Mail Archives: cygwin/2005/08/11/12:32:27
Hi Dave,
First I really understand your point of view of starting programs sent
by internet ! I am working like you to have a secure computer ;)
Next, ok, I said, I am writing a TRuss program but by using the
Microsoft Detours toolkit. You have some example shipped with the MS
Detours, doing CreateProcess & CreateFile hooking like me. & I zipped to
you standards exemples not to introduce my code & to eliminate bugs from
my code ;) I am sure You will understand this step from me.
Next, I am not sure, there is a real "bug" in MS Detours & in CygWin...
Not by default but more an incompatibility.... I think, the problem is
more on the fork() emulation as If I have understound correctly the bash
workflow, it first fork itself before spawning the child process. But
the fork() emulation (as this feature does not exists on Win32),
introduce & re-write BSS/DATA segments in the forked instance of bash, &
I am supposing this to crashing as the child process to spawn never
appears in my CreateProcess Hooked version traces (but the createprocess
call performed on bash to fork itself (so createprocess(bash), & next
longjmp/setjmp & bss/data fixing).
I think, we have an issue at this point on this. Why am I supposing
this, because instead of injecting code by using the MS Detours but
installing MS Detours hooks by LD_PRELOAD (loading my hooking dll
instead of injecting it with Microsoft APIs) works... But because the
LD_PRELOAD does not appears to be done in the fork instance, I loose the
hook for the process forked (not spawned) :( . (See already sent
subject on this here : http://cygwin.com/ml/cygwin/2005-08/msg00470.html )
So, my next question... is without compiling by using gcc of CygWin, how
to be able to force my DLL to be also able to preload in forked
instances or to force my dll to be loaded inside forked instances :( ?
I am really near the goal. Next, because by using the LD_PREALOD
environment variable works for parent instance of the fork (not on the
spawned), I think, I will be able from my DLL loaded in the cygwin
process (by LD_PREALOD) be able to hook createprocess & to inject me in
child Win32 native processes as they doesn't take care of LD_PRELOAD ;)
But... As I said in the other post above... I hope cygwin, not to fixing
& modifing native Win32 child process to allow me to inject my code in
non cygwin executable...
I hope I have been clear in my mail (sorry for my poor english) ?
As I said, I think, Logging a bug into the Microsoft Support, they will
answer to me... : Hey guy ! CygWin performs strange code overwritting
BSS/Data segments & other things like this in their code. Check with
them to ask them to be totally native Win32 coding :( glups ! :(
?????????
Louis
Dave Korn wrote:
>----Original Message----
>
>
>>From: Louis Lecaroz
>>Sent: 11 August 2005 16:13
>>
>>
>
>
>
>>Dave,
>>For your information, you don't need my code specificaly, as it is not
>>directly link to "my" code but to the Microsoft Toolkit, but I think,
>>when You were talking about my code, You mean Microsoft ?.
>>
>>
>
> I'm not sure now; I thought you said you were writing a truss tool? Your
>first email said ...
>
>
>
>>I wrote an Advanced "truss like" tool to examine files opened by a
>>process by using code injection.
>>
>>
>
> ... but now I guess what you mean is "I downloaded and compiled a program
>but didn't write any code myself".
>
>
>
>>But, I have attached for you, some already compiled sample of the sdk
>>you can execute on your computer. you can download all the ms toolkit
>>(only the 1.5 is still public) with sample on :
>>http://research.microsoft.com/sn/detours/
>>
>>
>
> Yes, I know about the Detours library, I've read all about it before.
>
>
>
>>Unzip it in your cygwin\bin dir & run :
>>
>>
>
> Not to be rude, but you must be out of your mind if you think I'm going to
>execute a random binary sent to me through email by a complete stranger!
>
>
>
>>Because I am really accustomed, it appears to be more simple for me, to
>>understand/generate & debug microsoft tools than CygWin specific code
>>(really sorry). This is the reason I have posted here, hopping I will be
>>able to undertand something or to find a solution, to have ONLY ONE
>>TRUSS similar command able to hook & trace system calls for CygWin &
>>Win32 native. This allow, for exemple tracing cygwin & a child Win32
>>native process launch by cygwin... ;)
>>
>>
>
> If you want Microsoft tools to support Cygwin calling sequences, you
>really have to ask Microsoft to add support to their code, there's no point
>asking us to somehow change the Detours library (or any other M$ tool)!
>
> Or you could debug the crash yourself, find out why it's happening, patch
>your local copy of the detours library to work with Cygwin, and you should
>have the tool you want.
>
>
> cheers,
> DaveK
>
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -