2

I have a 32-bit executable running on Windows 10. The System DEP is set to OptIn.

I call GetProcessDEPPolicy and it returns:

dwFlags ==  0   // DEP is disabled
bPermanent == 184   // which means TRUE, so permanent

This means I shouldn't be able to change it. However, this is right at start-up, so I SHOULD be able to change it.

In any case, if I ignore bPermanent and call SetProcessDEPPolicy with PROCESS_DEP_ENABLE, and THEN call GetProcessDEPPolicy again, it then returns:

dwFlags == 1 // DEP is enabled
bPermanent == 1   // Also TRUE, so supposedly still permanent

And if I call SetProcessDEPPolicy yet again, THEN it starts failing and I can't change it back.

So my question is: Why does GetProcessDEPPolicy return bPermanent for the first call? It sure looks like a bug / regression and I think this is a change in behavior as this code has been around for a decade and I'm sure it worked correctly in Windows 7 & 8.

donaddon
  • 413
  • 2
  • 13
  • *and it returns `bPermanent == 184`* - sure that not. faster `GetProcessDEPPolicy` return false and trash in `bPermanent` or you bad look – RbMm Jan 24 '20 at 19:38
  • 1
    GetPRocessDEPPolicy returns 1, so success, so the bPermanent should be correct. The 184 may very well be trash judging by the inaccuracy of the situation, but it's not uncommon for the Windows API to use flags and values other than 1 to indicate TRUE. – donaddon Jan 24 '20 at 22:01
  • i absolute sure that your code is wrong or you bad look – RbMm Jan 24 '20 at 22:04
  • @RbMm, see the response below from Microsoft. You should exercise caution about absolute certainty. – donaddon Feb 01 '20 at 19:34
  • `GetProcessMitigationPolicy` not clear `PROCESS_MITIGATION_DEP_POLICY.Permanent` if option not permanent as result trash from stack here. but in case option is permanent - api correct say `Permanent` to true – RbMm Feb 01 '20 at 20:17

1 Answers1

5

This is a defect in the GetProcessDEPPolicy function. You can work around it by using the GetProcessMitigationPolicy function instead.

PROCESS_MITIGATION_DEP_POLICY policy = { 0 }; // important to preinitialize with 0
GetProcessMitigationPolicy(hProcess, ProcessDEPPolicy, &policy, sizeof(policy));

Sorry.

Govind Parmar
  • 20,656
  • 7
  • 53
  • 85
Raymond Chen
  • 44,448
  • 11
  • 96
  • 135
  • 1
    defect not in `GetProcessDEPPolicy` but in `GetProcessMitigationPolicy` function - which is not initialize `Permanent` field in case `MEM_EXECUTE_OPTION_PERMANENT` not set flags returned by *ProcessExecuteFlags*. you fix problem by zero init it at begin. but think possible be more exactly explain where and why such result – RbMm Feb 01 '20 at 20:15