X-Recipient: archive-cygwin@delorie.com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:references:date:in-reply-to :message-id:mime-version:content-type; q=dns; s=default; b=GE72Z ILa/+4r9wDPBxCL1EQZBHYlbac/kgxun3rksLHEKRkmPiabtqyNnZNT0EJOF08Ny AUJtIZnHmoHAO2Rc/TmLSV8ZJrwbq4Zo2rlnQsn0DBdPRbTZBNOsecO9F8SBuy2D c7m576dUrrhQY5C6A28W64oTNt6NeWpRccI3oY= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:references:date:in-reply-to :message-id:mime-version:content-type; s=default; bh=wAbPyW1fdvX fsC8M0YS5pcuPkH4=; b=UNoJMYs5+puy/itlo2HvmkVXQTngRS3MoGDseB0UdkL FeopZAXYDCEQ8EBo+x0qkAqBQIPQy+FVyHuDkjvchI9NPjsUVzYNxlGf9Gw6O61F ulYL9Q4kNckeHHLwL1f6wzozguTkg8RL0VPRHTQxIz+i2uCMdN/9BmcvfaFeIq9I = Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.2 spammy=AVG, avg, bet, lottery X-HELO: mx009.vodafonemail.xion.oxcs.net From: Achim Gratz To: cygwin@cygwin.com Subject: Re: Fork issue on W10 WOW References: <7ad0e0d4-438b-33ad-a711-e0b1996fa6f6@gmail.com> <20180709090332.GC3111@calimero.vinschen.de> <87e94b8c-13d0-928e-957d-c32b15b8a962@gmail.com> <20180709123739.GB27673@calimero.vinschen.de> <20180712133847.GT27673@calimero.vinschen.de> <874lh17txr.fsf@Rainer.invalid> <87zhyt66o4.fsf@Rainer.invalid> <7bdb2eb7-8612-0c4d-b79c-767efb58b31a@SystematicSw.ab.ca> <185ef5f6-aa31-0619-633c-087d8e55210a@gmail.com> Date: Sun, 15 Jul 2018 11:18:08 +0200 In-Reply-To: <185ef5f6-aa31-0619-633c-087d8e55210a@gmail.com> (Marco Atzeri's message of "Sun, 15 Jul 2018 08:49:30 +0200") Message-ID: <87tvp0eu27.fsf@Rainer.invalid> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Marco Atzeri writes: > In this case AVG is innocent. > I removed all AV and the lottery is still there Again, if the ASLR setup has been changed via registry, I wouldn't bet that the uninstallation of the application that changed them to reset to the defaults (if it was indeed AVG,). > it seems the WOW64*.dll can be anywhere between > 50000000-7F000000 Any ASLR aware library can be mapped to rather low adresses, but that usually means it couldn't load to where it originally wanted to go. MS actually uses this to force non-ASLR aware images to random addresses if the corresponding option is set. https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr/ > I will wait until 1803 is installed, download is in progress, > before making new trials/experiments If mandatory ASLR and bottom-up forced randomization got switched on, that will probably result in the same behaviour. 1803 should offer (most of) these options from some GUI tab (Security Center / App Control / Exploit Protection), I don't remember what 1709 had available there. The defaults are all "on" except forced ASLR, I think. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Wavetables for the Terratec KOMPLEXER: http://Synth.Stromeko.net/Downloads.html#KomplexerWaves -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple