TechSpot

Change in BOOT.INI?

By wlknaack
Sep 3, 2005
  1. I noticed the following change in the BOOT.INI path:

    WAS: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

    ID: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    Is this change a result of Microsoft's updates, e.g. SP2? What is the significance of "/NoExecute=OptIn?" Any thoughts will be appreciated.
     
  2. Samstoned

    Samstoned TechSpot Paladin Posts: 1,018

    heres what M$ has,I am new to xp so
    I like info like this
    /noexecute
    The /noexecute parameter enables Data Execution Prevention (DEP), a set of hardware and software technologies designed to prevent harmful code from running in protected memory locations

    /noexecute={alwayson | optout | optin | alwaysoff}

    Subparameter

    alwayson
    Enables DEP for the operating system and all processes, including the Windows kernel and drivers. All attempts to disable DEP are ignored.
    optout
    Enables DEP for the operating system and all processes, including the Windows kernel and drivers. However, administrators can disable DEP on selected executable files by using System in Control Panel.
    optin
    Enables DEP only for operating system components, including the Windows kernel and drivers. Adminstrators can enable DEP on selected executable files by using the Application Compatibility Toolkit (ACT).
    alwaysoff
    Disables DEP. Attempts to enable DEP selectively are ignored. This parameter also disables physical address extension (PAE). To re-enable (PAE), use the /pae parameter.

    Comments

    Data Execution Prevention (DEP) consists of hardware and software methods. Software-enforced DEP, which protects only user-mode processes, must be supported by the operating system. Hardware-enforced DEP sets a bit in the page table entry that prevents code from being executed from a a virtual memory page that should contain only data. Hardware-enforced DEP must be supported by the operating system and the processor on the computer. If the operating system supports DEP, but the processor does not, only software-enforced DEP is enabled on the system.

    DEP (and the /noexecute parameter) are supported on Microsoft Windows XP with Service Pack 2 (SP2), Microsoft Windows 2003 with Service Pack 1 (SP1), and later versions of Windows.

    The /noexecute parameter is effective only on 32-bit processes. It enables software-enforced DEP and, if the processor supports DEP, it also enables hardware-enforced DEP. On 64-bit processes, DEP is enabled by default and cannot be disabled (equivalent to /noexecute=alwayson). For these processes, the /noexecute parameter is ignored.

    On Windows XP with SP2 and later versions of the Windows client operating system, the default value is /noexecute=optin. On Windows Server 2003 with SP1 and later versions of the Windows Server operating system, the default value is /noexecute=optout.

    When DEP is enabled (/noexecute=alwayson | optout | optin) on a computer with a processor that supports hardware-enforced DEP, 32-bit versions of Windows automatically enable physical address extension (PAE) (See /pae). When DEP is disabled, Windows automatically disables PAE. To enable PAE without DEP, the boot options must explicitly enable PAE and disable DEP (/noexecute alwaysoff /pae).

    To set the /noexecute=optin or /noexecute=optout policies, or to disable DEP on a particular executable file, use System in Control Panel. Click the Advanced tab, in the Performance section, click Settings, and then click the Data Execution Prevention tab. The options that you set on the tab are effective when you restart the computer.
     
  3. wlknaack

    wlknaack TS Rookie Topic Starter Posts: 143

    Reply to Samstoned

    Understand fully! Appreciate the comprehensiveness of your reply. Thanks for your effort on my behalf.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...