Hi all
I noticed if your virtual memory has PAGE_READWRITE or PAGE_READONLY permission, it is enough to execute what is in that memory page even thouh you don't have PAGE_EXECUTE permission.
Is this a normal behaviour of Virtual memory?
I personnaly think this answer is yes, So this is main reason of DEP feature of windows.
But I want to prevent a page from execution, BUT be readable(so I cannot use PAGE_NOACCESS). Any idea how I can do this?
I were not able to find some good article for it. If you know please provide me one....

Hmmmm,I think total question can be abstracted into this:
"How I can emulate a DEP inside my application without using windows DEP?"

Regards

Mm.. First idea to my mind is to register yourself as the exception handler, and emulate a mechanism like the OS with Stack...

Why not use DEP?? It easy to set up and I have been playing with it for some time now and it usually works out ok. This is a Olly plugin that demonstrates how to turn on DEP for a remote process through a bit of code injection.
It then uses DEP as a BreakOnExecute breakpoint in Olly. http://portal.b-at-s.info/downloadt.php?id=13
Plugin isn't 100% finished though (but it works) because I only meant it to demonstrate the nifty things you can do with DEP

Hope it helps

I was thinking about same usage of this emulated DEP.But somebody had this idea before me...

Regards

Good work, but don't ship the 3MB .ncb file -- it's useless and will be regenerated automatically, it's just your local autocomplete file.