The DEP option for each module is interesting to have, but it doesn't tell you much because DEP could be enabled anyway. Below is a code snippet that checks if DEP is enabled in the process (it's also a neat DLL that you can inject to enable DEP on processed that don't have it enabled):
#include <windows.h>
char message[256];
extern "C" __declspec(dllexport) BOOL WINAPI DllMain(
_In_ HINSTANCE hinstDLL,
_In_ DWORD fdwReason,
_In_ LPVOID lpvReserved
)
{
auto bSetProcessDEPPolicy = SetProcessDEPPolicy(PROCESS_DEP_ENABLE);
auto hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, GetCurrentProcessId());
DWORD lpFlags;
BOOL bPermanent;
auto bGetProcessDEPPolicy = GetProcessDEPPolicy(hProcess, &lpFlags, &bPermanent);
CloseHandle(hProcess);
wsprintfA(message, "[EnableDEP] bSetProcessDEPPolicy: %d, bGetProcessDEPPolicy = %d, lpFlags = %d, bPermanent = %d", bSetProcessDEPPolicy, bGetProcessDEPPolicy, lpFlags, bPermanent);
OutputDebugStringA(message);
return TRUE;
}
The DEP option for each module is interesting to have, but it doesn't tell you much because DEP could be enabled anyway. Below is a code snippet that checks if DEP is enabled in the process (it's also a neat DLL that you can inject to enable DEP on processed that don't have it enabled):