From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 86606 invoked by alias); 15 Jul 2018 06:49:37 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 86566 invoked by uid 89); 15 Jul 2018 06:49:35 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: Yes, score=6.8 required=5.0 tests=BAYES_50,FOREIGN_BODY,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.2 spammy=EMail, E-Mail, AVG, avg X-HELO: mail-wr1-f48.google.com Received: from mail-wr1-f48.google.com (HELO mail-wr1-f48.google.com) (209.85.221.48) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sun, 15 Jul 2018 06:49:33 +0000 Received: by mail-wr1-f48.google.com with SMTP id h10-v6so28773564wre.6 for ; Sat, 14 Jul 2018 23:49:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=8BrCnDubBQEyIjWGhG3fgcSJvGY/nKCgsqVr87jTFhQ=; b=P7QqkAqiprqjtxDo1M31RqK3ha/LzXUo1eqPH4c9SRRtzCfxIyzkK+77CehRfleZ4P sWiajRVEKNSkACthJBCpRTQacW+h/MvjvAnDRWv+yHTAE432cildbixxwrQCRbCgo/hJ SlVqLCqHHEKTtDShjMRJzsN7uGwFSf3FBN5PcDMmWWlcHRad+UdzLmH8J7HUZZKf3ZJ6 3W+NB9xh9CSZp0oCBRyTvU6CAmx98YmDuzRsdDIuC+rMxRE0TLTeZRIYr3jntFBLYmX6 A8UNQdyHmz6GoHKxhU9pTCYCO2BC5EW68n87fEXdn08KOOy3M6HGrBiH9nQQc8JH6tUc lT1w== Return-Path: Received: from ?IPv6:2003:ee:63eb:5401:20f6:9753:8ba5:5616? (p200300EE63EB540120F697538BA55616.dip0.t-ipconnect.de. [2003:ee:63eb:5401:20f6:9753:8ba5:5616]) by smtp.gmail.com with ESMTPSA id h61-v6sm14593700wrh.18.2018.07.14.23.49.30 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 14 Jul 2018 23:49:30 -0700 (PDT) From: Marco Atzeri Subject: Re: Fork issue on W10 WOW To: cygwin@cygwin.com References: <7ad0e0d4-438b-33ad-a711-e0b1996fa6f6@gmail.com> <20180709090332.GC3111@calimero.vinschen.de> <87e94b8c-13d0-928e-957d-c32b15b8a962@gmail.com> <20180709123739.GB27673@calimero.vinschen.de> <20180712133847.GT27673@calimero.vinschen.de> <874lh17txr.fsf@Rainer.invalid> <87zhyt66o4.fsf@Rainer.invalid> <7bdb2eb7-8612-0c4d-b79c-767efb58b31a@SystematicSw.ab.ca> Message-ID: <185ef5f6-aa31-0619-633c-087d8e55210a@gmail.com> Date: Sun, 15 Jul 2018 09:18:00 -0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <7bdb2eb7-8612-0c4d-b79c-767efb58b31a@SystematicSw.ab.ca> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-IsSubscribed: yes X-SW-Source: 2018-07/txt/msg00146.txt.bz2 Am 14.07.2018 um 21:03 schrieb Brian Inglis: > On 2018-07-14 11:58, Achim Gratz wrote: >> Marco Atzeri writes: >> Anyway, the only time I've seen similar behaviour was when some other >> library was occupying the address space the systems libraries should >> have occupied, and the they get some extremely random address assigned >> until the next reboot. To do this the other library must however be >> loaded pretty early in the boot process. If you wrote the mail on said >> laptop, this >>> Diese E-Mail wurde von AVG auf Viren geprüft. >> might be an explanation for the whole thing. AVG is well known for >> intercepting things already during boot and loading a bunch of their >> libraries early. Some of it is still done even if you switch it off >> completely and some changes to the registry might even survive a >> deinstallation. > > +1 for AVG BLODA - had to deinstall that years ago, and was slow; only reason I > still run an AV is to catch stuff, either in Windows binaries from download > sources about which little info is publicly available, or in email which folks I > trust forward once in a blue moon, from their greedy or gullible infected > friends, who are in the main, clueless or in denial about it. > In this case AVG is innocent. I removed all AV and the lottery is still there 63DF0000-63DF1000 74F40000-74F41000 5DE20000-5DE21000 it seems the WOW64*.dll can be anywhere between 50000000-7F000000 The 32 applications present at boot are: HP Cool Sense HP Audio Switch HP Jump Start HP Message Service Microsoft OneDrive Lavasof Webcompanion Wordweb Dictionary and also Lavasoft seems innocent as after removal 5C900000-5C901000 5EE70000-5EE71000 I will wait until 1803 is installed, download is in progress, before making new trials/experiments Regards Marco -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple