Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Message-ID: <42FB7D90.5090706@club-internet.fr> Date: Thu, 11 Aug 2005 18:32:16 +0200 From: Louis Lecaroz User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) MIME-Version: 1.0 To: Dave Korn Cc: cygwin AT cygwin DOT com Subject: Re: "Segmentation fault" CygWin tools with code Injection-MS Detours References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Hi Dave, First I really understand your point of view of starting programs sent by internet ! I am working like you to have a secure computer ;) Next, ok, I said, I am writing a TRuss program but by using the Microsoft Detours toolkit. You have some example shipped with the MS Detours, doing CreateProcess & CreateFile hooking like me. & I zipped to you standards exemples not to introduce my code & to eliminate bugs from my code ;) I am sure You will understand this step from me. Next, I am not sure, there is a real "bug" in MS Detours & in CygWin... Not by default but more an incompatibility.... I think, the problem is more on the fork() emulation as If I have understound correctly the bash workflow, it first fork itself before spawning the child process. But the fork() emulation (as this feature does not exists on Win32), introduce & re-write BSS/DATA segments in the forked instance of bash, & I am supposing this to crashing as the child process to spawn never appears in my CreateProcess Hooked version traces (but the createprocess call performed on bash to fork itself (so createprocess(bash), & next longjmp/setjmp & bss/data fixing). I think, we have an issue at this point on this. Why am I supposing this, because instead of injecting code by using the MS Detours but installing MS Detours hooks by LD_PRELOAD (loading my hooking dll instead of injecting it with Microsoft APIs) works... But because the LD_PRELOAD does not appears to be done in the fork instance, I loose the hook for the process forked (not spawned) :( . (See already sent subject on this here : http://cygwin.com/ml/cygwin/2005-08/msg00470.html ) So, my next question... is without compiling by using gcc of CygWin, how to be able to force my DLL to be also able to preload in forked instances or to force my dll to be loaded inside forked instances :( ? I am really near the goal. Next, because by using the LD_PREALOD environment variable works for parent instance of the fork (not on the spawned), I think, I will be able from my DLL loaded in the cygwin process (by LD_PREALOD) be able to hook createprocess & to inject me in child Win32 native processes as they doesn't take care of LD_PRELOAD ;) But... As I said in the other post above... I hope cygwin, not to fixing & modifing native Win32 child process to allow me to inject my code in non cygwin executable... I hope I have been clear in my mail (sorry for my poor english) ? As I said, I think, Logging a bug into the Microsoft Support, they will answer to me... : Hey guy ! CygWin performs strange code overwritting BSS/Data segments & other things like this in their code. Check with them to ask them to be totally native Win32 coding :( glups ! :( ????????? Louis Dave Korn wrote: >----Original Message---- > > >>From: Louis Lecaroz >>Sent: 11 August 2005 16:13 >> >> > > > >>Dave, >>For your information, you don't need my code specificaly, as it is not >>directly link to "my" code but to the Microsoft Toolkit, but I think, >>when You were talking about my code, You mean Microsoft ?. >> >> > > I'm not sure now; I thought you said you were writing a truss tool? Your >first email said ... > > > >>I wrote an Advanced "truss like" tool to examine files opened by a >>process by using code injection. >> >> > > ... but now I guess what you mean is "I downloaded and compiled a program >but didn't write any code myself". > > > >>But, I have attached for you, some already compiled sample of the sdk >>you can execute on your computer. you can download all the ms toolkit >>(only the 1.5 is still public) with sample on : >>http://research.microsoft.com/sn/detours/ >> >> > > Yes, I know about the Detours library, I've read all about it before. > > > >>Unzip it in your cygwin\bin dir & run : >> >> > > Not to be rude, but you must be out of your mind if you think I'm going to >execute a random binary sent to me through email by a complete stranger! > > > >>Because I am really accustomed, it appears to be more simple for me, to >>understand/generate & debug microsoft tools than CygWin specific code >>(really sorry). This is the reason I have posted here, hopping I will be >>able to undertand something or to find a solution, to have ONLY ONE >>TRUSS similar command able to hook & trace system calls for CygWin & >>Win32 native. This allow, for exemple tracing cygwin & a child Win32 >>native process launch by cygwin... ;) >> >> > > If you want Microsoft tools to support Cygwin calling sequences, you >really have to ask Microsoft to add support to their code, there's no point >asking us to somehow change the Detours library (or any other M$ tool)! > > Or you could debug the crash yourself, find out why it's happening, patch >your local copy of the detours library to work with Cygwin, and you should >have the tool you want. > > > cheers, > DaveK > > -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/