Click here to Skip to main content
Click here to Skip to main content

How to detect hardware-based DEP status

, 5 Dec 2011 CPOL
Rate this:
Please Sign up or sign in to vote.
Detect hardware-based DEP status.

Introduction

Everybody knows that there are two forms of DEP: hardware-based and software-based. Hardware-based DEP needs support from the CPU materialized by a so-called NX bit (non-executable bit). After AMD decided to include this functionality in its AMD64 family, Intel introduced a similar feature called Execute Disable Bit (XD) in x86 processors beginning with the Pentium 4 processors based on later iterations of the Prescott core.

nosupportdep.JPG

supportdep.JPG

Background

To find out if your CPU supports DEP, try the excellent program SecurAble. I could’t find the source code in C++. So I wrote a function in this article to detect hardware-based DEP status.

detect_hardbased_DEP.JPG

Using the code

bool detect_hardbased_DEP_status();//TRUE,HardwareBased_EDP is enable,or,disabled.

bool detect_hardbased_DEP_status()
{
    HRESULT hres;
    //
    // Step 1: --------------------------------------------------
    // Initialize COM. ------------------------------------------
    //
    hres =  CoInitializeEx(0, COINIT_MULTITHREADED); 
    if (FAILED(hres))
    {
        //cout << "Failed to initialize COM library. Error code = 0x" 
        //    << hex << hres << endl;
        return 1;                  // Program has failed.
    }
    //
    // Step 2: --------------------------------------------------
    // Set general COM security levels --------------------------
    // Note: If you are using Windows 2000, you need to specify -
    // the default authentication credentials for a user by using
    // a SOLE_AUTHENTICATION_LIST structure in the pAuthList ----
    // parameter of CoInitializeSecurity ------------------------
    //
    hres =  CoInitializeSecurity(
        NULL, 
        -1,                          // COM authentication
        NULL,                        // Authentication services
        NULL,                        // Reserved
        RPC_C_AUTHN_LEVEL_DEFAULT,   // Default authentication 
        RPC_C_IMP_LEVEL_IMPERSONATE, // Default Impersonation  
        NULL,                        // Authentication info
        EOAC_NONE,                   // Additional capabilities 
        NULL                         // Reserved
        );
    //
    //                      
    if (FAILED(hres))
    {
        //cout << "Failed to initialize security. Error code = 0x" 
        //    << hex << hres << endl;
        CoUninitialize();
        return 1;                    // Program has failed.
    }
    //    
    // Step 3: ---------------------------------------------------
    // Obtain the initial locator to WMI -------------------------
    //
    IWbemLocator *pLoc = NULL;
    //
    hres = CoCreateInstance(
        CLSID_WbemLocator,             
        0, 
        CLSCTX_INPROC_SERVER, 
        IID_IWbemLocator, (LPVOID *) &pLoc);
    // 
    if (FAILED(hres))
    {
        //cout << "Failed to create IWbemLocator object."
        //    << " Err code = 0x"
        //    << hex << hres << endl;
        CoUninitialize();
        return 1;                 // Program has failed.
    }
    //
    // Step 4: -----------------------------------------------------
    // Connect to WMI through the IWbemLocator::ConnectServer method
    //
    IWbemServices *pSvc = NULL;
    // 
    // Connect to the root\cimv2 namespace with
    // the current user and obtain pointer pSvc
    // to make IWbemServices calls.
    hres = pLoc->ConnectServer(
         _bstr_t(L"ROOT\\CIMV2"), // Object path of WMI namespace
         NULL,                    // User name. NULL = current user
         NULL,                    // User password. NULL = current
         0,                       // Locale. NULL indicates current
         NULL,                    // Security flags.
         0,                       // Authority (e.g. Kerberos)
         0,                       // Context object 
         &pSvc                    // pointer to IWbemServices proxy
         );
    //    
    if (FAILED(hres))
    {
        //cout << "Could not connect. Error code = 0x" 
        //     << hex << hres << endl;
        pLoc->Release();     
        CoUninitialize();
        return 1;                // Program has failed.
    }
    //
    //cout << "Connected to ROOT\\CIMV2 WMI namespace" << endl;
    //
    //
    // Step 5: --------------------------------------------------
    // Set security levels on the proxy -------------------------
    //
    hres = CoSetProxyBlanket(
       pSvc,                        // Indicates the proxy to set
       RPC_C_AUTHN_WINNT,           // RPC_C_AUTHN_xxx
       RPC_C_AUTHZ_NONE,            // RPC_C_AUTHZ_xxx
       NULL,                        // Server principal name 
       RPC_C_AUTHN_LEVEL_CALL,      // RPC_C_AUTHN_LEVEL_xxx 
       RPC_C_IMP_LEVEL_IMPERSONATE, // RPC_C_IMP_LEVEL_xxx
       NULL,                        // client identity
       EOAC_NONE                    // proxy capabilities 
    );
    //
    if (FAILED(hres))
    {
       // cout << "Could not set proxy blanket. Error code = 0x" 
       //     << hex << hres << endl;
        pSvc->Release();
        pLoc->Release();     
        CoUninitialize();
        return 1;               // Program has failed.
    }
    //
    // Step 6: --------------------------------------------------
    // Use the IWbemServices pointer to make requests of WMI ----
    //
    // For example, get the name of the operating system
    IEnumWbemClassObject* pEnumerator = NULL;
    hres = pSvc->ExecQuery(
        bstr_t("WQL"), 
        bstr_t("SELECT * FROM Win32_OperatingSystem"),
        WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY, 
        NULL,
        &pEnumerator);
    //    
    if (FAILED(hres))
    {
        //cout << "Query for operating system name failed."
        //    << " Error code = 0x" 
        //    << hex << hres << endl;
        pSvc->Release();
        pLoc->Release();
        CoUninitialize();
        return 1;               // Program has failed.
    }
    //
    // Step 7: -------------------------------------------------
    // Get the data from the query in step 6 -------------------
    // 
    IWbemClassObject *pclsObj;
    ULONG uReturn = 0;
    //   
 bool HardWare_Based_DEP_enabled;
    //
    while (pEnumerator)
    {
        HRESULT hr = pEnumerator->Next(WBEM_INFINITE, 1, 
            &pclsObj, &uReturn);
        //
        if(0 == uReturn)
        {
            break;
        }
        //
        VARIANT vtProp;
        // 
        // Get the value of the Name property
  //hr = pclsObj->Get(L"Name", 0, &vtProp, 0, 0);
        //wcout << " OS Name : " << vtProp.bstrVal << endl;
        //
  hr = pclsObj->Get(L"DataExecutionPrevention_Available", 0, &vtProp, 0, 0);
  HardWare_Based_DEP_enabled=vtProp.boolVal;
        //
  VariantClear(&vtProp);
        //
        pclsObj->Release();
    }
    // 
    // Cleanup
    // ========
    //     
    pSvc->Release();
    pLoc->Release();
    pEnumerator->Release();
    //pclsObj->Release();
    CoUninitialize();
    // 
    return HardWare_Based_DEP_enabled;   // Program successfully completed.
    //  
}//

