No replies to this topic

[Michael Pietroforte]

This article explains how Data Execution Prevention (DEP) works and how to turn it off and on in Windows 7, Windows Vista, and Windows Server 2008 (R2).

Data Execution Prevention (DEP) is a security feature of the CPU that prevents an application from executing code from a non-executable memory region. This is supposed to prevent buffer overflow attacks from succeeding. Since Microsoft introduced support for Data Execution Prevention (DEP) on Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, it’s included in every version of Windows.


How DEP works: Hardware enforcement and the role of the OS
Data execution prevention works by marking certain memory pages being indented to hold only data and no executable code. This is achieved by setting a special bit in its page table entry called NX, for No eXecute, or XD, for eXecute Disabled, respectively. It’s the responsibility of the OS to set the NX bit for the stack and heap memory areas. If a malfunctioning program – or malware – should try to execute code from an NX-marked memory page, the CPU will refuse to do so and trigger an interrupt instead, which causes the OS to shut down the application accordingly.

… read more of How to turn off Data Execution Prevention (DEP)

Author: Andreas Kroschel
Copyright © 2006-2011, 4sysops, Digital fingerprint: 3db371642e7c3f4fe3ee9d5cf7666eb0


View the full article