«
»

Programmeerimine: DEP aktiivseks

Mis on DEP ?

http://support.microsoft.com/kb/875352/en-us
Data Execution Prevention (DEP) is a set of hardware and software technologies that perform additional checks on memory to help prevent malicious code from running on a system. In Microsoft Windows XP Service Pack 2 (SP2) and Microsoft Windows XP Tablet PC Edition 2005, DEP is enforced by hardware and by software.

The primary benefit of DEP is to help prevent code execution from data pages. Typically, code is not executed from the default heap and the stack. Hardware-enforced DEP detects code that is running from these locations and raises an exception when execution occurs. Software-enforced DEP can help prevent malicious code from taking advantage of exception-handling mechanisms in Windows.

Täiendavaks lugemiseks: Buffer overflow

Samas on dokumenteeritud, et Windows teeb omamoodi hack-in-dosi: failid, mis on pakitud ASPack abil, nendel ei rakendu DEP ! Põhjus lihtne, osade pakkijate töömuster on suht sarnane buffer overflow’le.

Ntx: Firefox on DEP austaja, nii Firefox.exe’l, kui ka plugin-conteiner.exe’l on DEP alati lubatud. Müts maha nende ees !

————
Lisan siia juurde Delphi koodi, mille kirjutasin ühe enda rakenduse tarbeks:

uses
SysUtils,windows,typinfo;

const
PROCESS_DEP_ENABLE = $000000001;
PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION = $00000002;

type
_DEP_SYSTEM_POLICY_TYPE = (
AlwaysOff=0,
AlwaysOn=1,
OptIn=2,
OptOut=3);

type
TSetProcessDEPPolicy = function(dwFlags : dword):LongBool;stdcall;
TGetSystemDEPPolicy = function():_DEP_SYSTEM_POLICY_TYPE;stdcall;
TGetProcessDEPPolicy = function(hProcess : THandle;
var lpFlags : DWord;
var lpPermanent : LongBool):LongBool;stdcall;

var
pSetProcessDEPPolicy : TSetProcessDEPPolicy;
pGetSystemDEPPolicy : TGetSystemDEPPolicy;
pGetProcessDEPPolicy : TGetProcessDEPPolicy;

plib : THandle;
ppol : _DEP_SYSTEM_POLICY_TYPE;
pflags : DWord;
plperm : LongBool;
begin
writeln('Ingmar Tammeväli 2010 http://ingmar.planet.ee');
plib:=getmodulehandle('kernel32.dll');
pSetProcessDEPPolicy:=getprocaddress(plib,'SetProcessDEPPolicy');
pGetProcessDEPPolicy:=getprocaddress(plib,'GetProcessDEPPolicy');
pGetSystemDEPPolicy:=getprocaddress(plib,'GetSystemDEPPolicy');

if assigned(pSetProcessDEPPolicy) and assigned(pGetSystemDEPPolicy) and assigned(pGetProcessDEPPolicy) then
begin
ppol:=pGetSystemDEPPolicy;
pSetProcessDEPPolicy(0);
writeln(typinfo.GetEnumName(TypeInfo(_DEP_SYSTEM_POLICY_TYPE),ord(ppol)));

pflags:=0;
plperm:=false;
pGetProcessDEPPolicy(getcurrentprocess,pflags,plperm);
writeln('protsessi DEP olukord: ',pflags,' ',plperm);

// muul juhul pole seda vaja !
// jonni ikka peale
if (ppol=OptIn) and (pflags=0) then
begin
pSetProcessDEPPolicy(PROCESS_DEP_ENABLE);
// kontroll peale
pflags:=0;
plperm:=false;
pGetProcessDEPPolicy(getcurrentprocess,pflags,plperm);
writeln('protsessi DEP olukord: ',pflags,' ',plperm);
end;

end;

readln;
end.

This entry was posted on jaanuar 17, 2011 at 10:25 and is filed under Koodivaramu. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Lisa kommentaar