Data Execution Prevention in WindowsXP Service Pack 2

written by: Greg Melton; article published: year 2006, month 11;



In: Categories » Computers and technology » Microsoft OS family » Data Execution Prevention in WindowsXP Service Pack 2

Starting with Windows XP Service Pack 2, Windows XP supports a feature called Data Execution Prevention (DEP) that prevents programs from replacing the original, intended machine instructions in memory with new instructions that could perform malicious acts. This feature became necessary when virus writers and hackers began exploiting bugs in software that can result in malicious program instructions sent from the attacker being written in memory that was supposed to hold just program data. These are often referred to as buffer overrun exploits or stack overflow exploits. If the program's path through memory eventually takes it into the malicious code, the injected instructions can do anything you can do; that is, the program has your privileges, can access any file you can, can infect other programs, and so on.

Data Execution Prevention uses two different mechanisms to guard against this type of attack: First, it uses Windows software mechanisms to prevent programs from writing any new instructions into sections of memory that were originally designated as holding instructions. Second, it prevents programs from executing instructions from any section of memory that was originally designated as holding only data. The second form of protection is the stronger of the two, but it is only available with some CPU chips, including all 64-bit processors from AMD and Intel, Intel's Pentium D and Pentium 840 Extreme Edition processors, and AMD's Sempron processors. This second mechanism is called Execute Disable or ED by Intel, and No Execute or NX by AMD, and it's used when available whenever Data Execution Prevention is enabled in Windows.

Note

On a corporate network, Data Execution Prevention is probably enabled and managed by the network Group Policy. Individual applications that are known to be safe but which modify their own executable instructions on purpose can be marked to "opt out" of protection using the Application Compatibility Toolkit. For more information about this mechanism, see www.microsoft.com/windows/appcompatibility/default.mspx.


By default, when Windows XP Service Pack 2 is installed, DEP is enabled only for Windows components themselves. To protect all applications, right-click My Computer and select Properties to open the System Properties dialog. Select the Advanced tab, and click the top Settings button under Performance. Select the Data Execution Prevention tab

To enable DEP for all applications, select Turn On DEP for All Programs and Services Except Those I Select.

If you change Data Execution Prevention settings, you'll need to restart Windows. When enabled for all applications, you may find that an application that used to work suddenly fails with a dialog box that says "Data Execution PreventionA Windows security feature has detected a problem and closed this program." In this case, you should contact the manufacturer's tech support to see whether this is a known issue, or if an update is available.

If you determine that the application is actually safe but just happens to require the ability to write modified instructions in order to work, you can instruct Windows to disable DEP for this application. Back in the DEP setup dialog click Add, and then browse to select the .EXE file that corresponds to the application in question. Click OK to save it in the list of exceptions.

Caution

If you enable Hardware Data Execution Prevention and have a flaky device driver, the driver may prevent Windows from booting. Use the following procedure to recover.

If Windows halts with a blue screen, or reboots repeatedly when you restart it after enabling Hardware DEP (or after updating a device driver when Hardware DEP is enabled), one of your device drivers is executing code from "No Execute" memory and terminating. Use one of the following methods to disable DEP. First, try to boot Windows in Safe mode:

1.
When your computer's BIOS startup screen appears, press F8 repeatedly until Windows' Advanced Startup Options menu appears. Select Safe Mode and press Enter.
2.
When Windows has started, log on as a Computer Administrator, go back to the Data Execution Prevention setup tab, and disable hardware protection. Restart Windows to test.

If Windows won't even boot in Safe mode, you'll need to take the more drastic step of manually editing the boot.ini file on the hard drive that contains Windows. To do this, follow these steps:

1.
Remove the hard drive from your computer and install it in another computer, which, if your Windows partition uses NTFS formatting, must be running Windows XP or Windows 2000. If you need to change the drive's master/slave jumpers, be sure to make a note of the original setting before changing them.
2.
Start up the alternative computer, and view My Computer to identify the drive letter that was assigned to your relocated drive; let's say it's E. (If a different drive letter is assigned, use that letter instead of E in the next step.)
3.
Open a command prompt window and type the following commands:

e:  attrib -r -h -s boot.ini  notepad boot.ini

4.
In Notepad, locate the line under [operating systems] that has /NoExecute=OptIn, /NoExecute=OptOut or /NoExecute=AlwaysOn in it. Carefully change it to read /NoExecute=AlwaysOff.
5.
Save boot.ini (Alt+F, Alt+S) and close Notepad (Alt+X).
6.
Type the following command:

attrib +r +h +s boot.ini

7.
Shut down the computer, remove your hard drive, reset the master/slave jumpers if you changed them, put it back in your computer, and restart Windows.

