From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 32443 invoked by alias); 2 Mar 2012 09:00:27 -0000 Received: (qmail 32040 invoked by uid 22791); 2 Mar 2012 08:59:59 -0000 X-Spam-Check-By: sourceware.org Received: from aquarius.hirmke.de (HELO calimero.vinschen.de) (217.91.18.234) by sourceware.org (qpsmtpd/0.83/v0.83-20-g38e4449) with ESMTP; Fri, 02 Mar 2012 08:59:45 +0000 Received: by calimero.vinschen.de (Postfix, from userid 500) id 62FAE2C006D; Fri, 2 Mar 2012 09:59:43 +0100 (CET) Date: Fri, 02 Mar 2012 09:00:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: cygheap base mismatch detected Message-ID: <20120302085943.GB14404@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <4F4E7CC8.9090804@cwilson.fastmail.fm> <20120301105139.GF2257@calimero.vinschen.de> <20120301121442.GG2257@calimero.vinschen.de> <4F4FFBD8.1080803@cwilson.fastmail.fm> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <4F4FFBD8.1080803@cwilson.fastmail.fm> User-Agent: Mutt/1.5.21 (2010-09-15) Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com X-SW-Source: 2012-03/txt/msg00097.txt.bz2 On Mar 1 17:44, Charles Wilson wrote: > On 3/1/2012 7:14 AM, Corinna Vinschen wrote: > > Hmm. cygcheck loads the Cygwin DLL dynamically. It does not depend on > > any other Cygwin distro DLL. But it's started from a Cygwin parent. So > > the loaded CYgwin DLL checks the layout just like it had been linked > > against. And apparently it gets rebased at load time. Which means to > > me, there's another DLL already loaded into the process at an address > > which overlaps with the address space the Cygwin DLL should have been > > loaded to. > > > > So I guess you just have to find out what is the cause for rebasing > > the Cygwin DLL. Try VMMap from sysinternals with a cygcheck -svr piped > > into less, so that you can easily observe the process in vmmap. > > It appears to be C:\WINDOWS\SysWOW64\PGHook.dll which is part of Avecto > Privilege Guard (which could certainly be classed as a BLODA IMO; thank > you paranoid corporate IT policies...). > > For cygcheck, PGHook.dll gets loaded at its desired image base: > > $ objdump -p /c/Windows/syswow64/pghook.dll |grep ImageBase > ImageBase 61100000 > > So, it appears that for normal cygwin processes, PGHook gets rebased > elsewhere, and cygwin "wins." For instance, /bin/top.exe -> PGHook gets > loaded at 01FD000, b/c cygwin1.dll is already at 0x61000000. OTOH, > there's nothing in the cygcheck.exe process that prevents PGHook from > getting its desired base addr -- which then conflicts with cygwin's > desired base addr when it is (later) dynloaded. > > Is there some workaround that could be used? It's not as if cygcheck is Rebase pghook.dll. Call "cmd /c cygcheck". > really trying to initialize and *use* cygwin1.dll facilities, is it? So, > perhaps cygwin1.dll/dcrt0 could ignore the fact that it has been > rebased, when dynamically loaded? (or perhaps, only when dynloaded by > some app named 'cygcheck.exe'). That's kind of tricky. When the DLL is loaded into the wrong address, then there are pointers in the processes startupinfo which potentially point into nirvana. That affects any process. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple