Thursday, September 29, 2005

An Example of Compatibility Issues with Data Execution Prevention

Data execution prevention (DEP) is a set of hardware and software technologies that perform additional checks on memory to help protect against malicious code exploits. It's first introduced in Windows XP SP2. DEP is enforced by both hardware and software. See my notes on DEP for more detail. I never encountered any compatibility issues with DEP until recently.

We have an application written in Delphi 7. It contains a Delphi Web service and a Delphi client. This app failed on some machines supporting hardware-enforced DEP, with Win2K3 SP1 as OS. It seems to me that hardware-enforced DEP prevents executing the proxy used to communicate with the Web service and be generated at runtime. An exception with the format "Access violation at address xxxxxxxx in module 'yyy'. Read of address 00000008 ..." was thrown. If you use Windbg.exe, then you can see an access violation exception in a 0xc0000005.

To address the issue, we have to go to My Computer - Properties - Advanced - Performance Settings - Data Execution Prevention. Then add an executable file named w3wp.exe located at %SystemRoot%\system32\inetsvr if IIS doesn’t run under the isolation mode or dllhost.exe at %SystemRoot%\system32 if IIS runs under the isolation mode. Of course, this resolution is not good from the security point of view.

0 Comments:

Post a Comment

<< Home