In my “Writing exploit on win32 from scratch: Mini HTTPD Server 1.2” blog post, I pointed that we were working on a Windows SP SP3 box with no DEP (data execution prevention). That’s not real, Windows XP SP3 has DEP, but by default it is configured in “OptIn” that means only the processes and services on the list has DEP activated (usually OS processes). For this post we are going to change that configuration to “OptOut” that means DEP is allways On except for the processes that we put in the list. Read more ›