When Windows boots successfully, log on as a Computer Administrator and check the Event Log for an indication of which driver failed during startup. Update it or roll it back before enabling hardware DEP again.

legal disclaimer

1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service

Useful tools and features

Translate this article to...    Send this article to you or to a friend

Link to this article from your page   
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.

related articles

1. Managing Startup Programs under Windows XP
Besides ensuring that your computer has adequate memory, one of the next best ways to improve your subjective experience of Windows' speed is to make the logon process faster. The logon process can be greatly slowed by large numbers of programs that are launched automatically upon logon; the desktop and Start menu don't respond until all of the login programs have been activated. Keeping the list of startup programs short is a constant struggle, however. To hide the fact that many common programs are poorly written and ...

2. How to Configure Automatic Updates in Windows XP
Automatic Updates is a mechanism with an awkwardly plural-sounding name by which Microsoft or corporate network managers distribute critical security updates to Windows users. Fixes sent by this means are considered so important for adequate security in the hostile Internet environment that Microsoft prefers that you configure it to download and install the updates, and if necessary even restart your computer without your being aware of it. There are four levels of Automatic Updates protection to which you can subscribe:...

3. MS DOS Versus PC DOS
With modern PCs having a very high level of standardization and compatibility, today it is easy to see how Microsoft can market complete packaged operating systems that will install and work unmodified on practically any PC you can purchase or build. Without the standardization and compatibility we have come to depend on, different specific "flavors" of a given operating system would be required for specific different hardware. That is exactly how things were back in the early '80s when the IBM PC was introduced. Many o...

4. How to make your PC Available for Remote Desktop Connection
To use Remote Desktop to reach your computer from the Internet, both the computer and your Internet connection must always be up and running. In addition, you must be able to make connections from the outside world to your computer, so there are additional requirements: If you use dial-up Internet service, you'll need someone at home to establish the connection before you can connect to your computer. If you use cable or DSL Internet service, you must either have a static IP address ass...

5. How to Update DirectX ~ Advantages
Although most Windows applications place fairly low demands on the display system, putting up fairly static displays and updating them relatively infrequently, interactive games and video displays are very graphics intensive. Game players pay big bucks for fps, or frames per second, which is a measure of how fast the hardware and software can generate new images as the scene changes and objects move. Under about 30fps, the image flickers and motion is noticeably jerky. Beyond 30fps, faster updates aren't noticeable, and the e...

6. Using Simple File Sharing in Windows
Although most home users are typically happy letting anyone at any computer read or modify any file, business users need to restrict access to files with payroll, personnel, and proprietary information. Windows XP and its predecessors, Windows NT and Windows 2000, were primarily designed for business use, so they require usernames and passwords for identification, and have a security system that lets computer owners restrict access to sensitive files on a user-by-user and file-by-file basis on each computer. Unfortunate...

7. The Evolution of Microsoft Windows ~ The Windows 9x Family
By the mid-1990s, processor power had increased and memory prices had decreased dramatically since Windows' original release. The Internet had also sprung onto the world stage, from an academic tool to an instrument of global communication and commerce. (You may recall that Windows 3.1 did not even include support for the TCP/IP network protocol used on the Internetyou had to purchase it from a third-party vendor.) Users' expectations likewise had grown with computers' capabilities, and desktop publishing, graphics editing, and...

8. How to install Windows and Installation Types
Deciding on the type of installation to perform is dictated by many factors, such as the following: Is there an operating system currently installed? If so, do you want to preserve settings and configurations, or start from scratch? Will the installation be performed interactively or remotely? How many computers are to be installed at a single time? Is your network arranged in a domain model using Active Directory? These are ...

9. How to adjust Text Icons and Window Element Sizes
If you find the items on the screen difficult to read or see, you can either lower the screen resolution, which makes everything larger but blurrier, or ask Windows to make the elements themselves larger while keeping a crisper, high screen resolution. There are two ways you can do this. Here's the first procedure: 1. Right-click the Desktop and select Properties. 2. Save the current screen settings so if you're unhappy with the results, you can back the changes out. Select the Themes tab, click Save As, and enter ...