数据执行保护(Data Execution Prevention)( DEP ) 是那些“模糊”的事情之一。大多数时候,当它完成它的工作并且不干涉时,它是一种祝福,但当它干涉时,它就会被诅咒。
让我们看看DEP以及如何配置它,或者根据您的需要关闭DEP 。
什么是 DEP?它有什么作用?(What Is DEP & What Does It Do?)
根据微软的说法,DEP 是:
“ ……一组硬件和软件技术,对内存执行额外的检查,以帮助防止恶意代码在系统上运行。(a set of hardware and software technologies that perform additional checks on memory to help prevent malicious code from running on a system.)”
戴尔(Dell)将其简化了一点,并告诉我们DEP
“……可以通过监控您的程序来帮助保护您的计算机,以确保它们安全地使用系统内存。”(“…can help protect your computer by monitoring your programs to make sure that they use system memory safely.”)
那是什么意思?计算机内存中的某些区域不打算在其中运行代码,但有时代码确实会在那里运行。
通常,将在那里运行的代码是恶意的。DEP将监视这些区域,如果它发现这些区域发生了什么事,它将关闭它。如果您想深入了解它的工作原理,请阅读Microsoft 对数据执行保护的详细说明( Microsoft’s detailed description of Data Execution Prevention)。
那么为什么 DEP 会导致问题呢?(So Why Does DEP Cause Problems?)
即使在今天,计算机也是愚蠢的。他们不会推理,他们只能使用最基本的逻辑。另外,这种逻辑是由人类放入其中的,因此计算机也会将我们的错误放入其中。
有时,好的程序会进入DEP监控的区域并在这些空间中工作。
发生这种情况时,DEP有时会关闭整个程序并通过错误消息(error message)通知您。但有时DEP只会导致程序运行得很差,而且没有任何明显的东西可以告诉你原因。
哪些程序与 DEP 有问题?(What Programs Have Problems With DEP?)
与DEP(DEP)冲突的程序通常是较旧的程序或基于旧代码库构建的。许多企业资源规划(Enterprise Resource Planning)( ERP ) 软件都建立在可追溯到 1970 年代的代码库之上。那时没有DEP,因此该程序将进入DEP巡逻的区域。
64 位程序是在DEP完善后创建的,因此它们的开发是为了遵守。大多数与DEP(DEP) 冲突的程序都是 32 位程序(will be 32-bit programs)。
与Windows(Windows) 服务(Services)大量交互或运行自己的Windows 服务(Services)的非 Microsoft 程序可能会被DEP绊倒。如果是这种情况,供应商将建议完全关闭DEP。
对于家庭用户(home user)来说,32 位的老游戏,以及一些玩更老游戏的模拟器,( emulators for playing even older games)最容易与DEP发生冲突。
旧设备(Old device)驱动程序或从非官方来源下载的驱动程序也可能触发DEP错误。仅从硬件制造商或 Microsoft(hardware manufacturer or Microsoft)下载驱动程序,并定期更新您的驱动程序( update your drivers regularly)。
我如何知道 DEP 是否是问题所在?(How Do I Know If DEP Is The Problem?)
您可能必须进入事件查看器并筛选事件 ID 1000(Event ID 1000)的日志。如果你找到一个,它可能看起来像这样:
Event ID : 1000 - DEP Error : Generic host for Win32 servicesGeneric Host Process for Win32 Services - DEP : Application Error
Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
您可能会看到引用以下内容的其他错误:
- 0xFC:ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY – 当设备驱动程序(device driver)试图在内存中运行时发生。它可能是一个糟糕或过时的驱动程序。您需要更新驱动程序。
- STATUS_ACCESS_VIOLATION (0xc0000005) – 当程序试图在DEP保护的内存空间(memory space)中运行时发生。
如何配置或关闭 DEP(How To Configure Or Turn Off DEP)
在Windows 10中,DEP默认设置为仅对基本的 Windows 程序和服务启用 DEP(Turn on DEP for essential Windows programs and services only)。大多数时候,这已经足够了。这意味着DEP(DEP)将忽略您的大多数程序。
但是,如果DEP有助于保护计算机并且不会影响性能(performance hit),您可能需要为除我选择的程序之外的所有程序选择打开 DEP(Turn on DEP for all programs except those that I select)。然后,如果您发现某个程序存在DEP问题,我们可以将其添加为异常。让我们看看如何做到这一点。
- 打开控制面板(Control Panel ),然后打开系统(System)。
- 在系统(System )窗口的左侧,单击高级系统设置(Advanced System Settings)。
- 系统属性(System Properties )窗口应该打开并且已经设置为高级(Advanced)选项卡。在性能(Performance )区域中,单击设置(Settings)。
- 在“性能选项(Performance Options )”窗口中,单击“数据执行保护(Data Execution Prevention )”选项卡。
- 选择为除我选择的程序之外的所有程序启用 DEP(Turn on DEP for all programs except those that I select)后,单击窗口底部附近的添加按钮。(Add )
