Data Execution Prevention (DEP) is a security feature in the CPU that prevents executing any arbitrary code in non-executable memory regions, this feature attempt to mitigate memory corruption vulnerabilities. Furthermore, DEP prevents malware from running, if the malware executes code in non-executable regions in memory.
From a malware analysis perspective, sometimes while debugging malware should turn off DEP, due to the malware authors sometimes pack malware and execute code in non-executable memory. At this time the CPU will raise an error "access violation", therefore you can't debug the malware without disabling DEP.
You can disable and enable DEP by searching in the start menu for “Settings > Advanced system Setting> Setting” as shown in the image.
Comments
Post a Comment