Re: cygheap base mismatch detected

public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed

From: Charles Wilson <cygwin@cwilson.fastmail.fm>
To: cygwin@cygwin.com
Subject: Re: cygheap base mismatch detected
Date: Thu, 01 Mar 2012 22:44:00 -0000	[thread overview]
Message-ID: <4F4FFBD8.1080803@cwilson.fastmail.fm> (raw)
In-Reply-To: <20120301121442.GG2257@calimero.vinschen.de>

On 3/1/2012 7:14 AM, Corinna Vinschen wrote:
> Hmm.  cygcheck loads the Cygwin DLL dynamically.  It does not depend on
> any other Cygwin distro DLL.  But it's started from a Cygwin parent.  So
> the loaded CYgwin DLL checks the layout just like it had been linked
> against.  And apparently it gets rebased at load time.  Which means to
> me, there's another DLL already loaded into the process at an address
> which overlaps with the address space the Cygwin DLL should have been
> loaded to.
> 
> So I guess you just have to find out what is the cause for rebasing
> the Cygwin DLL.  Try VMMap from sysinternals with a cygcheck -svr piped
> into less, so that you can easily observe the process in vmmap.

It appears to be C:\WINDOWS\SysWOW64\PGHook.dll which is part of Avecto
Privilege Guard (which could certainly be classed as a BLODA IMO; thank
you paranoid corporate IT policies...).

For cygcheck, PGHook.dll gets loaded at its desired image base:

$ objdump -p /c/Windows/syswow64/pghook.dll |grep ImageBase
ImageBase               61100000

So, it appears that for normal cygwin processes, PGHook gets rebased
elsewhere, and cygwin "wins."  For instance, /bin/top.exe -> PGHook gets
loaded at 01FD000, b/c cygwin1.dll is already at 0x61000000.  OTOH,
there's nothing in the cygcheck.exe process that prevents PGHook from
getting its desired base addr -- which then conflicts with cygwin's
desired base addr when it is (later) dynloaded.

Is there some workaround that could be used? It's not as if cygcheck is
really trying to initialize and *use* cygwin1.dll facilities, is it? So,
perhaps cygwin1.dll/dcrt0 could ignore the fact that it has been
rebased, when dynamically loaded? (or perhaps, only when dynloaded by
some app named 'cygcheck.exe').

--
Chuck

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

next prev parent reply	other threads:[~2012-03-01 22:44 UTC|newest]

Thread overview: 50+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-02-29 21:19 Charles Wilson
2012-02-29 23:23 ` marco atzeri
2012-03-01  5:56 ` Heiko Elger
2012-03-01  7:03   ` marco atzeri
2012-03-01 10:25   ` Corinna Vinschen
2012-03-01 10:52 ` Corinna Vinschen
2012-03-01 10:59   ` marco atzeri
2012-03-01 12:15     ` Corinna Vinschen
2012-03-01 22:44       ` Charles Wilson [this message]
2012-03-02  9:00         ` Corinna Vinschen
2012-03-02 17:11           ` Charles Wilson
  -- strict thread matches above, loose matches on Subject: below --
2018-03-02  8:14 ignace danneels
2018-03-02  9:39 ` Marco Atzeri
2012-07-18  0:03 Andrew DeFaria
2012-07-18  1:56 ` Reini Urban
2012-07-18  2:37   ` Andrew DeFaria
2012-07-18 15:04     ` Reini Urban
2012-07-18 18:16       ` Andrew DeFaria
2012-07-18 18:38         ` Earnie Boyd
2012-07-18 19:03           ` Andrew DeFaria
2006-02-21 17:40 Dill, Jens (END-CHI)
2006-02-21 16:10 Dill, Jens (END-CHI)
2006-02-21 16:37 ` Brian Dessent
2006-02-21 19:18 ` Yitzchak Scott-Thoennes
2006-02-19  3:34 Dill, Jens (END-CHI)
2006-02-19 18:41 ` Yitzchak Scott-Thoennes
2006-02-20  5:26 ` Mark Geisert
2006-02-20  5:36   ` Christopher Faylor
2006-02-21 21:56 ` Jason Tishler
2006-02-17 22:56 Dill, Jens (END-CHI)
2006-02-17 22:33 Dill, Jens (END-CHI)
2006-02-18 14:33 ` Mark Geisert
2006-02-17 17:43 Dill, Jens (END-CHI)
2006-02-16 23:45 Dill, Jens (END-CHI)
2006-02-17 10:23 ` Dave Korn
2006-02-16 22:05 Dill, Jens (END-CHI)
2006-02-16 19:38 Dill, Jens (END-CHI)
2006-02-16 20:06 ` Chris Taylor
2006-02-16 18:36 Dill, Jens (END-CHI)
2006-02-16 19:50 ` Dave Korn
2006-02-16  8:40 Dill, Jens (END-CHI)
2006-02-16 17:57 ` Christopher Faylor
2006-02-16 18:08 ` Dave Korn
2005-04-07 10:35 Andreas Heckel
2005-04-07 13:25 ` Dave Korn
2006-02-15 23:49   ` Jens Dill
2006-02-15 23:58     ` Christopher Faylor
2006-02-16 10:42     ` Dave Korn
2005-04-08  0:10 ` Mark Hadfield
2005-04-08  7:35   ` Andreas Heckel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4F4FFBD8.1080803@cwilson.fastmail.fm \
    --to=cygwin@cwilson.fastmail.fm \
    --cc=cygwin@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).