Buffer overflow or buffer overrun is a term used to describe a condition where a program writes to a buffer beyond its capacity. With an overflowing buffer, a malicious attacker can gain access to memory not originally allocated to a process, for the purpose of injecting and executing arbitrary code.
Dependency Execution Prevention (DEP) is a solution to combat buffer overflow by enforcing memory access policies. The basic idea behind DEP is this, even if a buffer overflow occurs and the control flow integrity is compromised, the newly injected code should not be able to execute. Any attempt to execute code at non-executable location results in a STATUS_ACCESS_VIOLATION exception.
As an optimization, Microsoft provides other memory protection attributes to further limit buffer flows. For example, Copy-on-Write Protection allows processes to share a physical memory space so far as it has not been written to. Though effective, DEP offers no protection against other types of attacks, particularly those involving code reuse and Return Oriented Programming.
If you learned something new from this article, please like and share
Top comments (0)