DEP Process Scanner is the free command-line tool to scan and show all the DEP enabled Processes.
Data Execution Prevention (DEP) is a security feature introduced since Windows XP SP2 onwards and designed to prevent an application executing code from a non-executable memory regions such as Stack or Data region. It is primarily intended to mitigate the successful execution of buffer overflow based exploits.
DEP runs in two modes: hardware-enforced DEP for CPUs that can mark memory pages as nonexecutable, and software-enforced DEP with limited protection for CPUs that do not have hardware support.
DEP Process Scanner currently detects only Software-enforced DEP and helps you to find Processes which have (Software based) DEP enabled/disabled.
Here is the list of things you can do with this tool,
Show all DEP enabled Processes
Show all Non-DEP or DEP disabled Processes
Check the DEP status of Process with the ID
Check the DEP status of Process with the name
Check the DEP status of Executable File Path
Being a command-line tool makes it easy for automation. Also it can be handy tool for developers and researchers.
It is available in both 32-bit & 64-bit versions and works on all platforms starting from Windows XP to Windows 8.
How to use?
DEP Process Scanner is very easy to use tool. It is command-line/console based tool, hence you have to launch it from the command prompt (cmd.exe).
Note that it includes both 32-bit and 64-bit version (DEPProcessScanner64.exe). On 64-bit operating systems, you have to use the 64-bit version.
Screenshots
Release History
Version 1.0: 28th Jun 2013
Now supports detection of DEP status by checking with Executable file path. Also detects and alert user on accidental running of 32-bit version on 64-bit system.
