From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 112638 invoked by alias); 15 Jul 2018 09:18:21 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 112630 invoked by uid 89); 15 Jul 2018 09:18:20 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.2 spammy=AVG, avg, bet, lottery X-HELO: mx009.vodafonemail.xion.oxcs.net Received: from mx009.vodafonemail.xion.oxcs.net (HELO mx009.vodafonemail.xion.oxcs.net) (153.92.174.39) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sun, 15 Jul 2018 09:18:17 +0000 Received: from vsmx002.vodafonemail.xion.oxcs.net (unknown [192.168.75.192]) by mta-6-out.mta.xion.oxcs.net (Postfix) with ESMTP id 84108D9B168 for ; Sun, 15 Jul 2018 09:18:14 +0000 (UTC) Received: from Gertrud (unknown [91.47.49.33]) by mta-6-out.mta.xion.oxcs.net (Postfix) with ESMTPA id 5ADEE199C51 for ; Sun, 15 Jul 2018 09:18:12 +0000 (UTC) From: Achim Gratz To: cygwin@cygwin.com Subject: Re: Fork issue on W10 WOW References: <7ad0e0d4-438b-33ad-a711-e0b1996fa6f6@gmail.com> <20180709090332.GC3111@calimero.vinschen.de> <87e94b8c-13d0-928e-957d-c32b15b8a962@gmail.com> <20180709123739.GB27673@calimero.vinschen.de> <20180712133847.GT27673@calimero.vinschen.de> <874lh17txr.fsf@Rainer.invalid> <87zhyt66o4.fsf@Rainer.invalid> <7bdb2eb7-8612-0c4d-b79c-767efb58b31a@SystematicSw.ab.ca> <185ef5f6-aa31-0619-633c-087d8e55210a@gmail.com> Date: Sun, 15 Jul 2018 13:25:00 -0000 In-Reply-To: <185ef5f6-aa31-0619-633c-087d8e55210a@gmail.com> (Marco Atzeri's message of "Sun, 15 Jul 2018 08:49:30 +0200") Message-ID: <87tvp0eu27.fsf@Rainer.invalid> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-SW-Source: 2018-07/txt/msg00149.txt.bz2 Marco Atzeri writes: > In this case AVG is innocent. > I removed all AV and the lottery is still there Again, if the ASLR setup has been changed via registry, I wouldn't bet that the uninstallation of the application that changed them to reset to the defaults (if it was indeed AVG,). > it seems the WOW64*.dll can be anywhere between > 50000000-7F000000 Any ASLR aware library can be mapped to rather low adresses, but that usually means it couldn't load to where it originally wanted to go. MS actually uses this to force non-ASLR aware images to random addresses if the corresponding option is set. https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr/ > I will wait until 1803 is installed, download is in progress, > before making new trials/experiments If mandatory ASLR and bottom-up forced randomization got switched on, that will probably result in the same behaviour. 1803 should offer (most of) these options from some GUI tab (Security Center / App Control / Exploit Protection), I don't remember what 1709 had available there. The defaults are all "on" except forced ASLR, I think. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Wavetables for the Terratec KOMPLEXER: http://Synth.Stromeko.net/Downloads.html#KomplexerWaves -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple