Today I encountered two strange things that are DEP related. Our application ran on our Terminal Server and this server has DEP turned on for Windows services only. A colleague of mine reported she had problems with one of the actions she wanted to perform with our program. Windows would show an 0xc0000409 crash every time she performed the action. When I googled it I saw it's a DEP exception.

Strange thing 1:
How can I get a DEP exception when DEP is turned off for normal applications?

To find out what was causing the exception I started my favourite debugger ollydbg. I ran the application, caused the error and the program terminated right away with all threads exiting with error 0xc0000409.

Strange thing 2:
Why did the application terminate instead of breaking on the instruction that caused the exception?

Offcourse I had turned off all automatic exception handling within olly. Only the Floating Point exceptions where passed on.

Can anybody shed some light on this?

Thanks, I-Warez

0xC0000409 is a stack overrun exception, not a "DEP exception". It is raised by the /GS cookie check code and works regardless of DEP. In fact it's not related to DEP because it's not reaching the stack code execution stage. __report_gsfailure() directly calls UnhandledExceptionFilter so it never arrives to the application's exception handler and is not reported to the debugger. See gs_report.c in the CRT sources.
More info and debugging advice: http://msdn.microsoft.com/en-us/magazine/cc163311.aspx

Thanks. That clears up a lot.