Data Execution Prevention

[ic2]

I build a fairly large app that runs under Windows 95 thru XP and it took me a long time to get it right.  Last month I upgraded to Servicepack2 and all Microsoft fixes on-line including IE7 and Media10.  Yesterday for the first time I went to fire up the app and it did not run.  So I went to another machine with XP only and it work.  I also re-checked with Win95 and it works.

I think it may be the Data Execution Prevention.  I build this program with lots to tricks in it for protection only.  There is no illegal code in it whatsoever.  What ever MS is doing they is not trying to assist programs writers.  Office Word 2007 rip-off the clipboard from WordPerfect 8 usage completely when both programs are running at the same time and they did it with No Shame.  It never touched any other programs other than WordPerfect.  This never happened before Office 2007... That is just plain mean and selfish...  I'm sorry but I don't trust MS at all anymore after seeing that.   And now my app can't run for some reason that isn't my fault.  It's a shame we have to fight with Windows to Write for Windows with the tools Windows sell us to write with.  There no real reasons for them to make those silly changes other than forcing people to buy their new products year after year.  Common sense shows that.

Anyway, first I tried to turn off Data Execution Prevention.  I go to that dialog and there is nothing that say you can turn it completely off.  So I want to go to Local Services under Administrative Tools, to completely stop that service.  Would anyone know what name this services is under.

Thank you

[jj2007]

Re DEP: Use the "Turn on DEP ... except", "Add..." feature, and select your executable. I had DEP problems, and the main symptom is a fat ugly dialog saying that M$ had to shoot at your misbehaving proggie.

But it may be another issue than DEP - and I fully agree that M$ does all kind of things to make the life of the ordinary programmer difficult.

[ic2]

I did some searching and found this.  Now I know a little more about it and this is the problem.

Maybe someone with experienced can figure out something for ASM coders.  I wonder if there is a way to delete this DEP mess of my system off my system.  I don't need or want it on my system.  I protect my own self from virus.  I don't need no code breaking company controlling my app's just to protect itself from virus having no consideration for no one other then them self.  Soon ASM will be dead and gone if you leave it to MS and Intel.  Leaving me nothing for protecting my own code from hackers while they do all they can to protect the OS code from me.  This is no favor to me.  Now I got to learn to write c++.  ain't that a %^4#*

http://www.maxpatrol.com/ptmshorp.asp

Thanks jj2007, I did that and rebooted to be sure but it did't work... I think you're right...

But it may be another issue than DEP - and

There must be something else going on...and it's not my app but it's certainly against it...  and my CPU don't even have DEP so it's all coming for MS code injection or his own special virus code.  If any of this is true that's make it LEGAL.

It still runs great with-out Servicepack2.

I am not happy...

[ic2]

I must have done a GREAT job of protection... even MaxPatrol could not save me.  O-well, back to the drawing board.

[hutch--]

ic2,

The trick with DEP is to maie sure the app never tries to execute code written in the data section. If you have executable code stored there try either moving it to the code section with a jump over it or copy it to executable memory before trying to run it.

You will be in trouble trying to execute code on the stack as DEP waws among other things designed to prevent this.

[Rockoon]

DEP is a good thing.

Some of us were programming on architectues that had DEP features long before intel/amd joined the game.

If DEP is messing your program up, its because you didnt code it well. I'm sorry if that offends you, but its most definately ametuer hour if you are executing memory that isnt marked as code. You can almost be forgiven for your sins if you never dealt with an architecture with DEP before, but not quite. Bad programming practices remain bad even when the hardware doesnt enforce it.

Case in point: Did any other software stop working on your system when you installed SP2, or was only your software hit?

[jj2007]

Try my personal DEP test suite, just to see how the error message looks like if it is a DEP problem.

[attachment deleted by admin]

[ic2]

I knew nothing about software DEP other than it could slow down a virus by at lease 10 seconds and can wreak mayhem on any software it do not understand. 

Hardware gives you the options ON or OFF,  that works.   Microsoft are only coders and they have an responsibility to code things that works as well.  ON means ON and OFF mean OFF.

A  System Software writer job is to only to flip the switch to the CPU.

A Software Application writer job IS to code a DEP for users, with  a ON-OFF switch, completed with an un-installer because this is no play toy.   People spend money on software and don't live to upgrade weekly.

This mess caused me problems and I HAD something to say about that and if I have insulted someones employer, here...   I am not afraid to tell you again ... Your Company Sucks !!!  Your new CEO or whoever is ordering up this childish mess need to be fired.

I like windows,  not the added junk some clown wrote into it ..


Rockoon, I do hear you loud and clear my friend.  I did miss a lot.

Thanks

enc98.exe
prwin8.exe
ps80.exe
qfinder.exe
ua80.exe

and me so far with many more applications on my machine not yet tested



jj2007, do this prove that DEP may have a problem.  Would that happen only for Win Software version.  How about straight hardware only without Win DEP getting in the way.  I'm just wondering or does it even matter.

[ic2]

BTW:

hutch, I have absolutely no code any where except the code section.  Guys like you,  f0dder,  bitRAKE and a few others taught me to never do that long ago.   Those code wars made me not darn not even try.   I'll never forget.

All my data is based on masm32 examples 1 - 4 and has never change it style.

I'll figure it out.  I got a lead now... jj2007 sample shows it can go beyond just the .data section for my case. It's down there ssomewhere. I'll find it tonight.

[donkey]

Hi ic2,

DEP also prevents an application from writing to the CODE section not only from executing in the data/stack section. I ran into a problem where I had a program that used a MASM32 example that would not run under DEP, any MASM32 example that does the following will have problems under SP2...

Code Select Expand

...blah
jmp @F
SomeDataBuffer: DB 256 DUP (0)
@@:
blah...

Donkey

[jj2007]

DEP also prevents an application from writing to the CODE section

That's what my "test suite" demonstrates in a few lines. The point is that DEP produces precise error messages, and if you do NOT see these messages, then it is NOT DEP but something else. M$ always has some surprises in the hat...

[ic2]

jj2007, what do I look for in the error message that indicate it's a
DEP problem.  I'm not good at all reading Windwows Error Report Contents.  I only know how to use messeage boxes for debugging but that's about to change.  I and I'm sure others are lucky you came up with this.

Hi donkey.  All my attempts at code protection thru clever seperation, sorting, SMC etc is over.  That was my biggest hobby ever.  Now a thing of the pass, all in a day. :(

SomeDataBuffer: DB 256 DUP (0)

That the whole plan, out the window...  I twisted my data section to the point that I don't know where the data is OR went myself half the time.  I would'nt even know where or what to jump over I got so much of it.  This is crazy and I didn't even know.

I'll never nod-off again

[jj2007]

jj2007, what do I look for in the error message that indicate it's a DEP problem.

In office, I have XP SP2, and it behaves as described here. On weekends, I have only SP1, and M$ complains with a good 'ol GPF ("encountered a ploblem")...

[Jimg]

Doesn't VirtualProtect work on vista?

[donkey]

Doesn't VirtualProtect work on vista?

Vista has a solution to the DEP problem, you can set DEP in line using SetProcessDEPPolicy, though if GetSystemDEPPolicy returns 1(AlwaysOn), the APi will not change the policy.

Hi donkey.  All my attempts at code protection thru clever seperation, sorting, SMC etc is over.  That was my biggest hobby ever.  Now a thing of the pass, all in a day

Ah well, if stack execution had not been used for so many exploits MS might never have noticed yet another hole in their security. As it is it does thwart quite a few attacks.

Donkey