Tweet
I thought I'd post some example code for the GetProcessDEPPolicy and SetProcessDEPPolicy functions that can be used to enforce Data Execution Protection (DEP) for the current process. For more information about DEP, refer to Microsoft Knowledge Base article 875352. Please note that these functions are only available on Windows XP SP3, Windows Vista SP1, Windows 7 and Windows Server 2008 or later. For this reason, the functions are dynamically loaded from Kernel32, making it safe to use on earlier versions of Windows (although it will always return FALSE on unsupported versions).
Code:
#Compile Exe
#Dim All
#Include "Win32Api.inc"
%PROCESS_DEP_ENABLE = 1
%PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION = 2
Declare Function GetProcessDEPPolicy(ByVal hProcess As Dword, ByRef lpFlags As Dword, ByRef lpPermanent As Long) As Long
Declare Function SetProcessDEPPolicy(ByVal dwFlags As Dword) As Long
Function EnableMemoryProtection(Optional ByVal dwFlags As Dword) As Long
Local hLibrary As Dword
Local hProcess As Dword
Local pGetProcessDEPPolicy As Dword
Local pSetProcessDEPPolicy As Dword
Local dwCurrentFlags As Dword
Local bPermanent As Long
Local lResult As Long
Function = %FALSE
' If no argument is specified, then default to enabling DEP and
' disabling ATL thunk emulation; this is functionally equivalent
' to setting the NXCOMPAT flag in the PE32 image header and
' offers the strongest level of protection
'
' Technically, passing a value of 0 to SetProcessDEPPolicy will
' disable DEP for the process, but you really don't want to do
' that, do you?
If dwFlags = 0 Then
dwFlags = %PROCESS_DEP_ENABLE Or %PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION
End If
hLibrary = LoadLibrary("Kernel32.dll")
If hLibrary = %NULL Then
Exit Function
End If
' Check to make sure that the DEP functions exist; if they don't,
' then this is an older version of Windows. These functions are
' only available on Windows XP SP3, Windows Vista SP1, Windows 7
' and Windows Server 2008 or later versions of Windows
pGetProcessDEPPolicy = GetProcAddress(hLibrary, "GetProcessDEPPolicy")
pSetProcessDEPPolicy = GetProcAddress(hLibrary, "SetProcessDEPPolicy")
If pGetProcessDEPPolicy = %NULL Or pSetProcessDEPPolicy = %NULL Then
Exit Function
End If
hProcess = GetCurrentProcess()
' Get the current DEP policy status for the process; we will use this
' to determine if we need to change the DEP policy or not
Call Dword pGetProcessDEPPolicy Using GetProcessDEPPolicy(hProcess, dwCurrentFlags, bPermanent) To lResult
If IsFalse(lResult) Then
Exit Function
End If
' If the current policy matches the requested policy, then we don't
' need to do anything, return TRUE
If dwFlags = dwCurrentFlags Then
Function = %TRUE
Exit Function
End If
' If the bPermanent flag is non-zero, then we cannot change the the
' DEP policy for this process; if DEP is enabled, then return TRUE,
' otherwise return FALSE
If IsTrue(bPermanent) Then
If dwFlags And %PROCESS_DEP_ENABLE Then
Function = %TRUE
End If
Exit Function
End If
' If the function succeeds, it will return a non-zero value (TRUE),
' otherwise it will return zero (FALSE)
Call Dword pSetProcessDEPPolicy Using SetProcessDEPPolicy(dwFlags) To lResult
Function = lResult
End Function
Function PBMain () As Long
Dim lResult As Long
lResult = EnableMemoryProtection()
If IsTrue(lResult) Then
MsgBox "Data Execution Prevention (DEP) has been enabled"
Else
MsgBox "Data Execution Prevention (DEP) could NOT be enabled"
End If
End Function