I thought I'd post some example code for the GetProcessDEPPolicy and SetProcessDEPPolicy functions that can be used to enforce Data Execution Protection (DEP) for the current process. For more information about DEP, refer to Microsoft Knowledge Base article 875352. Please note that these functions are only available on Windows XP SP3, Windows Vista SP1, Windows 7 and Windows Server 2008 or later. For this reason, the functions are dynamically loaded from Kernel32, making it safe to use on earlier versions of Windows (although it will always return FALSE on unsupported versions).

#Compile Exe
#Dim All

#Include "Win32Api.inc"


Declare Function GetProcessDEPPolicy(ByVal hProcess As Dword, ByRef lpFlags As Dword, ByRef lpPermanent As Long) As Long
Declare Function SetProcessDEPPolicy(ByVal dwFlags As Dword) As Long

Function EnableMemoryProtection(Optional ByVal dwFlags As Dword) As Long
    Local hLibrary As Dword
    Local hProcess As Dword
    Local pGetProcessDEPPolicy As Dword
    Local pSetProcessDEPPolicy As Dword
    Local dwCurrentFlags As Dword
    Local bPermanent As Long
    Local lResult As Long
    Function = %FALSE

    ' If no argument is specified, then default to enabling DEP and
    ' disabling ATL thunk emulation; this is functionally equivalent
    ' to setting the NXCOMPAT flag in the PE32 image header and
    ' offers the strongest level of protection
    ' Technically, passing a value of 0 to SetProcessDEPPolicy will
    ' disable DEP for the process, but you really don't want to do
    ' that, do you?
    If dwFlags = 0 Then
    End If
    hLibrary = LoadLibrary("Kernel32.dll")
    If hLibrary = %NULL Then
        Exit Function
    End If

    ' Check to make sure that the DEP functions exist; if they don't,
    ' then this is an older version of Windows. These functions are
    ' only available on Windows XP SP3, Windows Vista SP1, Windows 7
    ' and Windows Server 2008 or later versions of Windows
    pGetProcessDEPPolicy = GetProcAddress(hLibrary, "GetProcessDEPPolicy")
    pSetProcessDEPPolicy = GetProcAddress(hLibrary, "SetProcessDEPPolicy")

    If pGetProcessDEPPolicy = %NULL Or pSetProcessDEPPolicy = %NULL Then
        Exit Function
    End If

    hProcess = GetCurrentProcess()

    ' Get the current DEP policy status for the process; we will use this
    ' to determine if we need to change the DEP policy or not
    Call Dword pGetProcessDEPPolicy Using GetProcessDEPPolicy(hProcess, dwCurrentFlags, bPermanent) To lResult
    If IsFalse(lResult) Then
        Exit Function
    End If

    ' If the current policy matches the requested policy, then we don't
    ' need to do anything, return TRUE
    If dwFlags = dwCurrentFlags Then
        Function = %TRUE
        Exit Function
    End If

    ' If the bPermanent flag is non-zero, then we cannot change the the
    ' DEP policy for this process; if DEP is enabled, then return TRUE,
    ' otherwise return FALSE
    If IsTrue(bPermanent) Then
        If dwFlags And %PROCESS_DEP_ENABLE Then
            Function = %TRUE
        End If
        Exit Function
    End If
    ' If the function succeeds, it will return a non-zero value (TRUE),
    ' otherwise it will return zero (FALSE)
    Call Dword pSetProcessDEPPolicy Using SetProcessDEPPolicy(dwFlags) To lResult
    Function = lResult
End Function

Function PBMain () As Long
    Dim lResult As Long
    lResult = EnableMemoryProtection()
    If IsTrue(lResult) Then
        MsgBox "Data Execution Prevention (DEP) has been enabled"
        MsgBox "Data Execution Prevention (DEP) could NOT be enabled"
    End If
End Function