Only watch thread injection or only NX-bit?

Watch thread injection or NX-bit?

I have an Athlon64. That processor is equipped with the 'NX'-bit, preventing some kinds of buffer overflows. But sadly, the NX-bit and the Look 'n Stop watch thread injection are incompatible. Enableing both results in a blue screen.

So I have to disable one of those features. Can someone help me to choose between those two features?

 

Doesn't have anyone an opinion about this?

 

all i know is that when i tried LnS and enabling thread injection, i kept getting BSOD, but im sure the LnS dev are working on a fix or sumthing otherwise just disable that option.

 

In this post Frederic sais he is not sure a solution will be available. I think if no solution will be available, it is the end of LnS, or at least the end of WTI. That's because at the moment, almost no processor without NX-bit is sold.

 

Hopefully this will be addressed in the next version.

 

I just found out that, if I add 'Windows Explorer' and 'LnS' to the exeption list of DEP, my computer does not crash. (maybe LnS or explorer is not needed, but I didn't try with only one).

Now my question: Because I added explorer.exe to the exeption list of DEP and because I have added the line "ActivatedSoon"=dword:00000001 to the registry, I wonder if DEP is active practically. That's because I read somewhere all processes become a child of explorer if "ActivatedSoon"=dword:00000001 is added to the registry.
Anyone?

 

I have also the same issue...

I tried to open a new question on the forum at https://www.wilderssecurity.com/showthread.php?t=77093&goto=nextnewest unfortunately nobody answered yet.

Can anybody from Look & Stop development answer this question ??

 

Some more info: Maybe it didn't do those tests correctly. I do not know if my experiences with the expetion list are done with NX-bit enabled or disabled, which makes my test worthless. My apologies.

(This is because I changed some settings manually in the boot.ini, but I do not know if I changed the correct start-up configuration)

 

Re: Watch thread injection or NX-bit?

Forget it. It will never work with the current L&S release. see the following post LnS - bad reputation

 

So far as I can tell NX-bit works with various 64 bit chips!
But in order to enable that feature the OS must also support it.

Source = http://www.answers.com/topic/nx-bit

The two culprits are Windows XP SP2 and your Athlon 64 bit chip. I also have both right now and it creates BSOD in mere seconds. Even a reset! I am thinking because of the way it works that there might not be a work around for it unless you turn off NX-bit. For now I would probably leave it on till you know more.

 

I agree with you about the definition of NX bit which is a hardware - processor and Operating system solution.

Now the NX-bit definition states the following: "(No eXecute) A method for specifying areas of memory that cannot be used for execution"

Now how come is it the LnS execute in forbidden memory area ? Isn't it a development issue of the product ?

 

Hmmm,

 

You don't have to choose between one or the other...

START >> Control Panel >> System

Data Execution Prevention (TAB)

::bullet:: Turn on DEP for all programs and services except those I select:

Add >> Looknstop.exe >> Apply >> OK

 

You are sure that Watch Thread Injection' is enabled? Before you disabled DEP for looknstop.exe, your system did crash if you enabled WTI?

 

Hi ernstblaauw

every which needed to be discussed about this matter was already covered.

Now WTI if a nice feature to have but it is incompatible with the NX-bit no matter how you configure in win XP (even if LnS is configured as an "exeption").

I beleive LnS is a good firewall but unfortunately perfection is not of this world... therefore LnS still need some improvement to be fully compatible with the NX-bit feature

 

Has there been any progress on this issue? I hope so, I would like to combine the NX-bit with WTI.

 

As far as I know there is no modification since the last time...

I am not sure if Frederic will ever fix this issue