DEP (Data Execution Prevention) is a security mechanism of Windows, which is primarily used to prevent damages caused to system from viruses and other security threatens. Microsoft imports the technology from Windows XP SP2 and continues to later systems like Windows Server 2003, Windows Server 2008. Without exception, in Windows 7, DEP is imported as a security mechanism. Here I will explain DEP in Windows 7.
1. DEP security mechanism
We can say that override is a pain always for operation system (applications), of course Windows 7 is of no exception. What so-called override primarily means buffer override, namely, to take the advantage of system (applications) vulnerability to execute malicious codes from the memory position which only Windows and other applications could use, finally to control system. As said before, buffer override attack often writes executable malicious code on memory buffer of other applications. And then trap application to execute malicious code. The target using DEP is to prevent the execution of malicious code imbedded. Here’s the running mechanism: Windows uses DEP to mark the memory position only including data as non executable, when application tries to execute the code from the memory position which marked NX. Windows DEP logical would stop application doing this, finally to protect system from override.
2. Realization of DEP
Microsoft DEP realization uses two methods: hardware DEP force and software DEP force. Hardware DEP force needs support from process, but now