X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Fri, 5 Jun 2009 14:09:36 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: ASLR sometimes stops working on Vista with 1.7? [was: Re: 	Cygwin  1.7  release (was ...)]
Message-ID: <20090605120936.GD23519@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <1244131746 DOT 30024 DOT 1318796263 AT webmail DOT messagingengine DOT com> <4A282063 DOT 9030804 AT users DOT sourceforge DOT net> <4A286B99 DOT 6020702 AT users DOT sourceforge DOT net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4A286B99.6020702@users.sourceforge.net>
User-Agent: Mutt/1.5.19 (2009-02-20)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Jun  4 19:49, Yaakov S wrote:
> On 04/06/2009 14:28, Yaakov (Cygwin/X) wrote:
>> I'm having similar problems with Avast 4.8 Home Edition on Windows 7 RC
>> x64 with cygwin-1.7. I never had a problem with this A/V on XP with 1.5
>> or 1.7. This continues even after rebaseall and peflagsall. I have yet
>> to try removing Avast.
>
> OK, I've uninstalled Avast, disabled Windows Firewall and Defender, ran  
> rebaseall and peflagsall (tried ASLR on and off), and I still the same  
> errors.  I can't even bootstrap cygport now, it's so bad.

I can reproduce the "unable to remap" on W7RC by running `cygport
automake1.11-1.11-10 compile'.  The culprit in my case is always the
same DLL, a run-time loaded perl DLL called Cwd.dll.  Even after
rebaseall, it still doesn't work because the Windows Loader tries to
load the DLL into an entirely different address.

When examining the memory layout of the parent, it stands out that
Cwd.dll was already loaded into another address than the DLLs base
address.  The base addr of Cwd.dll is 0x6ee00000, the end address would
be 0x6ee08000.  There's no other DLL in this memory area according to
the memory map.  Nevertheless the DLL has been loaded into the rather
low address 0xa00000 in the parent.  When trying to map this DLL into
the same address in the child, it fails.

When I rebase Cwd.dll to some other address like 0x65000000, then it
works for me.

Probably the memory at 0x6ee00000 is actually used by some Windows DLL
at that time.  The fact that the DLL got rebased already in the parent
is not exactly surprising, just very annoying.

I don't think that this has anything to do with ASLR.  It's not the way
ASLR is documented to work.  Setting or resetting the ASLR flag should
have no effect from all I can tell.  If anything, setting the ASLR
flag in the executable should make things worse in case of fork().

This is entirely the good old fork() problem trying to get the memory
layout of the child into the same shape as in the parent.

This is really a bad problem since it seem to have gotten even worse
with W7.  I think I'm going to ask MSFT if there's any workaround for
this problem.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/