Mail Archives: cygwin/2018/07/15/05:18:31

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2018/07/15/05:18:31

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:from:to:subject:references:date:in-reply-to

:message-id:mime-version:content-type; q=dns; s=default; b=GE72Z

ILa/+4r9wDPBxCL1EQZBHYlbac/kgxun3rksLHEKRkmPiabtqyNnZNT0EJOF08Ny

AUJtIZnHmoHAO2Rc/TmLSV8ZJrwbq4Zo2rlnQsn0DBdPRbTZBNOsecO9F8SBuy2D

c7m576dUrrhQY5C6A28W64oTNt6NeWpRccI3oY=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:from:to:subject:references:date:in-reply-to

:message-id:mime-version:content-type; s=default; bh=wAbPyW1fdvX

fsC8M0YS5pcuPkH4=; b=UNoJMYs5+puy/itlo2HvmkVXQTngRS3MoGDseB0UdkL

FeopZAXYDCEQ8EBo+x0qkAqBQIPQy+FVyHuDkjvchI9NPjsUVzYNxlGf9Gw6O61F

ulYL9Q4kNckeHHLwL1f6wzozguTkg8RL0VPRHTQxIz+i2uCMdN/9BmcvfaFeIq9I

=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Spam-SWARE-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.2 spammy=AVG, avg, bet, lottery

X-HELO: mx009.vodafonemail.xion.oxcs.net

From: Achim Gratz <Stromeko AT nexgo DOT de>

To: cygwin AT cygwin DOT com

Subject: Re: Fork issue on W10 WOW

References: <7ad0e0d4-438b-33ad-a711-e0b1996fa6f6 AT gmail DOT com> <c1505248-8d03-c0b6-37ca-9c6eed2100e9 AT cornell DOT edu> <c618e65c-ab40-287d-39fb-d9daa9ef858a AT gmail DOT com> <20180709090332 DOT GC3111 AT calimero DOT vinschen DOT de> <87e94b8c-13d0-928e-957d-c32b15b8a962 AT gmail DOT com> <20180709123739 DOT GB27673 AT calimero DOT vinschen DOT de> <fd7e7ce2-84fd-aef3-b54a-0ff76ef8900c AT gmail DOT com> <CAB8Xom_DX=u0q17ewfRokh_mTcBYMppPZdDLS3UUdaPm5GMV4w AT mail DOT gmail DOT com> <20180712133847 DOT GT27673 AT calimero DOT vinschen DOT de> <c1aa10ad-e685-f232-6719-5c653f747f83 AT gmail DOT com> <874lh17txr DOT fsf AT Rainer DOT invalid> <c4fc080a-7b31-05d4-990c-668113477f86 AT gmail DOT com> <87zhyt66o4 DOT fsf AT Rainer DOT invalid> <7bdb2eb7-8612-0c4d-b79c-767efb58b31a AT SystematicSw DOT ab DOT ca> <185ef5f6-aa31-0619-633c-087d8e55210a AT gmail DOT com>

Date: Sun, 15 Jul 2018 11:18:08 +0200

In-Reply-To: <185ef5f6-aa31-0619-633c-087d8e55210a@gmail.com> (Marco Atzeri's message of "Sun, 15 Jul 2018 08:49:30 +0200")

Message-ID: <87tvp0eu27.fsf@Rainer.invalid>

User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)

MIME-Version: 1.0

Marco Atzeri writes:
> In this case AVG is innocent.
> I removed all AV and the lottery is still there

Again, if the ASLR setup has been changed via registry, I wouldn't bet
that the uninstallation of the application that changed them to reset
to the defaults (if it was indeed AVG,).

> it seems the WOW64*.dll can be anywhere between
> 50000000-7F000000

Any ASLR aware library can be mapped to rather low adresses, but that
usually means it couldn't load to where it originally wanted to go.  MS
actually uses this to force non-ASLR aware images to random addresses if
the corresponding option is set.

https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr/

> I will wait until 1803 is installed, download is in progress,
> before making new trials/experiments

If mandatory ASLR and bottom-up forced randomization got switched on,
that will probably result in the same behaviour.  1803 should offer
(most of) these options from some GUI tab (Security Center / App Control
/ Exploit Protection), I don't remember what 1709 had available there.
The defaults are all "on" except forced ASLR, I think.

Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Wavetables for the Terratec KOMPLEXER:
http://Synth.Stromeko.net/Downloads.html#KomplexerWaves

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:references:date:in-reply-to
	:message-id:mime-version:content-type; q=dns; s=default; b=GE72Z
	ILa/+4r9wDPBxCL1EQZBHYlbac/kgxun3rksLHEKRkmPiabtqyNnZNT0EJOF08Ny
	AUJtIZnHmoHAO2Rc/TmLSV8ZJrwbq4Zo2rlnQsn0DBdPRbTZBNOsecO9F8SBuy2D
	c7m576dUrrhQY5C6A28W64oTNt6NeWpRccI3oY=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:references:date:in-reply-to
	:message-id:mime-version:content-type; s=default; bh=wAbPyW1fdvX
	fsC8M0YS5pcuPkH4=; b=UNoJMYs5+puy/itlo2HvmkVXQTngRS3MoGDseB0UdkL
	FeopZAXYDCEQ8EBo+x0qkAqBQIPQy+FVyHuDkjvchI9NPjsUVzYNxlGf9Gw6O61F
	ulYL9Q4kNckeHHLwL1f6wzozguTkg8RL0VPRHTQxIz+i2uCMdN/9BmcvfaFeIq9I
	=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Spam-SWARE-Status:	No, score=-1.8 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.2 spammy=AVG, avg, bet, lottery
X-HELO:	mx009.vodafonemail.xion.oxcs.net
From:	Achim Gratz <Stromeko AT nexgo DOT de>
To:	cygwin AT cygwin DOT com
Subject:	Re: Fork issue on W10 WOW
References:	<7ad0e0d4-438b-33ad-a711-e0b1996fa6f6 AT gmail DOT com> <c1505248-8d03-c0b6-37ca-9c6eed2100e9 AT cornell DOT edu> <c618e65c-ab40-287d-39fb-d9daa9ef858a AT gmail DOT com> <20180709090332 DOT GC3111 AT calimero DOT vinschen DOT de> <87e94b8c-13d0-928e-957d-c32b15b8a962 AT gmail DOT com> <20180709123739 DOT GB27673 AT calimero DOT vinschen DOT de> <fd7e7ce2-84fd-aef3-b54a-0ff76ef8900c AT gmail DOT com> <CAB8Xom_DX=u0q17ewfRokh_mTcBYMppPZdDLS3UUdaPm5GMV4w AT mail DOT gmail DOT com> <20180712133847 DOT GT27673 AT calimero DOT vinschen DOT de> <c1aa10ad-e685-f232-6719-5c653f747f83 AT gmail DOT com> <874lh17txr DOT fsf AT Rainer DOT invalid> <c4fc080a-7b31-05d4-990c-668113477f86 AT gmail DOT com> <87zhyt66o4 DOT fsf AT Rainer DOT invalid> <7bdb2eb7-8612-0c4d-b79c-767efb58b31a AT SystematicSw DOT ab DOT ca> <185ef5f6-aa31-0619-633c-087d8e55210a AT gmail DOT com>
Date:	Sun, 15 Jul 2018 11:18:08 +0200
In-Reply-To:	<185ef5f6-aa31-0619-633c-087d8e55210a@gmail.com> (Marco Atzeri's message of "Sun, 15 Jul 2018 08:49:30 +0200")
Message-ID:	<87tvp0eu27.fsf@Rainer.invalid>
User-Agent:	Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version:	1.0