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Jim Charles
Engineer AntiDebugLIB Inc
United States United States
There are so many hackers all over the world that no software can escape the doom of being cracked.And even almost everybody believe that it is impossible to protect the applications through the technology means.But we still work hard to find applications protection solution [32-bit] [64-bit] in order to protect our works.
 
Homepage:

http://www.antidebuglib.com/

http://www.wintsd.com/

Comments and Discussions

 
GeneralMy vote of 5 PinmemberMihai MOGA16-Dec-11 4:58 
QuestionA great solution for those wanting to use WMI Pinmember Randor 3-Dec-11 15:12 
AnswerRe: A great solution for those wanting to use WMI PinmemberJim Charles3-Dec-11 15:39 
GeneralRe: A great solution for those wanting to use WMI Pinmember Randor 3-Dec-11 16:46 
AnswerRe: A great solution for those wanting to use WMI PinmemberJim Charles3-Dec-11 17:08 
GeneralRe: A great solution for those wanting to use WMI Pinmember Randor 3-Dec-11 18:52 
GeneralRe: A great solution for those wanting to use WMI PinmemberJim Charles3-Dec-11 21:32 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web01 | 2.8.141216.1 | Last Updated 5 Dec 2011
Article Copyright 2011 by Jim Charles
Everything else Copyright © CodeProject, 1999-2014
Layout: fixed | fluid