PDA

View Full Version : Can SB turn off DEP?



Doug I
10-09-2009, 02:50 PM
Hi,

I have some legacy applications that require Vista 64 OS to turn off DEP (Data Execution Protection) for it to work correctly.

Can or does SB have the ability to turn off DEP on specific exe's installed on the Vista OS?

Thanks in Advance,
Doug

linder
10-10-2009, 03:19 AM
Doug,

If you still have the source code available, you should definitely try to find out where this happens in your application and then review that part of your source code. In "most" cases, it's caused by a simple "buffer overrun". For example, you have a string defined as 260 bytes and your program writes to, say, string position 270. One of your 3-rd party products can also cause this.

But if it is reported, then it is a very (VERY) serious issue and has to be fixed in your application. IMO, you should not ask your customer to add your program to the exclusion list. Thanks God (Microsoft) there is no way to add an application to the DEP list and disable DEP programmatically.

There are ways to add it to the exclusion list (e.g. using the NoExecuteAddFileOptOutList API), but this will not disable DEP for that app. It could be a security hole for Windows if it was allowed to do this programmatically, given that DEP is meant to be a defense against exploits of weakly-coded software.

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

SetupBuilder is Windows installation -- "point. click. ship"

-- Official Comodo Code Signing and SSL Certificate Partner

Doug I
10-20-2009, 10:09 AM
Hi,

Ok DEP is important for system protection... :)

However, MS seems to be inconsistent here. My program runs fine under XP, Vista 32-bit, and on Win 2003 Server.

But under Vista 64-bit, I have had to put our application on the exception list of DEP for it to work. I haven't had enough of these installs to say whether this is always the case or not.

I am pretty certain DEP exists in the latest XP service pack and under Vista 32-bit and all is good there.

Any ideas?

TIA,
Doug

linder
10-20-2009, 10:23 AM
Doug,

WOW64 is short for Windows-32-on-Windows-64. It provides 32-bit emulation for existing 32-bit applications, enabling most 32-bit applications to run on the 64-bit version of Windows without modification. Most applications, not all applications :)

If DEP stops your application on a x64 system then there is definitely a problem with your application (my bet is a buffer overrun).

There is only one way to solve this problem: you have to find the bug in your application and fix it.

We had a similar problem some years ago:
http://www.lindersoft.com/forums/showthread.php?t=1255&highlight=dep

It was not easy to find it.

Good luck :)

Friedrich

Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

SetupBuilder is Windows installation -- "point. click. ship"

-- Official Comodo Code Signing and SSL Certificate Partner

linder
10-20-2009, 10:26 AM
I am pretty certain DEP exists in the latest XP service pack and under Vista 32-bit and all is good there.

BTW, it's quite possible that not all of your customers get a DEP error -- and please note that not all processors support hardware based DEP.

Friedrich