mailing list archives
Re: Non executable memory pages with AMD64 + XP SP2
From: Nicolas RUFF <nicolas.ruff () edelweb fr>
Date: Mon, 06 Dec 2004 16:15:51 +0100
(All in one answer)
First of all, thank you everybody for your support.
>[...] This means
>that you hello world or basic stack overflow that you write will not
>receive the protection until it is enabled system wide.
I would have thought that setting "/NoExecute=AlwaysOn" in BOOT.INI
should be enough to enable DEP system wide (including user apps) ... But
this is not the case !
>32 bit XP SP2 does use NX technology if running on a processor that
>supports it. It has to run in PAE mode though.
My CPU is AMD64 Athlon 3000+ (not FX, though). It shall support NX flag.
MOV EAX, 0x80000001
EAX = 00000000000000000000111101001000 (0x00000F48)
EBX = 00000000000000000000000100001000 (0x00000108)
EDX = 11100001110100111111101111111111 (0xE1D3FBFF)
|--- NX supported
I know that it should run in PAE mode for DEP to be effective, but
Microsoft clearly states that PAE is enabled by default along with DEP :
>I wrote a white paper for ISS on these shortcomings. It should be made
>public pretty soon.
Aaah, I feel better knowing that there is a real issue behind all this.
There should be a panel at Control Panel->Performance and
Maintence->System->Advanced->Performace Settings->DEP Settings that will
rewrite the boot.ini as need for whatever protection level you choose.
Yes, this parameter will set OptIn or OptOut in BOOT.INI. You won't be
given a chance to select AlwaysOn or AlwaysOff or PAE through a
graphical interface, though.
- Nicolas RUFF
Dailydave mailing list
Dailydave () lists immunitysec com