Execute Disable Bit functionality blocks malware code execution
Malware Removers Detect Malicious Software: Execute-Disable Bit capability is a robust hardware feature, detectable using the CPUID instruction, that protects against malicious software executing code on IA-32 systems. Software developers who implement it can deliver a valuable security feature to their users.
by Shijong Kuo. Intel Corp.

Execute Disable Bit capability is an enhancement to 32-bit Intel® architecture. An IA-32 processor with Execute Disable Bit capability can protect data pages against being used by malicious software to execute code. The processor provides page protection in either of the following modes:

  • Legacy protected mode, if Physical Address Extension (PAE) is enabled.
  • IA-32e mode, when Intel Extended Memory 64 Technology (Intel EM64T) is enabled.
Note that entering IA-32e mode requires enabling PAE. While the Execute Disable Bit capability does not introduce new instructions, it does require operating systems to operate in a PAE-enabled environment and to establish a page-granular protection policy for memory.

Execute Disable Bit Capability Overview
Software can detect the presence of the Execute Disable Bit capability using the CPUID instruction with the input value 80000001H in EAX. Presence is indicated by a value returned in EDX. If bit 20 of EDX is set, the Execute Disable Bit is available.

If CPUID extended function 80000001H reports that Execute Disable Bit capability is available and PAE is enabled, software can enable the Execute Disable Bit capability by setting the NXE bit to 1 in IA32_EFER MSR (address C0000080H). IA32_EFER is available if bit 20 or bit 29 of the EDX register returned by CPUID-extended function 80000001H is 1.

When Physical Address Extension is enabled (either in IA-32e mode or in legacy protected mode), Execute Disable Bit capability is enabled by setting bit 11 of IA32_EFER to 1. If CPUID extended function 80000001H reports Execute Disable Bit capability is not available, bit 11 of IA32_EFER is reserved. A write to IA32_EFER.NXE will produce a #GP exception.

Table 1. Extended Feature Enable MSR (IA32_EFER):

63:121110987:10
ReservedExecute Disable
Bit Enable (NXE) 		IA-32e mode
Active (LMA) 		ReservedIA-32e mode
Enable (LME) 		ReservedSysCall Enable
(SCE)

» read more | Intel Software Network resource center

If you're interested in this topic, these articles may be helpful:

Source code for XML security layers, part 1: basic plumbing technologies
by Manish Verma, principal architect, Second Foundation. First publ...
Intel® Integrated Performance Primitives 4.1
Intel® Integrated Performance Primitives (Intel® IPP) is a library o...
Software piracy
by Vincent Alder, Fingoo Ltd. Basic software distribution When we ...
Chronicle of malware detected during the first half of 2005
from Panda Software There were no significant epidemics during th...
Dalmaker XE source-code generation tool
from TLWallace.NET Dalmaker, a source-code generation toolset, will...

Related Jobs:

Principal Software Engineer #2005-0187 - PA - Johnstown - Concurrent Technologies Corporation
The successful candidate will be responsible for developing host and n...
IT Security - CA - Mountain View - Synopsys
Job Responsibilities: Administers technical security controls to prev...
IT Security Specialist, I #5896 - CA - Mountain View - Synopsys, Inc.
ReqCode: 5896 Position: IT Security Specialist, I Location: US01-Mou...
C#, .NET Software Development Engr. #865407 - OR - Beaverton - Networks Associates Technology, Inc.
Job Description McAfee creates best-of-breed computer security...
Princ Tech Support Engineer #057081 - USA - Symantec Corporation
Job Requisition # : 057081 Job Title : Princ Tech Support Engineer ...
IT Security Specialist, Sr II #5899 - CA - Mountain View - Synopsys, Inc.
ReqCode: 5899 Position: IT Security Specialist, Sr II Location: US01...
Software Development Engineer #151731 - NY - New York - Microsoft Corporation
Are you ready to be a key contributor to a new development team in a n...
Lab Engineer #151061 - WA - Redmond - Microsoft Corporation
The Security Technologies Unit (STU) is looking for an outstanding Lab...
IT Security Specialist, Sr I #5898 - CA - Mountain View - Synopsys, Inc.
ReqCode: 5898 Position: IT Security Specialist, Sr I Location: US01-...
Security Engineer #siin-00004532 - MD - Suitland - SI International
Title: Security Engineer Req Number: siin-00004532 Location(s): Su...
Related Searches: removing malicious software, cpuid support dell, malicious software remover, malware remover, windows server 2003 security features, remove hidden protected malware files, detect malicious software, max cpuid value limit, malware removers, system development security management information, microsoft windows malicious software, remove malicious software, future trends of malware, software developers security training, intel pentium security, software developers security, information security courses development, security policy development software, itanium 2 security features, microsoft malicious software removal tool

Malware Removers Detect Malicious Software