Jump to content

Data Execution Prevention flag is disabled


Recommended Posts

Hi Guys!

I have problem with the DEP (Data Execution Prevention).
I use the Aut2exe.exe (3.3.14.2) to compile AutoIt3 scripts and next upx.exe (3.91) to compress them.

Why the compiled binaries have only ASLR flag? Why they don't have the DEP?
Is there any compilation parameter to turn on DEP?

aslr_dep.png.11dda917b02ad9afa6f47988b676a6cf.png

Link to post
Share on other sites
  • 4 weeks later...

I don't know why the DEP flag is not set by Aut2Exe for 32 bit executables, but a quick-n-dirty workaround would be to create a 64-bit executeable, because the DEP flag is enabled by default for these (Windows does that).

Another option, if you need 32-bit: Download Visual Studio (Community Edition) and use editbin.exe to set the DEP flag for your 32-bit executable. Beware, that this is a crazy 10 Gbyte download (you'll need the C++ build tools), just for that single file editbin.exe :lol:

Path for both files: C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.33.31629\bin\Hostx64\x86>

check DEP
dumpbin /headers | find "NX compatible"

check ASLR 
dumpbin /headers | find "Dynamic base"

set DEP
editbin /NXCOMPAT file.exe

set ASLR
editbin /DYNAMICBASE file.exe


Br
Kurt

Edited by /dev/null

__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Link to post
Share on other sites

Yeah, had a "brief" break :D:D

Br
Kurt

__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Link to post
Share on other sites

...ok. Installed Visual Studio and got the files needed so the next person don't have to.

https://anonfiles.com/Dez7D69cy0/Tools-MSVC-14.33.31629-bin-Hostx64-x86_zip

Just in case, to make sure the file did not get tampered with, these are the hashes for the file.
CRC32   5CE4CAD2
MD5     A16D652F0A8AC2E345E1C843DF673608
SHA-1   1334FF70C89F2A5310F66107CF67A1F17C5FAA0C
SHA-256 842ECF06E8825EC47A759ECC4C7BFE94593275344709621F6243177938913D78
SHA-512 F7245C1FC86849F7AF5B2A3FAA3F381483343BD07665A2F7F128DBC8FAEB84124CCD52DADFBCF9B390A478B7065B5051E4E5C6338BFC3BC29EC5C187ED9E155D

Installed in a Win Server and tested the "portable" in Win10 x64.

If the file is not often download it gets removed, so, ...that's the way it works.
 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...