Stack execution .. is it blocked on Windows???
 

Hello,

yesterday I happened to stumble on a small piece of code that uses stack execution for running a piece of code inside a remote process. I tried it and it does not work (you get an exception on executing the very first code instruction you injected in the remote process).

The code is a few years old and I suppose now, on a Windows machines with the latest patches, stack execution is not allowed anymore.

Can anyone confirm it?


yaa

btw, here is the VC++ code project I was talking about.

You should only compile it without debugging symbols.


yaa

omfg do you have win 3.11 or what, DEP is since SP2 in xp and since amd64 there is NX bit to prevent stack execution. dont you know virtuallocex to alloc mem in remote process and run all there?

Human, I'm not looking for alternative ways to achieve the same result (such as using VirtualAllocEx and WriteProcessMemory), I was only curious to know why stack execution was failing.

By the way, DEP on my machine (I'm running Windows 2003) is enabled only for "essential programs and services" and I'm sure that notepad.exe (that is the process on which I tried stack execution) *is not* considered an essential program or service :D :D :D

So I would say that DEP is not the cause of the failure.

yaa

I just now made a test and it seems that the code I posted works fine on machines where DEP is SW (the CPU does not support it) and fails on machines where DEP is HW provided.

yaa

There is also a paper on DEP Bypassing Windows Hardware-enforced Data Execution Prevention