siGrid not in FireFly 3; possible D.E.P. problem

[Michael Stefanik]

That's the default opt-in configuration; the operating system binaries are DEP enabled, but other programs (including the ones that you're testing) are not unless they're explicitly flagged for DEP and this isn't something that PowerBasic currently does. So running your programs with that configuration doesn't ensure they don't have a problem.

Selecting the second option (Turn on DEP for all programs except those I select) is the one that enables DEP for everything except the programs you explicitly put on an exclude list. That's the "opt-out" setting.

You can use the WMI command line too to check your DEP settings. From the command line (on Vista/7 you'll need to do this from an elevated prompt):

wmic os get DataExecutionPrevention_SupportPolicy

It'll return a number: 0=always off, 1=always on, 2=opt-in, 3=opt-out

If you want to see if your system supports hardware DEP, which is really want you want here:

wmic os get DataExecutionPrevention_Available

It returns true or false. If it returns false, that means your processor doesn't support DEP; so-called "software DEP" isn't really DEP at all, it's simply additional checks made to ensure the application isn't exploiting structured exception handling (SEH).

Windows Vista/7 also has a command line tool called bcdedit (boot configuration data editor) that you can use to enable/disable DEP. I'm not sure if they've ever backported that to Windows XP or not. I'm sure I'm probably boring everyone to death here, but just in case you wanted to know.

Edit: One last thing, if you plan to switch on DEP in either "always on" or "opt-out" mode, where DEP is broadly enforced across all executables, it's a good idea to make sure that you have a current backup and system restore point. I've heard about rare cases where enabling hardware DEP (something that you may also need to enable in your BIOS) actually prevented the system from booting properly. I'd say this is more of a risk on older systems running Windows XP. You probably won't have a problem, but if you do, you'll need to disable it. As with any significant change to your system, prepare for the worst. Standard disclaimers apply, your mileage may vary, yadda yadda yadda.

[Fred Harris]

Mike beat me to the punch!  Try checking the lower radio button Jean-Pierre and let us know what happens.

[Fred Harris]

I've heard about rare cases where enabling hardware DEP (something that you may also need to enable in your BIOS) actually prevented the system from booting properly. I'd say this is more of a risk on older systems running Windows XP.

Ouch!  I've tried it on two fairly old XP laptops 3 - 4 years old and havn't had any problems other than the siGrid control we've been discussing not working.  Had I known that I probably wouldn't have tried it.  I'm really not very brave.

I think it finally sank in my thick skull about the optin/optout thing.  It lets you decide what's easier; list the programs you want DEP enforced; or list the programs you want ignored.

I'm wondering about Internet Explorer in terms of it being DEP checked.  The default configuration with XP is to only enforce DEP with Microsoft System Software.  That includes IE, No?

[Michael Stefanik]

IE is somewhat different. In IE7/8, there's a configuration option to enable or disable DEP. It's under Tools > Internet Options > Advanced and there's a checkbox that reads something like "Enable memory protection". I know in IE8, that's enabled by default, I'm not sure about IE7. With IE6, I believe the only option to enable DEP with IE is to enable it system-wide. Of course, at this point no one who really cares about the security of their system would be running IE6 in the first place (some would argue that applies to IE in general, but IE8 is actually a pretty secure browser; no less so than Firefox, Chrome, Safari, etc.)

By the way, if you're wondering, there is a way to dynamically check and enable DEP in your application after it loads; check out the functions GetProcessDEPPolicy and SetProcessDEPPolicy. Keep in mind that it's only available in Windows XP SP3, Vista SP1 (or later), Windows 7, Windows Server 2008 or later.

[Michael Stefanik]

For anyone interested, I've posted some code at the PowerBasic forums on how to dynamically enable DEP for your program at runtime. You can snag it here:

http://www.powerbasic.com/support/pbforums/showthread.php?t=41952

[David Kenny]

Thanks Mike!