Dialogic Support Helpweb
Dialogic® Host Media Processing (HMP) Software
Basic Dialogic® HMP requirements regarding Data Execution Prevention (DEP)
Symptom:Dialogic® Service (dlgc_srv) may be seen by the operating system as a security threat after installing Dialogic® Host Media Processing (HMP) Software for the first time. This symptom is first seen if Dialogic HMP Software is configured to automatically start on boot up after installing the HMP Software for the first time. When the Operating System starts up, you will receive a DEP pop-up message, and within the system Application Event Viewer there will also be “application faults” or “exceptions” log entries.
Reason for the issue:
The Dialogic Service is a “non-system component” that uses kernel space during its startup. Today, most operating systems have Data Execution Prevention (DEP) enabled by default to help protect against viruses and to prevent other security threats from running automatically within kernel space.
Here is a visual of the pop-up message if DEP is enabled on the system and Dialogic HMP Software is set to start automatically for the first time.
.png)
Fix / Solution:
There are a few solutions:
1-Primarily, /EXECUTE is the option that should be used within your boot.ini file for Dialogic HMP Software systems. This disables DEP and PAE. To disable PAE, perform the following:
1. Determine if PAE is enabled by selecting Start -> Control Panel -> System. In the General tab, note if “Physical Address Extensions” is listed under Computer. If “Physical Address Extensions” is listed, PAE is enabled. To disable PAE, proceed to step 2.
2. Edit the boot.ini file
3. Remove the options that begin with “/NOEXECUTE”.
4. Add the “/EXECUTE” and “/NOPAE” options to the boot.ini file.
i.e.
[This example disables DEP and PAE within the system boot.ini]
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Windows Server 2003, Enterprise" /fastdetect /EXECUTE /NOPAE
2-If DEP needs to be enabled on your system, one can use the "/NOEXECUTE=OptIn" option. This option only enables DEP for operating “system components”. Therefore, Dialogic HMP Software (a “non-system component” that uses kernel space) is not affected by DEP.
i.e.
[This example enables DEP for operating system components only with the system boot.ini]
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Windows Server 2003, Enterprise" /fastdetect /NOEXECUTE=OptIn
3-If DEP needs to be enabled on your system for all “system & non-system components”, then when you receive the DEP pop-up message for the dlgc_srv you should:
1-Select “Change Settings”.
2-Check the radio button for:
“Turn on DEP for all programs and services except those I select:”
3-Check box the “dlgc_srv”.
Technical Discussion:
Data Execution Prevention (DEP) consists of hardware and software methods.
Software-enforced DEP, which protects only user-mode processes, must be supported by the operating system.
Hardware-enforced DEP sets a bit in the page table entry that prevents code from being executed from a virtual memory page that should contain only data. Hardware-enforced DEP must be supported by the operating system and the processor on the computer. If the operating system supports DEP but the processor does not, only software-enforced DEP is enabled on the system.
The EXECUTE and NOEXECUTE options works as followed:
/NOEXECUTE option:
Default Values:
o On Windows® XP with SP2, the installation program adds /noexecute=optin to the boot entry.
o On Windows Server® 2003 with SP1, the installation program adds /noexecute=optout to the boot entry.
o However, on all operating systems that support DEP, if the /noexecute parameter is not present in the boot options, the system behaves as though the setting is /noexecute=optin.
Subparameter:
alwayson : Enables DEP for the operating system and all processes, including the Windows® kernel and drivers. All attempts to disable DEP are ignored.
optout : Enables DEP for the operating system and all processes, including the Windows® kernel and drivers. However, administrators can disable DEP on selected executable files by using System in Control Panel.
optin : Enables DEP only for operating system components, including the Windows® kernel and drivers. Administrators can enable DEP on selected executable files by using the Application Compatibility Toolkit (ACT).
alwaysoff : Disables DEP. Attempts to enable DEP selectively are ignored. On Windows® XP with SP2, this subparameter also disables Physical Address Extension (PAE). This subparameter does not disable PAE on Windows Server® 2003 with SP1.
/EXECUTE option:
The /EXECUTE parameter disables Data Execution Prevention (DEP) and Physical Address Extension (PAE).
Note: DEP is a highly effective security feature. Do not disable DEP unless you have no other alternative.
Note: The / EXECUTE parameter is supported in Windows Server® 2003 with SP1 to disable both DEP and PAE. To disable DEP and PAE in Windows XP with Service Pack 2 (SP2), Windows Vista, use /NOEXECUTE=alwaysoff. For more information, see / NOEXECUTE.
Product List
For systems using Dialogic Host Media Processing Software for Windows®.
Glossary of Acronyms / Terms
HMP: Host Media Processing
DEP: Data Execution Prevention
PAE: Physical Address Extension
OS: Operating System
Related Documentation
Dialogic® HMP Software Release notes for Dialogic® HMP Software Release 2.0 & 3.0 for Windows® http://www.dialogic.com/manuals/default.htm
Microsoft REFERENCE of /NOEXECUTE http://msdn2.microsoft.com/en-us/library/ms791539.aspx
Microsoft REFERENCE of /EXECUTE http://msdn2.microsoft.com/en-us/library/aa468631.aspx
