# Our Old Foes Reviewing DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) is important to understanding their impact on system security. If you have studied the Offensive Security EXP-301: Windows User Mode Exploit Development course or similar DEP and ASLR should be familiar to you. DEP is a defense mechanism that prevents the execution of code in non-executable memory regions, hindering certain memory-based attacks. ASLR, on the other hand, randomizes the memory layout of processes, making it challenging for exploit developers to predict memory addresses accurately. To bypass these defenses, we need to explore return-oriented programming (ROP), which involve chaining together small snippets of executable code (called gadgets) present in non-randomised regions, or offsets in randomised regions, to execute our malicious payloads. The next two sections will serve as a reminder of DEP and ASLR. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://open-advanced-windows-exploitati.gitbook.io/open-advanced-windows-exploitation/exploit-mitigations/our-old-foes.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.