delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2005/08/11/12:01:28

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <42FB7644.8020905@le-resistant.com>
Date: Thu, 11 Aug 2005 18:01:08 +0200
From: Louis Lecaroz <louis DOT lecaroz AT le-resistant DOT com>
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: "Segmentation fault" CygWin tools with code Injection-MS Detours
X-auth-smtp-user: louis DOT lecaroz AT le-resistant DOT com
X-abuse-contact: abuse AT oxyd DOT fr

Christopher,
That's a possible workaround.
I tried to LD_PRELOAD my Microsoft DLL Hook, & it appears to work, 
cygwin is loaded correctly, & code is not injected but loaded by cygwin. &
Hooks appears working ! that's a great improvement on my issue. So it 
appears to be the code injection from one process to another one which 
is doing crashing cygwin tools !

But..... The LD_PRELOAD is only done one time when loading the first 
instance of bash !
if starting another instance of a cygwin tool under bash, I can see in 
my traces a createprocess on bash itself before loading the child process.
I suppose bash forking itself before spawning the child process (ls.exe 
for exemple). & because the forked process is initiliazed by a 
setjmp/longjmp, the LD_PRELOAD not read in the forked instance (due to 
entry point moved by the fork() methode of cygwin)...

Am I wrong or right ?
If yes, & if it is possible to correct this special really interresting 
undocumented CygWin Feature, I think, it will allow me to trace systems 
Win32 native call (not cygwin call like strace), in all cygwin tools. 
Then if a cygwin process will spawn a native Win32 process (not a 
cygwin), I will be able to inject myself inside (if cygwin does not 
execute specific code like exec fixup in Win32 native processes !!! )

???????????????????????

Thx in advance for your answer,
Louis



On Thu, Aug 11, 2005 at 02:58:58PM +0200, Louis Lecaroz wrote:

>>Having (if possible  ;)  ) a patch & a standard modification in cygwin to
>>allow this type of programming will be really great !
>  
>

Cygwin has its own (currently undocumented) hooking mechanism.  Setting
the LD_PRELOAD environment variable to the name of a DLL will cause any
function in the DLL to override the similarly named cygwin function.  It
works similarly to linux:

LD_PRELOAD
  A whitespace-separated list of additional, user-specified, ELF shared
  libraries to be loaded before all others.  This can be used to
  selectively override functions in other shared libraries.

except that it uses DLLs rather than "ELF shared libraries".

cgf



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019