- 导航到我们要作为例外添加的程序的可执行文件。它很可能在C:/Program Files (x86)中。
- 在此示例中,我们添加了MediaMonkey,这是一个旧的音乐播放器实用程序(music player utility)。找到.exe(.exe )文件后单击它,然后(Click)单击Open。
- 在性能选项中,单击应用(Apply)。现在,MediaMonkey将在DEP 保护(DEP protection)之外运行,而所有其他将在DEP 保护(DEP protection)内运行。
完全关闭 DEP(Turn DEP Completely Off)
如果您想完全关闭DEP,我们建议您仅将其作为解决问题的一部分。DEP为您提供保护。
由于不建议这样做,因此没有一种好的点击方式来执行此操作。让我们看看如何关闭DEP。
- 以管理员(Administrator)身份打开命令(Command )窗口。通过在“开始(Start)”菜单附近的程序搜索字段(program search field)中键入cmd来执行此操作。(cmd)
- 输入命令bcdedit.exe /set {current} nx AlwaysOff 并按 Enter。
bcdedit.exe是一个 Windows 实用程序,用于编辑引导配置(c)数据,因此(d)是(bdcedit)bdcedit(b)。
/set 告诉 bcedit在引导配置中设置一个(boot configuration)选项值条目(option value entry)。
{current}告诉 becedit 使用当前正在使用的引导配置。(boot configuration)
nx是n o e x ecute 的缩写,是引导配置(boot configuration)中DEP的设置名称(setting name)。
AlwaysOff是不言自明的。
为所有内容打开 DEP(Turn DEP On For Everything)
要为绝对所有东西打开DEP ,过程和命令(process and command)就像上面一样。
- 按照上述过程中的说明,以管理员(Administrator)身份打开命令(Command )窗口。
- 输入命令bcdedit.exe /set {current} nx AlwaysOn。
将DEP设置为始终打开或始终关闭后,无法(NOT)通过系统设置中 的“数据执行保护”选项卡进行更改。(Data Execution Prevention tab)
让我们看看如何更改它,以便可以再次使用DEP 选项卡中的单选按钮。(DEP tab)
将 DEP 设置回默认行为(Set DEP Back To Default Behavior)
要将DEP行为设置回默认值并通过系统设置使其再次可管理,请执行以下操作。
- 以管理员(Administrator)身份打开命令(Command )窗口。
- 输入命令bcdedit.exe /set {current} nx OptIn。
- 重新启动计算机。
- 现在可以再次访问系统设置中DEP 选项卡(DEP tab)中的单选按钮。
DEP 或不 DEP(To DEP Or Not To DEP)
我们建议将DEP保留(DEP)为仅对基本 Windows 程序和服务启用 DEP(Turn on DEP for essential Windows programs and services only, )的默认设置(default setting),除非有必要更改它以解决可能与DEP 相关的(DEP-related)问题。
Configure or Turn Off DEP (Data Execution Prevention) in Windows
Data Execution Prevention (DEP) is one of those ‘blursed’ things. It’s a blеssing most of the time whеn it does its job and doesn’t interfere, but cursed when it does interfere.
Let’s look at DEP and how to configure it, or turn DEP off, depending on your needs.
What Is DEP & What Does It Do?
According to Microsoft, DEP is :
“…a set of hardware and software technologies that perform additional checks on memory to help prevent malicious code from running on a system.”
Dell simplifies it a bit and tells us that DEP
“…can help protect your computer by monitoring your programs to make sure that they use system memory safely.”
What does that mean? There are certain areas in the computer’s memory which aren’t intended to have code running in them, but sometimes code does run there.
Usually, the code that will run there is malicious. DEP will monitor those areas and if it sees something going on in those areas it will shut it down. If you want to get in-depth about how it works, read Microsoft’s detailed description of Data Execution Prevention.
So Why Does DEP Cause Problems?
Even today, computers are dumb. They cannot reason, they can only use the most basic of logic. Plus, that logic is put into them by humans so computers also get our mistakes put into them.
Sometimes, good programs will wander off into the areas that DEP monitors and work in those spaces.
When this happens, DEP will sometimes shut the entire program down and let you know via an error message. But sometimes DEP will just cause the program to run very poorly and there won’t be anything obvious to tell you why.
What Programs Have Problems With DEP?
Programs that conflict with DEP are typically older programs or built on old codebases. A lot of Enterprise Resource Planning (ERP) software is built on codebases that go back to the 1970s. There was no DEP then, so the program will go into areas that DEP patrols.
64-bit programs were created after DEP was well established, so they were developed to comply. Most programs that conflict with DEP will be 32-bit programs.
Non-Microsoft programs that interact with Windows Services heavily or run their own Windows Services may be tripped up by DEP. If that is the case, the vendor will recommend to completely turn off DEP.
For the home user, old games that are 32-bit, and some emulators for playing even older games, are the most likely to conflict with DEP.
Old device drivers or drivers downloaded from unofficial sources may also trigger DEP errors. Only download drivers from the hardware manufacturer or Microsoft, and update your drivers regularly.
How Do I Know If DEP Is The Problem?
You may have to go into Event Viewer and sift through the logs for Event ID 1000. If you find one, it may look like this:
Event ID : 1000 - DEP Error : Generic host for Win32 servicesGeneric Host Process for Win32 Services - DEP : Application Error
Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
You may see other errors referencing things like:
- 0xFC:ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY – occurs when a device driver is trying to run in memory. It may be a bad or outdated driver. You’ll want to update your drivers.
- STATUS_ACCESS_VIOLATION (0xc0000005) – occurs when programs are trying to run in DEP protected memory space.
How To Configure Or Turn Off DEP
In Windows 10, DEP defaults to the setting Turn on DEP for essential Windows programs and services only. Most of the time, this is sufficient. It means that the majority of your programs will be ignored by DEP.
But if DEP helps protect the computer and it doesn’t have a performance hit, you may want to select Turn on DEP for all programs except those that I select. Then if you find a program that has a problem with DEP, we can add it as an exception. Let’s look at how to do that.
- Open the Control Panel then open System.
- On the left side of the System window, click on Advanced System Settings.
- The System Properties window should open and already be set to the Advanced tab. In the Performance area, click on Settings.
- In the Performance Options window, click on the Data Execution Prevention tab.
- With Turn on DEP for all programs except those that I select selected, click on the Add button near the bottom of the window.
- Navigate to the executable for the program that we’d like to add as an exception. It will most likely be in C:/Program Files (x86).
- In this example, we’re adding MediaMonkey, an old music player utility. Click on the .exe file once we find it and click on Open.
- In Performance Options, click on Apply. Now, MediaMonkey will run outside of DEP protection while all others will run within DEP protection.
Turn DEP Completely Off
If you want to turn DEP completely off, we advise only doing that as part of troubleshooting an issue. DEP is there for your protection.
Since it’s something that isn’t advised, there isn’t a good point-and-click way to do it. Let’s look at how we can turn off DEP.
- Open the Command window as Administrator. Do this by typing cmd in the program search field near the Start menu.
- Enter the command bcdedit.exe /set {current} nx AlwaysOff and press enter.
bcdedit.exe is a Windows utility for editing boot configuration data, hence bdcedit.
/set tells bcedit to set an option value entry in the boot configuration.
{current} tells becedit to work with the boot configuration being used right now.
nx is short for no execute and is the setting name for DEP in the boot configuration.
AlwaysOff is self-explanatory.
- Restart the computer.
- DEP will now be completely, and permanently off.
Turn DEP On For Everything
To turn DEP on for absolutely everything, the process and command is like above.
- Open the Command window as Administrator, following the instructions in the procedure above.
- Enter the command bcdedit.exe /set {current} nx AlwaysOn.
- Restart the computer.
- DEP will be turned on and all programs monitored.
After turning DEP to being always on or always off, it CANNOT be changed via the Data Execution Prevention tab in system settings.
Let’s look at how to change it so that the radio buttons in the DEP tab can be used again.
Set DEP Back To Default Behavior
To set DEP behavior back to default and make it manageable again via system settings, do the following.
- Open the Command window as Administrator.
- Enter the command bcdedit.exe /set {current} nx OptIn.
- Restart the computer.
- Now the radio buttons in the DEP tab in systems settings are accessible again.
To DEP Or Not To DEP
We recommend leaving DEP on its default setting of Turn on DEP for essential Windows programs and services only, unless it’s necessary to change it to troubleshoot problems that may be DEP-related.