How Secure is Windows Hardware-enforced Data Execution Prevention [was ani_loadimage_chunksize problem]

[security at vahle.de (Thomas Werth)]

So Windows Hardware-enforced Data Execution Prevention stopped the
exploit attemp.
On http://www.uninformed.org/?v=2&a=4&t=txt skape wrote how to bypass this.
Now i'd like to weight how much securtiy is added using this feature.
Well it stopped the exploit very fine, but would it be possible to
rewrite msf exploits/payloads so they would automaticly bypass windows
protection ?
I'd like to hear lists opinion to this protection.
To me on one hand it stopped the exploit, but on other hand skape
describes how to bypass and i won't doubt his findings.

regards
Thomas


Thomas Werth schrieb:
> Ohh,
> what an "easy" reason :)
>
> On Windows code execution protection is activated for all programs.
> IDA doesn't show X Flag for stack segment, so exceution isn't allowed.
> So it seems msf payload does nothing magic to circumvate code exectution
> protection and ida properly prompts wrong message ...
>
>
>
> H D Moore schrieb:
> > Could it be that the stack is non-executable on your platform and IDA is 
> > misinterpreting the exception code?
> >
> > -HD
> >
> > On Wednesday 24 October 2007, Thomas Werth wrote:
> > > Now the jmp esp is donw and lands in stack.
> > >
> > > But then the same exception is thrown.
> > > "Memory could not be written The instruction at 0x12decc referenced
> > > memory at 0x12decc. The memory could not be written (0x12decc ->
> > > 12decc)" Strange is that Segment is marked as W & D public Stack.
> > > So write access should be granted...
> > > Altouhg why in generell is there a write access violation when
> > > performing a nop or former a jmp esp ?
> > >
> > > Any help and clarification is welcome.