I've allready answered that question in other topic mate
Ok here we go again:
1. Software DEP is nothing but SEH chain validator (means it's not a DEP but some way to prevent one rare type of shellcode's injection)
2. Hardware DEP is very incompatible thing, that's why:
a) DEP mode by default is OptIn = all system services are protected, user apps aren't protected
b) DEP is _VERY_ incompatible thing so we 've got one more "layer" over DEP-mode - windows disables DEP for app which is know to be incompatible with DEP (this includes many checks, like exe-packers check and so on)
3. DEP-protection is vulnerable to ret2libc kind of attack (so you're not protected at all)
So we 've got CMG
A fast and compatible way to be protected. It protects all apps against ret2libc and common BO attacks, and it doesn't treminate your favorite apps as well
Author