|
dep should not be an issue, the loader does actually allocate the memory as PAGE_EXECUTE_READWRITE, so dep is fine, the game itself could have bugs, crashes with 0xc0000005 exception i've seen a few times, that isn't from the loader though..
dep (/nx) only causes an issue if the area the eip is pointing to is not marked as executable (such as the stack etc)...
and last time i checked if the ep of an exe is not marked in an executable section (which this one is not), then i think windows disables dep for the process... same as if the executable has sections it knows are protection sections such as the .stxtxxx from safedisc..
open up ntdll.dll and so a search for the safedisc 'BoG' tag, then xreference it... (only if you're xp sp2 or higher.. cos dep isnt active in xp sp1 or lower).. then you'll find how laughable dep is, because all the malware authors have to do is make 'safedisc' like sections in the executable and dep goes completely out the window...
hope none of you evil people out there get ideas from that...
__________________
bleh
DO NOT PM me with questions, leave that in the forums...ESPECIALLY if i dont know you...
Last edited by TippeX; 07-09-2006 at 12:37.
Reason: messed up on the defines.. extra _ ...
|