Dailydave mailing list archives

RE: Non executable memory pages with AMD64 + XP SP2

From: "Maynor, David (ISS Atlanta)" <dmaynor () iss net>
Date: Mon, 6 Dec 2004 12:23:12 -0500

So with it enabled you are getting no errors if you attempt a stack
based overflow? 

-----Original Message-----
From: dailydave-bounces () lists immunitysec com
[mailto:dailydave-bounces () lists immunitysec com] On Behalf Of Nicolas
RUFF
Sent: Monday, December 06, 2004 10:16 AM
To: dailydave
Subject: Re: [Dailydave] Non executable memory pages with AMD64 + XP SP2

(All in one answer)

First of all, thank you everybody for your support.

[...] This means
that you hello world or basic stack overflow that you write will not
receive the protection until it is enabled system wide.


I would have thought that setting "/NoExecute=AlwaysOn" in BOOT.INI 
should be enough to enable DEP system wide (including user apps) ... But

this is not the case !

32 bit XP SP2 does use NX technology if running on a processor that
supports it. It has to run in PAE mode though.


My CPU is AMD64 Athlon 3000+ (not FX, though). It shall support NX flag.

MOV EAX, 0x80000001
CPUID
EAX = 00000000000000000000111101001000 (0x00000F48)
EBX = 00000000000000000000000100001000 (0x00000108)
EDX = 11100001110100111111101111111111 (0xE1D3FBFF)
                  ^
                  |--- NX supported

I know that it should run in PAE mode for DEP to be effective, but 
Microsoft clearly states that PAE is enabled by default along with DEP :
http://support.microsoft.com/kb/875352

I wrote a white paper for ISS on these shortcomings. It should be made
public pretty soon.


Aaah, I feel better knowing that there is a real issue behind all this.

There should be a panel at Control Panel->Performance and
Maintence->System->Advanced->Performace Settings->DEP Settings that

will

rewrite the boot.ini as need for whatever protection level you choose.


Yes, this parameter will set OptIn or OptOut in BOOT.INI. You won't be 
given a chance to select AlwaysOn or AlwaysOff or PAE through a 
graphical interface, though.

Regards,
- Nicolas RUFF
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Non executable memory pages with AMD64 + XP SP2 Nicolas RUFF (Dec 05)
- RE: Non executable memory pages with AMD64 + XP SP2 Mike Bailey (Dec 05)
- <Possible follow-ups>
- RE: Non executable memory pages with AMD64 + XP SP2 Maynor, David (ISS Atlanta) (Dec 05)
- RE: Non executable memory pages with AMD64 + XP SP2 Maynor, David (ISS Atlanta) (Dec 05)
  - Re: Non executable memory pages with AMD64 + XP SP2 Nicolas RUFF (Dec 06)
- RE: Non executable memory pages with AMD64 + XP SP2 Maynor, David (ISS Atlanta) (Dec 06)