Home page logo

dailydave logo Dailydave mailing list archives

Re: Non executable memory pages with AMD64 + XP SP2
From: Nicolas RUFF <nicolas.ruff () edelweb fr>
Date: Mon, 06 Dec 2004 16:15:51 +0100

(All in one answer)

First of all, thank you everybody for your support.

>[...] This means
>that you hello world or basic stack overflow that you write will not
>receive the protection until it is enabled system wide.

I would have thought that setting "/NoExecute=AlwaysOn" in BOOT.INI should be enough to enable DEP system wide (including user apps) ... But this is not the case !

>32 bit XP SP2 does use NX technology if running on a processor that
>supports it. It has to run in PAE mode though.

My CPU is AMD64 Athlon 3000+ (not FX, though). It shall support NX flag.

MOV EAX, 0x80000001
EAX = 00000000000000000000111101001000 (0x00000F48)
EBX = 00000000000000000000000100001000 (0x00000108)
EDX = 11100001110100111111101111111111 (0xE1D3FBFF)
                 |--- NX supported

I know that it should run in PAE mode for DEP to be effective, but Microsoft clearly states that PAE is enabled by default along with DEP :

>I wrote a white paper for ISS on these shortcomings. It should be made
>public pretty soon.

Aaah, I feel better knowing that there is a real issue behind all this.

There should be a panel at Control Panel->Performance and
Maintence->System->Advanced->Performace Settings->DEP Settings that will
rewrite the boot.ini as need for whatever protection level you choose.

Yes, this parameter will set OptIn or OptOut in BOOT.INI. You won't be given a chance to select AlwaysOn or AlwaysOff or PAE through a graphical interface, though.

- Nicolas RUFF
Dailydave mailing list
Dailydave () lists immunitysec com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]