SOFTWARE_NX_FAULT

What is a SOFTWARE_NX_FAULT? I found it in the analysis of a WER
crash dump

Well “NX” usually means “no execute” and generally indicates that a
piece of memory that should not be executed has in fact tried to
execute.

Traditional x86 processors do not have an execute bit in their page
tables since that information is in the address selector. Since the
Windows NT folks decided not to use the information in the selector to
control execution (although interestingly enough the Windows
3.x/95/98/ME folks DID use selectors for such control) they introduced
the ability of buffer overflow attacks.

The more recent fix has been to add a “no execute” bit in the page table
entry. On a machine with Data Execution Prevention (DEP) enabled, an
attempt by software to execute non-executable code will cause it to
crash.

This can happen because of a malicious attack or a bug (more often the
latter.)

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Albrecht Frenzel
Sent: Thursday, October 12, 2006 6:50 AM
To: Kernel Debugging Interest List
Subject: [windbg] SOFTWARE_NX_FAULT

What is a SOFTWARE_NX_FAULT? I found it in the analysis of a WER
crash dump

You are currently subscribed to windbg as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com