From ebdc74d23b9d7fa42a4599211b68e54815f3aa55 Mon Sep 17 00:00:00 2001
From: Rafael <rafael.r.freitas@tecnico.ulisboa.pt>
Date: Sat, 28 Mar 2026 12:03:17 +0000
Subject: [PATCH] fix: ensure write-only breakpoints trigger on Copy-on-Write
 pages

- Replaced the implicit bit-shift logic with an explicit mapping
to prevent the OS from silently duplicating pages via Copy-on-Write.

- Added explicit cases for PAGE_WRITECOPY and PAGE_EXECUTE_WRITECOPY.
---
 TitanEngine/Global.Breakpoints.cpp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/TitanEngine/Global.Breakpoints.cpp b/TitanEngine/Global.Breakpoints.cpp
index a3db551..041abae 100644
--- a/TitanEngine/Global.Breakpoints.cpp
+++ b/TitanEngine/Global.Breakpoints.cpp
@@ -251,13 +251,17 @@ DWORD GetPageProtectionForMemoryBreakpoint(const MemoryBreakpointPageDetail & pa
 
     if(page.writeBps > 0)
     {
-        // Remove write access e.g. PAGE_EXECUTE_READWRITE => PAGE_EXECUTE
+        // Remove write access (and copy-on-write) e.g. PAGE_EXECUTE_READWRITE => PAGE_EXECUTE
         DWORD dwBase = newProtect & 0xFF;
         switch(dwBase)
         {
         case PAGE_READWRITE:
+        case PAGE_WRITECOPY:
+            newProtect = (newProtect & 0xFFFFFF00) | PAGE_READONLY;
+            break;
         case PAGE_EXECUTE_READWRITE:
-            newProtect = (newProtect & 0xFFFFFF00) | (dwBase >> 1);
+        case PAGE_EXECUTE_WRITECOPY:
+            newProtect = (newProtect & 0xFFFFFF00) | PAGE_EXECUTE_READ;
             break;
         }
     }