Just yesterday I decided to experiment a bit with turning Microsoft's DEP on (Data Execution Prevention) in my XP laptops. I'm pretty much a 'hardware challenged' kind of programmer in that I don't keep up on hardware issues much. Anyway, that was the start of one of the worst days I've had in a long time. First off, after my computer rebooted, I decided to see if some of my 'mission critical' apps would run. They didn't. In fact, they crashed even before giving me the nice polite DEP warning message.
After that shocker I tried to find anything at all that would work. I tried a PowerBASIC version of an SqlDemo program I posted over in Jose's Forum about 6 weeks ago, and that at least ran but gave various poor results with SQL Server. Strangely enough, all my C++ stuff seemed to be working; it was PowerBASIC stuff that was erroring out.
I was aghast that I posted a malfunctioning program over in Jose's Forum so I tried to fix that first. I found out it was something dumb I did that somehow had evaded my testing and was not related to the DEP thing after all.
What I found was that some of my PowerBASIC programs were working and others weren't. Finally it dawned on me that the common strand running through all the programs that weren't working was the siGrid control from Software Innovators. I found a test program I put together shortly after I bought the grid that just amounts to instantiating a grid on a Form and not much more. When I tried to execute it under DEP it crashed. My next thought was that perhaps Paul had an update to the grid as part of his new FireFly 3. I thought I'd see if that worked or errored out. When I opened up FireFly 3 I seem to see that the siGrid is missing. That's no big deal to me I just wanted to get to the bottom of my problems and had assumed it was still part of FireFly.
Does anyone know anything about that? Could that be perhaps why it was removed (if it was)? At this point I think I've found it to be the source of the problem, but I'm still early in the testing. That's why I'm asking.
The Demo of SIGrid is still there (version 3.3). Maybe it's not able to initialize and get into the tools list because of the issues you mention?
Hi Frederick,
I use FF3 with SiGrid without any problem; all my previous projects that were using SiGrid compile and run without any problem now.
I'm sorry I can't be of more help.
Jean-Pierre
Quote
The Demo of SIGrid is still there (version 3.3). Maybe it's not able to initialize and get into the tools list because of the issues you mention?
Ha! Now that's interesting! I'd have swore I saw the siGrid there! I was right. That's how I came up with the idea of seeing if it worked with FireFly. I'll have to see what my version is. I don't remember. Thanks a lot for the feedback Haakon & Jean-Pierre! Do you guys have DEP turned on? I'm using XP sp3.
FWIW, I was seriously considering removing SIGrid from the primary FF3 distribution because I really don't think that the grid is being maintained anymore. However, for the sake of supporting existing FF3 users who happen to use that grid, I decided to keep it in there.
XP x64 SP2 without DEP. I actually had not heard about it before you mentioned it.
But I recall having issues (exceptions when the executable closed down) when trying some SIGrid stuff some time back. I reported the findings but as far as I remember the mail bounced and I just couldn't be bothered with it any more.
Tomorrow at work I have my work XP laptop there and first thing I'm going to see if this problem is unique to my personal XP laptop I'm using right now or if its an across the board problem with the siGrid.
The version of the siGrid I have is v 3.3 and I believe that's the most up to date version. I purchased it about four years ago as best as I can remember and at that time I don't think that D.E.P. stuff was to prevalent. I know that grid uses one of those executable compactor utilities - PE Compact or something like that, and that is why it is only around 47K. I get the crashes the instant I start an app that contains the grid. I suspect those utilities that fool around with compressing exes are in the category of programs that do the kinds of things DEP was designed to guard against. At least those are my musings.
Well, when I DEP 'Optout' the offending programs they run OK at least. However, I'd prefer not to have to do that because two of the offending programs are ones I expect will be widely distributed where I work and its one more support problem.
Nope. Same problem on Dell Latitude 810 with Intel Pentium M as on my HP Pavilion with AMD Turion processor with Data Execution Prevention ( DEP) turned on. Unless you specify through the UI that you want to Opt Out for a program with the siGrid on it, the program crashes even before the friendly MS message comes up.
At least those are my experiences based on just two machines.
Fred,
I'm using Windows XP 32 SP3.
I dont know what is DEP. I've never heard about it before you mentioned it in this thread.
Can you tell me how to switch DEP on/off ? then I can do some tests with my SiGrid projects.
Thanks,
Jean-Pierre
Time to switch to Jame's My Little Grid. :)
1) Right Click "My Computer"
2) Choose Properties
3) Click 'Advanced Tab'
4) Click in 'Performance' area 'Settings'
5) Choose 'Data Execution Prevention' tab
6) You are there!
Here is an interesting link on it...
http://www.grc.com/securable.htm
Basically, it prevents buffer over run attacks on computers due to hardware support in the cpu itself for marking your entire data segment as non executable.
I probably won't get myself a Win 7 machine until next year some time, but had asummed all this extra security stuff was part of it. I really don't know much about security or hardware issues myself, or how prevalent the use of this DEP feature is in XP. The default setting is to not have it on except for Microsoft System software itself. From my reading and poor understanding of the issues it does sound like a good thing. I'd be real curious what results you get Jean-Pierre. If you get the exceptions thrown like I did you can solve it by listing the program in that last dialog box, and then XP will allow it to run.
The default DEP configuration for Windows is "opt-in", which means that third-party applications need to be explicitly added to the list of software that has DEP enforced. Unless it's completely disabled, DEP will always be enforced for Windows system files, which allows the system to protect itself against buffer overrun attacks, etc.
