Fix DepStatus On Windows Server 2K12 / 2K16. On those OSes, the API N… #17
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…tQueryInformationProcess with ProcessExecuteFlags returns the status code STATUS_INVALID_PARAMETER On 64 processes on 64 bits OS, Dep is always enabled (https://blogs.technet.microsoft.com/srd/2009/06/12/understanding-dep-as-a-mitigation-technology-part-1/) I copied the behavior of ProcessMitigation (Get-ProcessMitigation cmdlet) : with this tool, if the API NtQueryInformationProcess returns an error, it sets DEP status to enabled for 64 bits processes
Collaborator
|
Weird that it fails with that error on server edition. Thought it might be related to forcing NX on for everything but a change with BCDEDIT on a client edition didn't make a difference. Oh well, thanks for the patch. |
Contributor
Author
|
yup, the function failed only if we target a 64 bits process, it returns correctly if we want to get dep information for a Wow64 process |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixed DepStatus on OS servers where Dep was set to 'false' for 64 bits processes