0

I have an executable running ("heidisql.exe"). The Sysinternals Process Explorer shows "DEP (permanent)" in the column DEP.

I checked the binary statically (among other things using pestudio). The static analysis results all said that DEP is not supported, that is, the IMAGE_DLLCHARACTERISTICS_NX_COMPAT bit is not set.

Why does the Process Explorer show DEP (permanent) then?

To make it even stranger: BinScope (free tool from Microsoft) does not list the result of the 'NXCOMPAT check' at all, neither under 'Failed checks', 'Checks that didn't complete' or 'Passed checks'. What is this supposed to mean?

Improve this question
9
  • Does it x86 or x64 executable?
    – user364455
    Commented Sep 13, 2016 at 12:50
  • Its a 64bit Windows Application. See heidisql.com/download.php?download=installer
    – langlauf.io
    Commented Sep 13, 2016 at 12:53
  • AFAIK, DEP is forced for x64 processes, since it was no legacy DEP unaware x64 code in the first place.
    – user364455
    Commented Sep 13, 2016 at 12:55
  • I googled but could not find a clear source for that. Do you have one? The closest I could find was this: "This means that all 64-bit processes are always protected. The only way to prevent DEP from protecting a 64-bit application is to turn it off completely." See online-tech-tips.com/windows-xp/disable-turn-off-dep-windows
    – langlauf.io
    Commented Sep 13, 2016 at 13:06
  • 1
    DEP is “always on” for 64bit processes on 64bit versions of Windows and it cannot be disabled. link
    – user364455
    Commented Sep 16, 2016 at 16:28

1 Answer 1

Reset to default
1

This blog post says:

DEP is “always on” for 64bit processes on 64bit versions of Windows and it cannot be disabled.

Also, this Microsoft documentation says this:

On 64-bit versions of Windows, if hardware-enforced DEP is available it is always applied to 64-bit processes and kernel memory spaces and there are no system configuration settings to disable it.

and this:

Per-application DEP configuration
For the purposes of application compatibility when DEP is set to the OptOut policy level, it is possible to selectively disable DEP for individual 32-bit applications. However, DEP is always enabled for 64-bit applications.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .