You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are a couple of places where the debugger calls the function GetProcessDEPPolicy to check if DEP is enabled and permanent. This function has a bug when it puts garbage into bPermanent parameter if DEP is not actually permanent (otherwise it's just 1). As a result, memory breakpoints on execution sometimes don't work (because instead of applying a guard page, it'll try to simply set a memory protection without EXECUTE which is useless)
There is Raymond Chen's answer on StackOverflow. But the proposed solution works only on Win8+. The only other thing I can think of is to use NtQueryInformationProcess directly (like this), even though its documentation says it's unstable and may change in the future.
The text was updated successfully, but these errors were encountered:
There are a couple of places where the debugger calls the function
GetProcessDEPPolicyto check if DEP is enabled and permanent. This function has a bug when it puts garbage intobPermanentparameter if DEP is not actually permanent (otherwise it's just 1). As a result, memory breakpoints on execution sometimes don't work (because instead of applying a guard page, it'll try to simply set a memory protection without EXECUTE which is useless)There is Raymond Chen's answer on StackOverflow. But the proposed solution works only on Win8+. The only other thing I can think of is to use
NtQueryInformationProcessdirectly (like this), even though its documentation says it's unstable and may change in the future.The text was updated successfully, but these errors were encountered: