1. Re[2]: WinXP SP2 and inline machine code calling

However on the MS site it says:

Software-enforced DEP

An additional set of data execution prevention security checks have
been added to Windows XP SP2. These checks, known as software-enforced
DEP, are designed to mitigate exploits of exception handling
mechanisms in Windows. Software-enforced DEP runs on any processor
which is capable of running Windows XP SP2. By default,
software-enforced DEP only protects limited system binaries,
regardless of the hardware-enforced DEP capabilities of the processor.


So without the new CPU, just using winxpsp2 it will be blocked?

How is it, Rob?

T> posted by: Tommy Carlier <tommy.carlier at telenet.be>

T> unknown wrote:
>> I  haven't  tried  SP2, and possibly never, but SP2 has Data Execution
>> Prevention <a
>> href="http://fype.com/sp2dep">http://fype.com/sp2dep</a>
>> 
>> Will it be preventing this kind of code execution?
>> (because the code will be executed from data area, CMIIW)
>> 
>> 
>> (taken from bit.e)
>> poke(SHL_SPACE, {
>>      -- first int argument is at stack offset +4, 2nd int is at +8
>>      -- returns a *signed* 32-bit number
>>      #8B, #44, #24, #04,      -- mov  eax, [esp+4]
>>      #8A, #4C, #24, #08,      -- mov  cl,  [esp+8]
>>      #D3, #E0,                -- shl  eax, cl
>>      #C2, #08, #00            -- ret  8  -- pop 8 bytes off the stack
>>     })
>> 
>> SHIFT_LEFT = define_c_func("", SHL_SPACE, {C_INT, C_INT}, C_INT)

T> Only if your CPU has a mechanism to block execution from a data
T> area. And only the very recent CPUs have such a mechanism. But
T> that's an interesting and perhaps disturbing thought, given your
T> example.

new topic     » topic index » view message » categorize

2. Re: Re[2]: WinXP SP2 and inline machine code calling

Akusaya wrote:
> 
> However on the MS site it says:
> 
> Software-enforced DEP
> 
> An additional set of data execution prevention security checks have
> been added to Windows XP SP2. These checks, known as software-enforced
> DEP, are designed to mitigate exploits of exception handling
> mechanisms in Windows. Software-enforced DEP runs on any processor
> which is capable of running Windows XP SP2. By default,
> software-enforced DEP only protects limited system binaries,
> regardless of the hardware-enforced DEP capabilities of the processor.
> 
> 
> So without the new CPU, just using winxpsp2 it will be blocked?
> 
> How is it, Rob?

I installed SP2 a couple of weeks ago.
The many Euphoria programs that I've tried 
run exactly the same as before. Poked code can still
be executed out of a data segment.

Regards,
   Rob Craig
   Rapid Deployment Software
   http://www.RapidEuphoria.com

new topic     » goto parent     » topic index » view message » categorize

Search



Quick Links

User menu

Not signed in.

Misc Menu