Results 1 to 5 of 5

Thread: DEP and machine code

Share/Bookmark
  1. #1
    Super Moderator Petr Schreiber's Avatar
    Join Date
    Aug 2005
    Location
    Brno - Czech Republic
    Posts
    6,724
    Blog Entries
    3
    Rep Power
    685

    DEP and machine code

    Hi Eros,

    friend warned me about it but I thought it would not apply - MC_Eval and similar make DEP to go crazy.
    Is there any way to make machine code execution DEP alert free? Wouldnt be such a workaround considered a virus practice?


    Thanks,
    Petr
    Learn 3D graphics with ThinBASIC, learn TBGL!
    Windows 7 64bit - Intel Core 2 Duo T6600 @ 2.2GHz - 4 GB RAM - NVIDIA GeForce G210M 512MB
    Windows 8 64bit - Intel Core i5-3350P @ 3.1GHz - 8 GB RAM - NVIDIA GeForce GT640 3GB

  2. #2
    thinBasic author ErosOlmi's Avatar
    Join Date
    Sep 2004
    Location
    Milan - Italy
    Age
    50
    Posts
    8,078
    Blog Entries
    2
    Rep Power
    10

    Re: DEP and machine code

    Well,

    whatever can be a virus. It depends on what the application does, how the application warn user about its behave and so on. Its not a particular technique that make a virus but the behave of the application.

    Is the car that invest the pedestrian or the car driver?
    And more (you shoul know this one ) it's the paiter or the brush that make the picture?

    To go tecnical, MC_Eval does nothing. It just transform a more human way to write bytes into bytes.
    MC_Exec just load the sequence of bytes into a string, calculate the string pointer and make an execution jump to that pointer. This technique is used thousands of times per seconds by any switched on PC. Nothing more.

    DEP protection is interesting and to be used if needed. We already talked about it in other threads because there were some problems with thinAir. We solved that problems and to avoid those problems again, since than Roberto works with DEP switched on: "/noexecute=optin" in BOOT.INI file.

    http://msdn2.microsoft.com/en-us/library/ms791480.aspx

    What I can think is a way to warn user if MC_* functions are used inside a script. Something like VBA macros protection.

    Ciao
    Eros
    www.thinbasic.com | www.thinbasic.com/community/ | psch.thinbasic.com
    Win10Pro 64bit - 8GB Ram - Intel i7 M620 2.67GHz - NVIDIA Quadro FX1800M 1GB

  3. #3
    thinBasic MVPs
    Join Date
    May 2007
    Location
    UK
    Posts
    1,427
    Blog Entries
    1
    Rep Power
    152

    Re: DEP and machine code

    Quote Originally Posted by Psch
    Hi Eros,

    friend warned me about it but I thought it would not apply - MC_Eval and similar make DEP to go crazy.
    Is there any way to make machine code execution DEP alert free? Wouldnt be such a workaround considered a virus practice?


    Thanks,
    Petr
    If it was considered a virus then you dont need MC-Eval to make a virus all the tools are already in TB. File_SAVE and shell execute and strings. Build a bat file with some destructive code and shell execute it and bang.



    Home Desktop : Windows 7 - Intel Pentium (D) - 3.0 Ghz - 2GB - Geforce 6800GS
    Home Laptop : WinXP Pro SP3 - Intel Centrino Duo - 1.73 Ghz - 2 GB - Intel GMA 950
    Home Laptop : Windows 10 - Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz, 2401 Mhz, 2 Core(s), 4 Logical Processor(s) - 4 GB - Intel HD 4400
    Work Desktop : Windows 10 - Intel I7 - 4 Ghz - 8GB - Quadro Fx 370

  4. #4

    Re: DEP and machine code

    DEP appears to be processot dependent. I have DEP turned on for all programs. But do not encounter problems - could be that my processor does not support it.

    http://www.jose.it-berater.org/smffo...icseen#msg5672

  5. #5
    Super Moderator Petr Schreiber's Avatar
    Join Date
    Aug 2005
    Location
    Brno - Czech Republic
    Posts
    6,724
    Blog Entries
    3
    Rep Power
    685

    Re: DEP and machine code

    Thanks all for the replies,

    I have AMD Sempron 64bit ( on 32bit system :P ), and maybe it is more sensitive.
    I did not wanted to provocate the "paintbrush and artist" or "car/driver" discussion, just wanted to let you know there could be problem which could "scare out" users of MC_Eval enabled scripts.

    Eros, good idea with user warning, but it could be optional (?), as for scripts only I will use it would not be necessary.


    Bye,
    Petr
    Learn 3D graphics with ThinBASIC, learn TBGL!
    Windows 7 64bit - Intel Core 2 Duo T6600 @ 2.2GHz - 4 GB RAM - NVIDIA GeForce G210M 512MB
    Windows 8 64bit - Intel Core i5-3350P @ 3.1GHz - 8 GB RAM - NVIDIA GeForce GT640 3GB

Similar Threads

  1. Machine Code forum
    By ErosOlmi in forum Machine Code
    Replies: 4
    Last Post: 09-03-2008, 04:15

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •