Dailydave mailing list archives
RE: Non executable memory pages with AMD64 + XP SP2
From: "Maynor, David (ISS Atlanta)" <dmaynor () iss net>
Date: Mon, 6 Dec 2004 12:23:12 -0500
So with it enabled you are getting no errors if you attempt a stack based overflow? -----Original Message----- From: dailydave-bounces () lists immunitysec com [mailto:dailydave-bounces () lists immunitysec com] On Behalf Of Nicolas RUFF Sent: Monday, December 06, 2004 10:16 AM To: dailydave Subject: Re: [Dailydave] Non executable memory pages with AMD64 + XP SP2 (All in one answer) First of all, thank you everybody for your support.
[...] This means that you hello world or basic stack overflow that you write will not receive the protection until it is enabled system wide.
I would have thought that setting "/NoExecute=AlwaysOn" in BOOT.INI should be enough to enable DEP system wide (including user apps) ... But this is not the case !
32 bit XP SP2 does use NX technology if running on a processor that supports it. It has to run in PAE mode though.
My CPU is AMD64 Athlon 3000+ (not FX, though). It shall support NX flag. MOV EAX, 0x80000001 CPUID EAX = 00000000000000000000111101001000 (0x00000F48) EBX = 00000000000000000000000100001000 (0x00000108) EDX = 11100001110100111111101111111111 (0xE1D3FBFF) ^ |--- NX supported I know that it should run in PAE mode for DEP to be effective, but Microsoft clearly states that PAE is enabled by default along with DEP : http://support.microsoft.com/kb/875352
I wrote a white paper for ISS on these shortcomings. It should be made public pretty soon.
Aaah, I feel better knowing that there is a real issue behind all this.
There should be a panel at Control Panel->Performance and Maintence->System->Advanced->Performace Settings->DEP Settings that
will
rewrite the boot.ini as need for whatever protection level you choose.
Yes, this parameter will set OptIn or OptOut in BOOT.INI. You won't be given a chance to select AlwaysOn or AlwaysOff or PAE through a graphical interface, though. Regards, - Nicolas RUFF _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Non executable memory pages with AMD64 + XP SP2 Nicolas RUFF (Dec 05)
- RE: Non executable memory pages with AMD64 + XP SP2 Mike Bailey (Dec 05)
- <Possible follow-ups>
- RE: Non executable memory pages with AMD64 + XP SP2 Maynor, David (ISS Atlanta) (Dec 05)
- RE: Non executable memory pages with AMD64 + XP SP2 Maynor, David (ISS Atlanta) (Dec 05)
- Re: Non executable memory pages with AMD64 + XP SP2 Nicolas RUFF (Dec 06)
- RE: Non executable memory pages with AMD64 + XP SP2 Maynor, David (ISS Atlanta) (Dec 06)