Jump to content
Sign in to follow this  
hake

DEP Bypass Protection

Recommended Posts

Is MBAE's DEP Bypass Protection equivalent to 'return-to-libc buffer overflow protection'?

Share this post


Link to post
Share on other sites

Hi hake,

DEP Bypass Protection prevents the stack from being marked as executable. Return to libc techniques will be blocked by the CALL ROP Gadget detection feature. 

Return to libc techniques don't require an executable stack, that's the reason we also check some critical functions are really called and not "ret into".

Regards,

Share this post


Link to post
Share on other sites

Hi Kaine,

Thank you for your response. I am trying to acquire a better understanding of how these techniques work without actually having to understand them. Your comments are most helpful in furthering my quest.

I have only recently discovered Comodo Memory Firewall (only 9 years late which is pretty good for me). My poor old non-Nx equipped Athlon XP 3000+ processor powered Windows XP PC needs it for any semblance of buffer overflow protection. I have a notion that MBAE's DEP Bypass Protection might be beneficial even on this venerable system, reliant as it is on software buffer overflow protection. Comodo Memory Firewall is presumably better than nothing.

I have read that Bottom Up ASLR increases randomisation of memory occupied by executables. This seems to matter a lot with Windows 7 but less so with Windows 8 and later. The default MBAE advanced settings do not include the switching on of Bottom Up ASLR except for one class of application and I wondered why the benefit of greater entropy of memory allocation was not the default. I invariably turn off Bottom Up ASLR for Windows 7 systems and I guess that using it with Windows XP is better than not using it. My understanding is that Bottom Up ASLR causes different base addresses to be used each time an application is started in Windows 7 which thus increases randomisation.

Share this post


Link to post
Share on other sites

OOPS!
I invariably turn ON Bottom Up ASLR for Windows 7 systems and I guess that using it with Windows XP is better than not using it.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.