Programs can flag themselves as being DEP-aware by setting the NXCOMPAT flag in the PE (executable) image header. Microsoft has two compiler switches called /NXCOMPAT and /DYNAMICBASE that are used to switch on DEP and ASLR. I don't think that PowerBasic has those options yet, so to enable the NXCOMPAT flag you'd need to use a tool like EditBin.
Microsoft has a tool called BinScope that will actually analyze your executable and check for vulnerabilities. If you're curious, you should be able to grab it from their download section.
Quote
The default DEP configuration for Windows is "opt-in",
You're specifically referring to Vista/Win 7 aren't you Mike? On both XP machines I have it was only on for 'Essential Windows Programs And Services'.
Quote from: Fred Harris on November 12, 2009, 02:57:51 PM
You're specifically referring to Vista/Win 7 aren't you Mike? On both XP machines I have it was only on for 'Essential Windows Programs And Services'.
That's "opt-in". Basically what it's saying is that it has enabled DEP for Windows binaries, but any other programs that want to have DEP enforced either need to be explicitly added to an inclusion list (the "opt-in" part) or have the NXCOMPAT flag set in their PE32 image header.
The other choices are "opt-out", where all programs have DEP enforced except for those explicitly excluded, "always on" where DEP is always enforced for everyone, or "always off" where DEP is never enforced, even for Windows binaries.
Fred,
I check DEP on my PC ... it seems to be active see the screenshot below (it's in french but I think the options are at the same place).
I created new FF3 Projects with SiGrid today with both the registered and trial version.
In both cases, everything works fine; I didn't encounter any problem.
Jean-Pierre
PS: I check also on another PC at my office and FF3+SiGrid work fine also.
That's the default opt-in configuration; the operating system binaries are DEP enabled, but other programs (including the ones that you're testing) are not unless they're explicitly flagged for DEP and this isn't something that PowerBasic currently does. So running your programs with that configuration doesn't ensure they don't have a problem.
Selecting the second option (Turn on DEP for all programs except those I select) is the one that enables DEP for everything except the programs you explicitly put on an exclude list. That's the "opt-out" setting.
You can use the WMI command line too to check your DEP settings. From the command line (on Vista/7 you'll need to do this from an elevated prompt):
wmic os get DataExecutionPrevention_SupportPolicy
It'll return a number: 0=always off, 1=always on, 2=opt-in, 3=opt-out
If you want to see if your system supports hardware DEP, which is really want you want here:
wmic os get DataExecutionPrevention_Available
It returns true or false. If it returns false, that means your processor doesn't support DEP; so-called "software DEP" isn't really DEP at all, it's simply additional checks made to ensure the application isn't exploiting structured exception handling (SEH).
Windows Vista/7 also has a command line tool called bcdedit (boot configuration data editor) that you can use to enable/disable DEP. I'm not sure if they've ever backported that to Windows XP or not. I'm sure I'm probably boring everyone to death here, but just in case you wanted to know.
Edit: One last thing, if you plan to switch on DEP in either "always on" or "opt-out" mode, where DEP is broadly enforced across all executables, it's a good idea to make sure that you have a current backup and system restore point. I've heard about rare cases where enabling hardware DEP (something that you may also need to enable in your BIOS) actually prevented the system from booting properly. I'd say this is more of a risk on older systems running Windows XP. You probably won't have a problem, but if you do, you'll need to disable it. As with any significant change to your system, prepare for the worst. Standard disclaimers apply, your mileage may vary, yadda yadda yadda.
Mike beat me to the punch! Try checking the lower radio button Jean-Pierre and let us know what happens.
Quote
I've heard about rare cases where enabling hardware DEP (something that you may also need to enable in your BIOS) actually prevented the system from booting properly. I'd say this is more of a risk on older systems running Windows XP.
Ouch! I've tried it on two fairly old XP laptops 3 - 4 years old and havn't had any problems other than the siGrid control we've been discussing not working. Had I known that I probably wouldn't have tried it. I'm really not very brave.
I think it finally sank in my thick skull about the optin/optout thing. It lets you decide what's easier; list the programs you want DEP enforced; or list the programs you want ignored.
I'm wondering about Internet Explorer in terms of it being DEP checked. The default configuration with XP is to only enforce DEP with Microsoft System Software. That includes IE, No?
IE is somewhat different. In IE7/8, there's a configuration option to enable or disable DEP. It's under Tools > Internet Options > Advanced and there's a checkbox that reads something like "Enable memory protection". I know in IE8, that's enabled by default, I'm not sure about IE7. With IE6, I believe the only option to enable DEP with IE is to enable it system-wide. Of course, at this point no one who really cares about the security of their system would be running IE6 in the first place (some would argue that applies to IE in general, but IE8 is actually a pretty secure browser; no less so than Firefox, Chrome, Safari, etc.)
By the way, if you're wondering, there is a way to dynamically check and enable DEP in your application after it loads; check out the functions GetProcessDEPPolicy and SetProcessDEPPolicy. Keep in mind that it's only available in Windows XP SP3, Vista SP1 (or later), Windows 7, Windows Server 2008 or later.
For anyone interested, I've posted some code at the PowerBasic forums on how to dynamically enable DEP for your program at runtime. You can snag it here:
http://www.powerbasic.com/support/pbforums/showthread.php?t=41952 (http://www.powerbasic.com/support/pbforums/showthread.php?t=41952)
Thanks Mike!