+  // can also use `new NativeFunction(Module.findExportByName(null, 'mprotect'), 'int', ['pointer', 'uint', 'int'])(parseInt(this.context.x2), 2, 0)`
+
   return true;
 });