Data Execution Prevention (DEP) is a set of hardware and software technologies that perform additional checks on memory to help prevent malicious code from running on a system.
The primary benefit of DEP is to help prevent code execution from data pages. Typically, code is not executed from the default heap and the stack. Hardware-enforced DEP detects code that is running from these locations and raises an exception when execution occurs. Software-enforced DEP can help prevent malicious code from taking advantage of exception-handling mechanisms in Windows
There are two types of DEP:
- Hardware-enforced DEP enables DEP for both kernel-mode and user-mode processes. It must be supported by the processor and the operating system.
- Software-enforced DEP enables DEP only on user-mode processes. It must be supported by the operating system.
DEP is supported by Windows XP with SP2, Windows Server 2003 with SP1, and Windows Vista, and later versions of Windows.
On 32-bit versions of Windows, hardware-enforced DEP requires PAE, which is supported by all Windows operating systems that support DEP. When DEP is enabled on a computer with a processor that supports hardware-enforced DEP, Windows automatically enables PAE and ignores the boot parameter values that disable it.
No comments:
Post a Comment