Re[2]: WinXP SP2 and inline machine code calling
- Posted by akusaya at gmx.net
Sep 15, 2004
However on the MS site it says:
Software-enforced DEP
An additional set of data execution prevention security checks have
been added to Windows XP SP2. These checks, known as software-enforced
DEP, are designed to mitigate exploits of exception handling
mechanisms in Windows. Software-enforced DEP runs on any processor
which is capable of running Windows XP SP2. By default,
software-enforced DEP only protects limited system binaries,
regardless of the hardware-enforced DEP capabilities of the processor.
So without the new CPU, just using winxpsp2 it will be blocked?
How is it, Rob?
T> posted by: Tommy Carlier <tommy.carlier at telenet.be>
T> unknown wrote:
>> I haven't tried SP2, and possibly never, but SP2 has Data Execution
>> Prevention <a
>> href="http://fype.com/sp2dep">http://fype.com/sp2dep</a>
>>
>> Will it be preventing this kind of code execution?
>> (because the code will be executed from data area, CMIIW)
>>
>>
>> (taken from bit.e)
>> poke(SHL_SPACE, {
>> -- first int argument is at stack offset +4, 2nd int is at +8
>> -- returns a *signed* 32-bit number
>> #8B, #44, #24, #04, -- mov eax, [esp+4]
>> #8A, #4C, #24, #08, -- mov cl, [esp+8]
>> #D3, #E0, -- shl eax, cl
>> #C2, #08, #00 -- ret 8 -- pop 8 bytes off the stack
>> })
>>
>> SHIFT_LEFT = define_c_func("", SHL_SPACE, {C_INT, C_INT}, C_INT)
T> Only if your CPU has a mechanism to block execution from a data
T> area. And only the very recent CPUs have such a mechanism. But
T> that's an interesting and perhaps disturbing thought, given your
T> example.
|
Not Categorized, Please Help
|
|
