I am finding it really hard to figure out why we need a DEP!
Microsoft states this about DEP:
The primary benefit of DEP is to help prevent code execution from data
pages.Typically, code is not executed from the default heap and the stack.
Hardware-enforced DEP detects code that is running from these
locations and raises an exception when execution occurs.Software-enforced DEP can help prevent malicious code from taking
advantage of exception-handling mechanisms in Windows.
What that means?
Can you give me a simple non-code example for this!
Say I am an attacker, and I have found a vulnerability which (solely) allows me to set EIP – the program counter – in your application.
The classic way to exploit this is to write a small code stub (‘shellcode’) and send it to your application as some parameter (so it might be put into the ‘first name’ field on a banking app, for example). Your application would store it in a stack (or heap) buffer, and I could then set EIP – using the vulnerably I found – to point to the start of this buffer. Voila, my code stub is executed, and your box is pwned 🙂
Using DEP, the CPU knows to reject attempts to execute this data, and you’re a little bit safer.
It’s a tad more complex than this in practice, but that’s the gist of it. Does that make sense?