Jump to content

Data Execution Prevention

lenno

By lenno
in nLite

 Share

Recommended Posts

lenno

lenno

Posted
Posted

Hi,

after changing the Data Execution Prevention in nlite to 'alwaysoff', the result looked a bit 'wrong' to me.

boot.ini (shortened):

/noexecute=optin /fastdetect /noexecute=alwaysoff

So instead of replacing the relevant part nlite seems to just add it to the end of the line. Is it a bug or my bad?

Cheers

Link to comment
Share on other sites

johnhc

johnhc

Posted
Posted

I tend to agree with you. Here is a good description of the parameters and optin and alwaysoff look exclusive to me. This is the first time I have looked at this, so take my opinion with a grain of salt. Is it not behaving as you expect? Is setting alwaysoff suppose to give a significant benefit?

Enjoy, John.

Link to comment
Share on other sites
  • 1 month later...
Kurt_Aust

Kurt_Aust

Posted
Posted

Yep, that looks wrong, here's my hand modified boot.ini file

[boot loader]
timeout=10
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Professional x64 Edition" /fastdetect /noexecute=optout
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Prof x64 - DEP Always On" /fastdetect /noexecute=alwayson

Though why would you want to set it to alwaysoff? I haven't had any problems with optout and only 2 programs on my install don't work with alwayson (unfortunately, they're blockers).

Link to comment
Share on other sites
mitsukai

mitsukai

Posted
Posted (edited)

no need for DEP if you have stuff like FBWF or you are sure nothing malicious will run

also note all nlite can do is specify the osloaderparameter or whatever it was in the sif file.

its obviously the windows setup fualt not nlite

Edited by mitsukai
Link to comment
Share on other sites
albator

albator

Posted
Posted
Yep, that looks wrong, here's my hand modified boot.ini file

[boot loader]
timeout=10
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Professional x64 Edition" /fastdetect /noexecute=optout
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Prof x64 - DEP Always On" /fastdetect /noexecute=alwayson

Though why would you want to set it to alwaysoff? I haven't had any problems with optout and only 2 programs on my install don't work with alwayson (unfortunately, they're blockers).

I Know it's not nlite faut, but how can I fix it ?

I have edit my boot.ini and I still have the problem.

Link to comment
Share on other sites
Kurt_Aust

Kurt_Aust

Posted
Posted

Try the following

[boot loader]
timeout=10
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Prof - DEP Always Off" /fastdetect /noexecute=alwaysoff
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Prof - DEP Opt In" /fastdetect /noexecute=optin
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Prof - DEP Opt Out" /fastdetect /noexecute=optout
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Prof - DEP Always On" /fastdetect /noexecute=alwayson

That will put up an option screen where you can choose which level of DEP you wish to apply each boot. It will default to the top item of the list.

You can of course remove any unwanted items. It has the additional benefit of giving you a couple of seconds (timeout setting) to hit F8 if you wish to access advanced boot options.

boot.ini

Link to comment
Share on other sites
johnhc

johnhc

Posted
Posted

albator, please attach (not paste) your Last Session.ini. Make sure you always start with a fresh copy of your CD files/folders, do all your work in one nLite Session and integrate only one SP. Enjoy, John.

Link to comment
Share on other sites
albator

albator

Posted
Posted (edited)

Hi,

I always use the windows xp service pack 3 fresh CD.

My problem is new, with my old nlite build I never had any problems.

I am not a new user with nlite.

I know how to fix the windows installation when the administative templates are presents.

I use this method:

_____________________________________________________________________________

Run gpedit.msc, and go to Local Computer Policy\User

Configuration\Administrative Templates\Windows

Components\Attachment Manager and enable "Default risk level for file

attachments", and then enable "Inclusion list for low risk file types"

_____________________________________________________________________________

But on my gaming machine, I have an nlited installation with removed administative templates.

So I am now unable to fix this problem.

here my boot.ini

boot.ini

Edited by albator
Link to comment
Share on other sites
Kurt_Aust

Kurt_Aust

Posted
Posted
Thank alot for your help, but this doesnt work.

My DEP setting in the control panel seem to be set to off, but the dialog pop up anyway.

I think is related to something I have removed with nlite.

What popup? Please define as there has no mention of a popup previously.

If the modified boot.ini file is working then you should:

1. get to select the level of DEP protection at boot and

2. this should be displayed at Control Panel >> System >> Advanced >> Performance >> DEP (alwayson & alwaysoff will result in neither option being shown as selected).

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...