Monday, 4 June 2007

Data Execution Prevention NIGHTMARE!!!

Last weekend I used three new computers with Windows XP service pack 2.

The computers specs are :

Two Pentium IV Intel 3.0 Dual Core 925 775 with Asus P5V-VM and one Intel Core 2 Duo E6420 4MB with Asus P5N-E SLI

After a while the computers started to randomly restart without any messages.

This is the default behavior of Windows XP, after a major error the system automatically reboots without showing any message or warning, just the same if you unplug/plug the power supply. Yes! another good idea by Bill Gate$ .

In order to know what is happening I first deactivated this default behavior :

In the desktop select the "My Computer" icon, then right-click and select "properties" then in "Advanced" tab. Locate the Startup and Recovery area and click on the Settings button.
In the "Startup and Recovery" window, locate and uncheck the check box next to "Automatically restart". Click OK in the Startup and Recovery window. Click OK in the System Properties window.
So next time the computer won't reboot automatically.

After a few moments I got the first BSOD (Blue Screen of Death) the error was :

STOP: 0x000000FC (0xA8D347C4, 0x0CAAF963, 0xA8D34730, 0x00000001)

After searching the web I found the Micro$oft article 886348 :

It was related to a "bad driver" or "WhoKnowsWhat" that was trying to execute in a memory data range. So the Data Execution Prevention (DEP) decided to reboot the machine without a message. I really hate this kind of "Big Brother's Tool" that monitor and take actions by its own.

Why do we need a monitor of our activities? Why doesn't it show a message to the user? It wasn't a virus, the machines are completely clean with few software installed.

According to Micro$oft site :

"These checks, known as software-enforced DEP, are designed to block malicious code that takes advantage of exception-handling mechanisms in Windows."

But who decides what is malicious code and what isn't. Yes, the decition is taken by the binaries of Micro$oft, that are plagued of bugs, errors and are reduntant and inefficient. So, don't be surprised that DEP takes incorrect actions.

So the OS decided to reboot on its own. And I decided to deactivate for ever this kind of Big Brother's Tools.
To do that I Clicked the "Start" button, clicked "Run" and typed the following command :

bootcfg /raw "/noexecute=alwaysoff /fastdetect" /id 1

That deactivated the DEP forever.

If you want to check if the command finished sucefully :

Click "Start", click "Run", type "sysdm.cpl", and then click OK. Then on the "Advanced" tab, under "Startup and Recovery", click "Settings" and in the "Startup and Recovery" dialog box, see if the line have the "/noexecute=alwaysoff" command.

After that neither computer has restarted again. The problem was M$ DEP.

It seems the PC had DEP activated when they made this commercial :

No comments: