From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 11225 invoked by alias); 27 Feb 2012 12:27:22 -0000 Received: (qmail 10775 invoked by uid 22791); 27 Feb 2012 12:26:43 -0000 X-Spam-Check-By: sourceware.org Received: from aquarius.hirmke.de (HELO calimero.vinschen.de) (217.91.18.234) by sourceware.org (qpsmtpd/0.83/v0.83-20-g38e4449) with ESMTP; Mon, 27 Feb 2012 12:26:17 +0000 Received: by calimero.vinschen.de (Postfix, from userid 500) id 1F7462C006D; Mon, 27 Feb 2012 13:26:14 +0100 (CET) Date: Mon, 27 Feb 2012 14:38:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Subject: BLODA detection code in latest snapshot Message-ID: <20120227122614.GB31025@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com X-SW-Source: 2012-02/txt/msg00799.txt.bz2 Hi folks, I've just uploaded a new snapshot "2012-02-27 12:04:23 UTC". It contains two code snippets which are supposed to help diagnosing BLODA problems. If you set the environment variable CYGWIN to "detect_bloda" and then start a Cygwin process (bash or so), then Cygwin will detect two types of anomalies: - Threads injected into the process from an unknown source. Every thread started in a process triggers a message to the DLLs in a process. When the Cygwin DLL gets this message, it tweaks the function pointer of the thread entry point so that it points to a Cygwin function. Usually Cygwin just performs some setup and then starts the original thread function. If CYGWIN=detect_bloda, then the original function address is evaluated and if the address is neither in the Cygwin DLL, nor in the application image, nor in one of a few filtered system DLLs, then Cygwin prints a message like this: Potential BLODA detected! Thread function called outside of Cygwin DLL: C:\foo\bar\baz.dll Of course this is not foolproof. The only filtered system DLLs so far are kernel32.dll, ntdll.dll, mswsock.dll, amd ws2_32.dll. If you playing around with this, and if you find that a core system DLL is reported (like, say, advapi32.dll), then please notify this list, too. - Some BLODAs affect the network. Winsock allows so-called "Layered Service Providers" (LSP). The socket handle returned by a socket(2) call is not a real socket, but a pseudo handle returned by the LSP. While Cygwin tries to workaround this, it's nevertheless interesting to learn that an LSP is installed. For instance, there's the "Bytemobile optimization client" on our BLODA list at http://cygwin.com/faq/faq.using.html#faq.using.bloda If this is installed on your machine, and if you have CYGWIN=detect_bloda set, it's existence will be recognized twice when you try to open a socket connection. First it injects a thread into the application, so you'll see something like this: Potential BLODA detected! Thread function called outside of Cygwin DLL: C:\Windows\System32\bmnet.dll And additionally you'll see this: Potential BLODA detected! Layered Socket Service Provider: BMA over MSAFD Tcpip [TCP/IP] Please note that this new CYGWIN=detect_bloda setting is just for diagnosing BLODA problems. It's no swiss army knife to fix the BLODA problems, but it might help to detect the cause for some of them. Of course I'd be interested in your experience with this and in any BLODA message you get by setting CYGWIN=detect_bloda. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple