DEP starts in one of two modes:
1) DEP hardware is designed for processors that may mark memory pages as unreachable. This helps prevent some exploits, such as buffer overflows.
2) DEP software is for processors that do not have DEP hardware support. This does not prevent code from executing on data pages, but instead cancels overwriting SEH (another type of attack).
In Windows XP with processors supporting it, DEP hardware is enabled by default only for certain Windows system binaries, as well as for programs that prefer to “opt out”.
In Vista with processor support, hardware DEP is enabled by default for almost all processes. This can sometimes be problematic, usually for older programs and drivers, as well as for independent software vendors who have not tested Vista.
Therefore, I suspect that the first step is to find out if you are dealing with software or hardware DEP. Also, are you using C # / VB or managed C ++? And do you use any native code or components? If your application uses its own component or ActiveX control that was created using the old ATL infrastructure, it is possible that your application terminates with hardware DEP.
Starting with the .NET Framework 2.0 SP1, I believe that the C # compiler emits DEP compatible managed code. But if your application throws DEP exceptions, you can try to clear the IMAGE_DLLCHARACTERISTICS_NX_COMPAT flag for your executable. To do this, you use EDITBIN.EXE from the VC toolkit as follows:
editbin.exe /NXCOMPAT:NO <your binary>
If you are using Visual Studio, you can add a post-build step to your executable project. You need to set up your environment so that you can solve problems with EDITBIN changes. When I use native code as part of my application, the post-build step is as follows:
call $(DevEnvDir)..\tools\vsvars32.bat editbin.exe /NXCOMPAT:NO $(TargetPath)
RoadWarrior Dec 08 '08 at 21:59 2008-12-08 21:59
source share