Microsofts DEP is a combination of hardware and software techniques to prevent code execution on memory pages that contain data. I was looking at the possibility of watching, in the Windows kernel, for attempts to bypass DEP protection. My idea was to trap the call to NtSetInformationProcess, then I should be able to watch for calls to ProcessExecuteFlags. My end hope was that we could use this at some point to test our mighty test points to some clever tricks.”]
Source: https://blog.talosintelligence.com/2008/11/fun-with-ssdt-hooks-and-dep.html