Incorrect check for permanent DEP
shocoman opened this issue · 0 comments
There are a couple of places where the debugger calls the function GetProcessDEPPolicy
to check if DEP is enabled and permanent. This function has a bug when it puts garbage into bPermanent
parameter if DEP is not actually permanent (otherwise it's just 1). As a result, memory breakpoints on execution sometimes don't work (because instead of applying a guard page, it'll try to simply set a memory protection without EXECUTE which is useless)
There is Raymond Chen's answer on StackOverflow. But the proposed solution works only on Win8+. The only other thing I can think of is to use NtQueryInformationProcess
directly (like this), even though its documentation says it's unstable and may change in the future.