X-Recipient: archive-cygwin@delorie.com
X-SWARE-Spam-Status: No, hits=-1.8 required=5.0	tests=BAYES_00,TW_YG,T_RP_MATCHES_RCVD
X-Spam-Check-By: sourceware.org
Message-ID: <4D811176.60908@ece.cmu.edu>
Date: Wed, 16 Mar 2011 15:37:26 -0400
From: Ryan Johnson <ryanjohn@ece.cmu.edu>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Lightning/1.0b2 Thunderbird/3.1.9
MIME-Version: 1.0
To: "Henry S. Thompson" <ht@inf.ed.ac.uk>
CC: cygwin@cygwin.com
Subject: Re: BLODA detection (was Re: Debugging help for fork failure: resource temporarily unavailable)
References: <f5bipvktgw2.fsf_-_@calexico.inf.ed.ac.uk>
In-Reply-To: <f5bipvktgw2.fsf_-_@calexico.inf.ed.ac.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

On 2:59 PM, Henry S. Thompson wrote:
> Ryan Johnson writes:
>
>> BTW, I found a good way to identify, if not fix, BLODA: given an app
>> which loads no libraries at runtime -- such as 'ls' -- any dlls
>> mentioned in /proc/$$/maps which cygcheck does not mention are
>> probably dodgy. In my case, Windows Live (which I didn't think was
>> even installed on my machine) has injected a WLIDNSP.DLL ("Microsoft
>> Windows Live ID Namespace Provider") in all my processes.
> This would be super-cool if true, but it doesn't work for me. . .
>
> If I try, I find
>
>   C:\Windows\system32\ntmarta.dll
>   C:\Windows\SysWOW64\sechost.dll
>   C:\Windows\syswow64\WLDAP32.dll
>
> in /proc/[ls procid]/maps but not in cygcheck output, but none of
> those are BLODA, right?
>
> [Note also that maps shows many things in syswow64 which cygcheck
> shows in system32, but presumably that's because cygcheck itself is a
> 32-bit app, is it?]
>
Interesting...

$ join -i -v 1 <(cat /proc/$$/maps | sed 's;^.*/;;' | sort -f) 
<(cygcheck $(cat /proc/$$/winexename) | sed 's;^.*\\;;' | sort -f)
apphelp.dll
DNSAPI.dll
IMM32.DLL
MSCTF.dll
mswsock.dll
napinsp.dll
NLAapi.dll
NSI.dll
pnrpnsp.dll
PSAPI.DLL
sechost.dll
SHLWAPI.dll
winmm.dll
winrnr.dll
WLIDNSP.DLL
ws2_32.dll
wshbth.dll

The above shows all dlls loaded by the process which are not linked in 
at compile time. Does bash really load so many dynamic libraries, or is 
cygcheck missing things?

Ryan


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple