Data execution prevention
Introduced in Windows XP, Server 2003, and later, DEP provides system-level protection for memory. It provides memory protections by marking one or more memory pages as non-executable, thus blocking code from executing from that memory region.
If an application attempts to run code from that protected memory page, an access violation will occur. You may have seen these types of error messages, such as STATUS_ACCESS_VIOLATION. Now if there were a case where the program would need to run code from that protected memory page, the procedure to do that would entail setting correct protection attributes. These attributes are PAGE_EXECUTE, PAGE_EXECUTE_READ, PAGE_EXECUTE_READ_WRITE, and PAGE_EXECUTE_WRITECOPY. As you work on application disassembly in the Bypassing countermeasures section coming up, keep an eye out for these attributes.
Stack cookies
Stack cookies, also known as GS or GS++, are a stack overflow protection mechanism introduced by Microsoft...
