X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-1.8 required=5.0	tests=BAYES_00,TW_YG,T_RP_MATCHES_RCVD
X-Spam-Check-By: sourceware.org
Message-ID: <4D811176.60908@ece.cmu.edu>
Date: Wed, 16 Mar 2011 15:37:26 -0400
From: Ryan Johnson <ryanjohn AT ece DOT cmu DOT edu>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Lightning/1.0b2 Thunderbird/3.1.9
MIME-Version: 1.0
To: "Henry S. Thompson" <ht AT inf DOT ed DOT ac DOT uk>
CC: cygwin AT cygwin DOT com
Subject: Re: BLODA detection (was Re: Debugging help for fork failure: resource temporarily unavailable)
References: <f5bipvktgw2 DOT fsf_-_ AT calexico DOT inf DOT ed DOT ac DOT uk>
In-Reply-To: <f5bipvktgw2.fsf_-_@calexico.inf.ed.ac.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On 2:59 PM, Henry S. Thompson wrote:
> Ryan Johnson writes:
>
>> BTW, I found a good way to identify, if not fix, BLODA: given an app
>> which loads no libraries at runtime -- such as 'ls' -- any dlls
>> mentioned in /proc/$$/maps which cygcheck does not mention are
>> probably dodgy. In my case, Windows Live (which I didn't think was
>> even installed on my machine) has injected a WLIDNSP.DLL ("Microsoft
>> Windows Live ID Namespace Provider") in all my processes.
> This would be super-cool if true, but it doesn't work for me. . .
>
> If I try, I find
>
>   C:\Windows\system32\ntmarta.dll
>   C:\Windows\SysWOW64\sechost.dll
>   C:\Windows\syswow64\WLDAP32.dll
>
> in /proc/[ls procid]/maps but not in cygcheck output, but none of
> those are BLODA, right?
>
> [Note also that maps shows many things in syswow64 which cygcheck
> shows in system32, but presumably that's because cygcheck itself is a
> 32-bit app, is it?]
>
Interesting...

$ join -i -v 1 <(cat /proc/$$/maps | sed 's;^.*/;;' | sort -f) 
<(cygcheck $(cat /proc/$$/winexename) | sed 's;^.*\\;;' | sort -f)
apphelp.dll
DNSAPI.dll
IMM32.DLL
MSCTF.dll
mswsock.dll
napinsp.dll
NLAapi.dll
NSI.dll
pnrpnsp.dll
PSAPI.DLL
sechost.dll
SHLWAPI.dll
winmm.dll
winrnr.dll
WLIDNSP.DLL
ws2_32.dll
wshbth.dll

The above shows all dlls loaded by the process which are not linked in 
at compile time. Does bash really load so many dynamic libraries, or is 
cygcheck missing things?

Ryan


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple