Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Data Execution Prevention (DEP), also called non-execute (NX), is a Windows memory protection feature that you can use to increase the security of your run-time image.
Non-execute regions of memory prevent applications from executing code stored in a memory region marked for data only. When code attempts to be executed from a non-execute region of memory, an exception is raised.
Hardware-enforced DEP is controlled by a non-execute (NX)-enabled CPU. The NX CPU manages memory protection per virtual page by changing a bit in the page table entry.
If you do not have an NX-enabled CPU, you can use software-enforced DEP. Software-enforced DEP is designed to mitigate exploits of exception handling mechanisms in Windows. By default, software-enforced DEP only protects limited system binaries, regardless of the hardware-enforced DEP capabilities of the processor.
For instructions on adding Data execution prevention to your run-time image, see Configuring the Data Execution Prevention Settings of a Run-Time Image.
For more information about NX support, see this Microsoft Web site.
See Also
Best Practices for Security | Network Security Considerations | Local Security Considerations
Last updated on Wednesday, October 18, 2006
© 2006 Microsoft Corporation. All rights reserved.