In Windows XP tablet OC and in Windows XP Service Pack 2 the Data Execution and Prevention is done by both Software and Hardware. Data Execution Protection known as DEP in short is a methodology or technique which runs extra checks in the data being executed in the RAM to find for any unwanted code and stop its execution. This is additional protection which prevents such code from getting executed by itself or when attached with any other legitimate application. Though both Hardware and Software DEP solve the same purpose but the way they function is quite different. Let us discuss in detail how DEP works in Windows XP SP2 and in Windows XP tablet PC.
In order for a program or a code to run it needs to be present in the memory. Every location of the memory is marked as executable and non-executable by the hardware. Malicious codes always try to run from the non-executable area of the memory because they have to start themselves. Hardware DEP checks for such data and marks the malicious code as non-executable and raises an exception for the same. All this is done by the hardware and this hardware scans all the pages being swapped into the memory. Whenever a malicious code is detected the page is marked as non-executable and then loaded into the memory. Hardware based DEP implementation depends upon the processor and almost all the processors coming these days are capable of doing so. DEP is a feature of Microsoft Windows Operating system and the two major processor makers (Intel and AMD) have designed their processors in such a way that they compliment Windows and let DEP be managed by them. AMD has incorporated no-execute page protection called as NX in its processors for handling DEP, and Intel has done the same by adding Execute Disabled Bit (XD) in its processors. These are the features available in the hardware but for Windows to use these features it has to boot the computer in Physical Address Extension mode. This mode is started by default and we do not have to do any setting for it manually.
We have seen above how the Hardware enforced DEP helps in protecting are computer by not letting the malicious code to execute, but what happens when Windows is running on a non-DEP compatible processor. In such cases the Software based DEP comes into role and it runs security checks on the data being swapped into memory by a set of predefined code or algorithm. It can be run by Windows on any processor but has major limitations to it.
Whenever a code tries to run from within the non-executable area of the memory an exception gets raised and you might get some error messages or notifications for the same. Malicious code never comes alone. It always comes within some legitimate code and stays hidden. DEP tries to catch such injected code which tries to execute itself. Hardware based DEP stops only the malicious code from running but the Software DEP stops the entire program from getting executed.