Visual Effects | Advanced Data Execution Prevention

Data Execution Prevention pEP) helps protect

against damage from viruses and other security

threats. H ow does it work �

Turn on MP for essential Windows programs and services

only

Turn on DEP for all programs and services except those I

select:

Add,.

Rgnove

Your computer's processor does not support hardware-based

DEP. However, Windows can use DEP soft-A'are to help prevent

some types of attacte.

OK

Cancel

Apply

Figure 4.7

The bookkeeping entries related to DEP for a specific process are situated in

the KEXECUTE_0PTI0NS structurc that lies in the corresponding KPROCESS struc¬

ture. Recall that KPROCESS is the first element of the EPROCESS structure.

kd> dt nt!_EPROCESS

-t-OxOOO Pcb

+0x098 ProcessLock

+OxOaO CreateTime

KPROCESS

_EX_PUSH_LOCK

LARGE INTEGER

kd> !process 0 0 firefox.exe

PROCESS 846d8bl0 Sessionid: 1 Cid: OfBc Peb: 7ffdf000 ParentCid; 0828

DirBase: 339fc000 Objectlable: 99c0b330 HandleCount: 494.

Image: firefox.exe

kd> dt nt!_KPROCESS 845d8bl0 -r

+0x000 Header : _DISPATCHER_HEADER

+0x000 Type : 0x3 "

146 I Parti