All areas of memory are marked as non-executable unless they are explicitly designated for executable code.
Typically the Software enforced DEP does not perform the same operation but it prevents SEH Overwrites. Obviously you will have this question!!
What is SEH? And what is SEH overwrite?
Structured Exception Handling works by defining a uniform way of handling all exceptions that occur during the normal course of process execution. It is used to dispatch both hardware and software exceptions.
There are two pointers involved: Next pointer and handler pointer. The attacker can gain control by overwriting this handler pointer.
The DEP is supported by Windows XP SP2, and above. There are two methods to enable DEP in windows.
- In My computer properties , u can enable DEP for windows Binaries or for all applications
- In boot.ini, using the /noexecute parameter.
No comments:
Post a Comment