Geek Answers Handbook

How to determine if DEP is enabled on a system

DelphiXe; Xp, Vista, Win7, WSrv2008R2;

enter image description here

0.DEP (Data Execution Prevention) Processor Supported

Function isCpuDEP:bool; begin Result:=... //??? end;

1. How to determine if DEP is enabled on the system?

 Function isEnableDEP:bool; // Win Xp comparable begin Result:=false;if isCpuDEP=false then exit; Result:=... //??? end;

2. Determine what if DEP is enabled and also enabled for ALL programs and services?

 Function isEnableDEPForAllProgram:bool; begin Result:=false;if isEnableDEP=false then exit; Result:=... //??? end;

3. Enter a list of DEP programs?

 Function GetDEPProgramList:TStringList; begin Result:=nil;if isEnableDEPForAllProgram=false then exit; Result:=Tstringlist.Create; Result:=... //??? end;
+4
source share
3 answers

The following uses GetProcessDEPPolicy for point (1):

 type TGetProcessDEPPolicy = function(Process: THandle; out Flags: DWORD; out Permanent: Bool): Bool; stdcall; const PROCESS_DEP_ENABLE = $00000001; PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION = $00000002; procedure TForm1.Button1Click(Sender: TObject); var GetProcessDEPPolicy: TGetProcessDEPPolicy; DEPFlags: DWORD; IsPermanent: Bool; begin @GetProcessDEPPolicy := GetProcAddress(GetModuleHandle(kernel32), 'GetProcessDEPPolicy'); if Assigned(GetProcessDEPPolicy) then begin if GetProcessDEPPolicy(GetCurrentProcess, DEPFlags, IsPermanent) then begin if (DEPFlags and PROCESS_DEP_ENABLE) = PROCESS_DEP_ENABLE then ShowMessage('DEP enabled') else ShowMessage('DEP disabled'); end else raise EOSError.Create(SysErrorMessage(GetLastError)); end else raise EOSError.Create('Unsupported OS'); end;


For point (2), you can use GetSystemDEPPolicy same way.

For point (3), you can list the processes and find out those that work with DEP.

+7
source

Win32_OperatingSystem The Win32_OperatingSystem class has 4 properties that report DEP status

  • DataExecutionPrevention_Available
  • DataExecutionPrevention_32BitApplications
  • DataExecutionPrevention_Drivers
  • DataExecutionPrevention_SupportPolicy

Read the MSDN documentation about these properties to see a description.

Check out this sample app.

 {$APPTYPE CONSOLE} uses SysUtils, ActiveX, ComObj, Variants; function DEPStatus(Status : integer) : string; begin case Status of 0 : Result:='Always Off'; 1 : Result:='DEP is turned off for all 32-bit applications on the computer with no exceptions. This setting is not available for the user interface.'; 2 : Result:='DEP is enabled for all 32-bit applications on the computer. This setting is not available for the user interface.'; 3 : Result:='DEP is enabled by default for all 32-bit applications. A user or administrator can explicitly remove support for a 32-bit application by adding the application to an exceptions list.'; else Result:='unknown'; end; end; procedure GetDEPStatusInfo; const WbemUser =''; WbemPassword =''; WbemComputer ='localhost'; wbemFlagForwardOnly = $00000020; var FSWbemLocator : OLEVariant; FWMIService : OLEVariant; FWbemObjectSet: OLEVariant; FWbemObject : OLEVariant; oEnum : IEnumvariant; iValue : LongWord; begin; FSWbemLocator := CreateOleObject('WbemScripting.SWbemLocator'); FWMIService := FSWbemLocator.ConnectServer(WbemComputer, 'root\CIMV2', WbemUser, WbemPassword); FWbemObjectSet:= FWMIService.ExecQuery('SELECT * FROM Win32_OperatingSystem','WQL',wbemFlagForwardOnly); oEnum := IUnknown(FWbemObjectSet._NewEnum) as IEnumVariant; if oEnum.Next(1, FWbemObject, iValue) = 0 then begin Writeln(Format('DataExecutionPrevention_32BitApplications %s',[FWbemObject.DataExecutionPrevention_32BitApplications]));// Boolean Writeln(Format('DataExecutionPrevention_Available %s',[FWbemObject.DataExecutionPrevention_Available]));// Boolean Writeln(Format('DataExecutionPrevention_Drivers %s',[FWbemObject.DataExecutionPrevention_Drivers]));// Boolean Writeln(Format('DataExecutionPrevention_SupportPolicy %s',[FWbemObject.DataExecutionPrevention_SupportPolicy]));// Uint8 Writeln(DEPStatus(FWbemObject.DataExecutionPrevention_SupportPolicy)); end; end; begin try CoInitialize(nil); try GetDEPStatusInfo; finally CoUninitialize; end; except on E:EOleException do Writeln(Format('EOleException %s %x', [E.Message,E.ErrorCode])); on E:Exception do Writeln(E.Classname, ':', E.Message); end; Writeln('Press Enter to exit'); Readln; end.
+7
source

Here is a simple but unorthodox DEP check method, but it only works for the current program

 function IsDepOn:Boolean; var shellcode : array [0..1] of byte; begin shellcode[0] := $90; shellcode[1] := $C3; try asm lea eax,shellcode call eax end; Result:=False; except Result:=True; end; end;
+6
source

More articles:


All Articles