delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2018/07/15/02:50:02

X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:from:subject:to:references:message-id:date
:mime-version:in-reply-to:content-type
:content-transfer-encoding; q=dns; s=default; b=NokUYxBno7Q/GGOs
CCKTybbLFl58jlXGRPi6nHowC73yzHm2XhMgW9AjFLwEtD1Jv1tVO20fj6VMVDCE
EJGmcFrYju/1TvxVeITl+36l3e0GqyQzatuSFYNrqNHXgtjIUwnDC1ee9iCszzy1
anbifB7891WKJxO+i5ibQvXE2vA=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:from:subject:to:references:message-id:date
:mime-version:in-reply-to:content-type
:content-transfer-encoding; s=default; bh=HvR9BHzpkrAx6qrDy7BhX4
krfUk=; b=a+UA4uTF3MLn+YtqSbs8B18kI0elp7pf7DMbqMH6WoR+YFisNILX5E
OE5HgvMjvobSIsIr0Y19tCi10VPaMDG/ekGwfOysEUVubgHJvZ36cNWQL+6zxCIE
RTVtVVlykhGauxbiitHNTqV8MZ7/4bJX7Np9muwPiM2lOx0mRPYXk=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: Yes, score=6.8 required=5.0 tests=BAYES_50,FOREIGN_BODY,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.2 spammy=EMail, E-Mail, AVG, avg
X-HELO: mail-wr1-f48.google.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=8BrCnDubBQEyIjWGhG3fgcSJvGY/nKCgsqVr87jTFhQ=; b=P7QqkAqiprqjtxDo1M31RqK3ha/LzXUo1eqPH4c9SRRtzCfxIyzkK+77CehRfleZ4P sWiajRVEKNSkACthJBCpRTQacW+h/MvjvAnDRWv+yHTAE432cildbixxwrQCRbCgo/hJ SlVqLCqHHEKTtDShjMRJzsN7uGwFSf3FBN5PcDMmWWlcHRad+UdzLmH8J7HUZZKf3ZJ6 3W+NB9xh9CSZp0oCBRyTvU6CAmx98YmDuzRsdDIuC+rMxRE0TLTeZRIYr3jntFBLYmX6 A8UNQdyHmz6GoHKxhU9pTCYCO2BC5EW68n87fEXdn08KOOy3M6HGrBiH9nQQc8JH6tUc lT1w==
From: Marco Atzeri <marco DOT atzeri AT gmail DOT com>
Subject: Re: Fork issue on W10 WOW
To: cygwin AT cygwin DOT com
References: <7ad0e0d4-438b-33ad-a711-e0b1996fa6f6 AT gmail DOT com> <c1505248-8d03-c0b6-37ca-9c6eed2100e9 AT cornell DOT edu> <c618e65c-ab40-287d-39fb-d9daa9ef858a AT gmail DOT com> <20180709090332 DOT GC3111 AT calimero DOT vinschen DOT de> <87e94b8c-13d0-928e-957d-c32b15b8a962 AT gmail DOT com> <20180709123739 DOT GB27673 AT calimero DOT vinschen DOT de> <fd7e7ce2-84fd-aef3-b54a-0ff76ef8900c AT gmail DOT com> <CAB8Xom_DX=u0q17ewfRokh_mTcBYMppPZdDLS3UUdaPm5GMV4w AT mail DOT gmail DOT com> <20180712133847 DOT GT27673 AT calimero DOT vinschen DOT de> <c1aa10ad-e685-f232-6719-5c653f747f83 AT gmail DOT com> <874lh17txr DOT fsf AT Rainer DOT invalid> <c4fc080a-7b31-05d4-990c-668113477f86 AT gmail DOT com> <87zhyt66o4 DOT fsf AT Rainer DOT invalid> <7bdb2eb7-8612-0c4d-b79c-767efb58b31a AT SystematicSw DOT ab DOT ca>
Message-ID: <185ef5f6-aa31-0619-633c-087d8e55210a@gmail.com>
Date: Sun, 15 Jul 2018 08:49:30 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <7bdb2eb7-8612-0c4d-b79c-767efb58b31a@SystematicSw.ab.ca>
X-IsSubscribed: yes 

Am 14.07.2018 um 21:03 schrieb Brian Inglis:
> On 2018-07-14 11:58, Achim Gratz wrote:
>> Marco Atzeri writes:
>> Anyway, the only time I've seen similar behaviour was when some other
>> library was occupying the address space the systems libraries should
>> have occupied, and the they get some extremely random address assigned
>> until the next reboot.  To do this the other library must however be
>> loaded pretty early in the boot process.  If you wrote the mail on said
>> laptop, this
>>> Diese E-Mail wurde von AVG auf Viren geprüft.
>> might be an explanation for the whole thing.  AVG is well known for
>> intercepting things already during boot and loading a bunch of their
>> libraries early.  Some of it is still done even if you switch it off
>> completely and some changes to the registry might even survive a
>> deinstallation.
> 
> +1 for AVG BLODA - had to deinstall that years ago, and was slow; only reason I
> still run an AV is to catch stuff, either in Windows binaries from download
> sources about which little info is publicly available, or in email which folks I
> trust forward once in a blue moon, from their greedy or gullible infected
> friends, who are in the main, clueless or in denial about it.
> 

In this case AVG is innocent.
I removed all AV and the lottery is still there

63DF0000-63DF1000
74F40000-74F41000
5DE20000-5DE21000

it seems the WOW64*.dll can be anywhere between
50000000-7F000000

The 32 applications present at boot are:

HP Cool Sense
HP Audio Switch
HP Jump Start
HP Message Service
Microsoft OneDrive
Lavasof Webcompanion
Wordweb Dictionary

and also Lavasoft seems innocent as after removal

5C900000-5C901000
5EE70000-5EE71000

I will wait until 1803 is installed, download is in progress,
before making new trials/experiments

Regards
Marco





--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019