Forum Guidelines

This forum is for finished source code that is working properly. If you have questions about this or any other source code, please post it in one of the Discussion Forums, not here.
See more
See less


  • Filter
  • Time
  • Show
Clear All
new posts

  • PBWin/PBCC EnableMemoryProtection

    I thought I'd post some example code for the GetProcessDEPPolicy and SetProcessDEPPolicy functions that can be used to enforce Data Execution Protection (DEP) for the current process. For more information about DEP, refer to Microsoft Knowledge Base article 875352. Please note that these functions are only available on Windows XP SP3, Windows Vista SP1, Windows 7 and Windows Server 2008 or later. For this reason, the functions are dynamically loaded from Kernel32, making it safe to use on earlier versions of Windows (although it will always return FALSE on unsupported versions).

    #Compile Exe
    #Dim All
    #Include ""
    Declare Function GetProcessDEPPolicy(ByVal hProcess As Dword, ByRef lpFlags As Dword, ByRef lpPermanent As Long) As Long
    Declare Function SetProcessDEPPolicy(ByVal dwFlags As Dword) As Long
    Function EnableMemoryProtection(Optional ByVal dwFlags As Dword) As Long
        Local hLibrary As Dword
        Local hProcess As Dword
        Local pGetProcessDEPPolicy As Dword
        Local pSetProcessDEPPolicy As Dword
        Local dwCurrentFlags As Dword
        Local bPermanent As Long
        Local lResult As Long
        Function = %FALSE
        ' If no argument is specified, then default to enabling DEP and
        ' disabling ATL thunk emulation; this is functionally equivalent
        ' to setting the NXCOMPAT flag in the PE32 image header and
        ' offers the strongest level of protection
        ' Technically, passing a value of 0 to SetProcessDEPPolicy will
        ' disable DEP for the process, but you really don't want to do
        ' that, do you?
        If dwFlags = 0 Then
        End If
        hLibrary = LoadLibrary("Kernel32.dll")
        If hLibrary = %NULL Then
            Exit Function
        End If
        ' Check to make sure that the DEP functions exist; if they don't,
        ' then this is an older version of Windows. These functions are
        ' only available on Windows XP SP3, Windows Vista SP1, Windows 7
        ' and Windows Server 2008 or later versions of Windows
        pGetProcessDEPPolicy = GetProcAddress(hLibrary, "GetProcessDEPPolicy")
        pSetProcessDEPPolicy = GetProcAddress(hLibrary, "SetProcessDEPPolicy")
        If pGetProcessDEPPolicy = %NULL Or pSetProcessDEPPolicy = %NULL Then
            Exit Function
        End If
        hProcess = GetCurrentProcess()
        ' Get the current DEP policy status for the process; we will use this
        ' to determine if we need to change the DEP policy or not
        Call Dword pGetProcessDEPPolicy Using GetProcessDEPPolicy(hProcess, dwCurrentFlags, bPermanent) To lResult
        If IsFalse(lResult) Then
            Exit Function
        End If
        ' If the current policy matches the requested policy, then we don't
        ' need to do anything, return TRUE
        If dwFlags = dwCurrentFlags Then
            Function = %TRUE
            Exit Function
        End If
        ' If the bPermanent flag is non-zero, then we cannot change the the
        ' DEP policy for this process; if DEP is enabled, then return TRUE,
        ' otherwise return FALSE
        If IsTrue(bPermanent) Then
            If dwFlags And %PROCESS_DEP_ENABLE Then
                Function = %TRUE
            End If
            Exit Function
        End If
        ' If the function succeeds, it will return a non-zero value (TRUE),
        ' otherwise it will return zero (FALSE)
        Call Dword pSetProcessDEPPolicy Using SetProcessDEPPolicy(dwFlags) To lResult
        Function = lResult
    End Function
    Function PBMain () As Long
        Dim lResult As Long
        lResult = EnableMemoryProtection()
        If IsTrue(lResult) Then
            MsgBox "Data Execution Prevention (DEP) has been enabled"
            MsgBox "Data Execution Prevention (DEP) could NOT be enabled"
        End If
    End Function
    Mike Stefanik