RE: Non executable memory pages with AMD64 + XP SP2

["Mike Bailey" <mike.bailey () sunbladesecurity com>]

> Did anyone out there have a chance to test non-executable 
> memory pages on AMD64 + XP SP2 ? I sent a mail on Bugtraq a 
> few weeks ago but I did not receive much support from the community.


I actually tried to talk to the "Enhanced Virus Protection" NX bit speaker a
few weeks ago at an AMD conference and he didn't really want to discuss the
subjects of "applications tested to work with" at all.  Others speaking also
pretty much said the same thing about good luck finding real 64bit drivers
that are not just the old 32bit ones hacked to not fail on load under XP and
2003. They talked positively about Linux/Unix support but apps still need to
be rewritten to take advantage of the proc before you'll notice much.

Are you trying it on an Athalon or Opteron? 


> It seems to me that non-executable pages are never enabled 
> (at least for basic user programs, such as "hello world" 
> buffer overflow), unless you manually specify /PAE, despite:
> http://support.microsoft.com/kb/875352



> If you read the small caps on AMD commercials in France, they 
> say something like: "you must manually enable the Enhanced 
> Virus Protection for each of your application to be fully 
> protected". What is this supposed to mean ???


Out of curiosity what DEP config switches have you tried in your boot.ini?
Optin being the default sounds like what the commercials are saying.




_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave