For Programmers: Free Programming Magazines  


Home > Archive > A86 Assembler > May 2006 > Re: Why is Windows XP 64 bit DEP (Data Execution Prevention) not working in this exam









You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

 

Author Re: Why is Windows XP 64 bit DEP (Data Execution Prevention) not working in this exam
f0dder

2006-05-24, 6:57 pm

Skybuck Flying wrote:
> "Wilco Dijkstra" <spamtrap@crayne.org> wrote in message
> news:2f2dg.4341$XR6.3058@newsfe2-gui.ntli.net...
>
> Why is ShowMe executed ?
>
> It's just an address on the stack.
>
> The instruction pointer will point to this address and will execute
> it as if it were an instruction if I am not mistaken ?

DEP doesn't stop you from overwriting the return-EIP on the stack - it stops
you from putting (shell)code on the stack, pointing return-EIP to the stack,
and thus executing from the stack. You also can't execute directly from
HeapAlloc()'ed memory, and must now either VirtualProtect() or
VirtualAlloc() with the right flags.

Sponsored Links







Also available: Server administration forum archive | Web Design forum archive | Software forum archive | Hardware reviews archive

Copyright 2008 codecomments.com