IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [dep]

Data Execution Prevention, any technique to protect data from being executed as code, thus preventing some exploits.

Data Execution Prevention is any feature that prevents data from being executed as code. This combats some exploit techniques such as passing exploit code as input and using a vulnerability to cause a jump into the input buffer, or overflowing a data buffer so as to overwrite a code area.

Modern ARM and x86 CPUs can mark virtual memory pages as non-executable; this is known as the NX bit in page tables. Operating systems take advantage of it to a varying extent. DEP features can improve security but can be incompatible with some programs (e.g. just-in-time compilation requires programs to be able to write to a memory buffer then execute it).

Further reading

39 questions
1
vote
0 answers

Using .data segment for Code Execution with DEP Enable

Sorry if this seems like a silly question. I am working on practicing backdooring applications for a cert I am working on, and one of the methods is to use existing code caves. The issue is, these caves are often found in the .data segment of an…
NetSec
  • 11
  • 1
1
vote
1 answer

ROP - pop eax, ret gadget doesn't work

I am building a ROP chain for a security challenge. I have a problem in my ROP chain. I found some interesting gadgets with ropshell.com, and they seem to work pretty well except one. Indeed I follow the stack pointer on gdb peda and only one…
cc315
  • 53
  • 1
  • 6
0
votes
1 answer

Different types of segmentation faults in Linux

In Linux, when the NX-bit triggers the segmentation fault seems to be "error 15", whereas a more typical error, such as attempting to read from invalid memory, results in "error 7", (seen from dmesg output). What other error codes exist? Where are…
ioctlvoid
  • 405
  • 4
  • 10
0
votes
1 answer

Is It possible to bypass DEP if one of the linked dll or the exe itself is DEP disabled?

i have a program named x. The program x have one modules which is dep disabled and all other modules linked with dep enabled. What will be the state of the program x , when developing an exploit , do i need to bypass dep or is there any other way…
Tinu Tom
  • 1
  • 1
0
votes
3 answers

Is it safe to use non-ASLR DLL in an enabled ASLR EXE

Is it safe to use non-ASLR DLL in an enabled ASLR EXE? Would the DLL be loaded to and will use random addressed, or should all the dependencies enable ASLR? In addition, what about other security mechanisms such as DEP and SHE?
whiteberryapps
  • 135
  • 3
0
votes
2 answers

Is arbitrary code execution possible using GOT overwrite with W^X enabled?

Is it possible to reliably execute arbitrary code from a single overwrite of the Global Offset Table when W^X is enabled? By "reliably" I mean assuming I control only the location pointed to by the instruction pointer and possibly some…
camercu
  • 103
  • 7
0
votes
1 answer

How to bypass DEP and ASLR at the same time?

I have read some articles about bypassing DEP and ASLR , but it seems that they bypass ASLR and DEP by using the instructions in the modules not applying ASLR.But how to bypass ASLR and DEP in the modules applying both this two protection?
freedom2
  • 11
  • 1
  • 2
0
votes
1 answer

How can data execution prevention be implemented on websites and web applications to prevent privilege escalation?

I have a basic understanding on what data execution and prevention is and how it works in Windows, but I saw an article online (which I cannot seem to find anymore) mention that it can also be used on web applications to prevent privilege…
Osiris93
  • 123
  • 5
-1
votes
1 answer

Why should I use ROP for exploit dev?

Return Oriented Programming is a technique for bypassing DEP which based on ret2libc.. ROP is used for formatting the API function parameters in order to make a reliable shellcode.. I dont get something.. How ROP makes shellcoing reliable?Why should…
Hakuna Matata
  • 1
1 2
3