X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:references:date:in-reply-to :message-id:mime-version:content-type; q=dns; s=default; b=GE72Z ILa/+4r9wDPBxCL1EQZBHYlbac/kgxun3rksLHEKRkmPiabtqyNnZNT0EJOF08Ny AUJtIZnHmoHAO2Rc/TmLSV8ZJrwbq4Zo2rlnQsn0DBdPRbTZBNOsecO9F8SBuy2D c7m576dUrrhQY5C6A28W64oTNt6NeWpRccI3oY= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:references:date:in-reply-to :message-id:mime-version:content-type; s=default; bh=wAbPyW1fdvX fsC8M0YS5pcuPkH4=; b=UNoJMYs5+puy/itlo2HvmkVXQTngRS3MoGDseB0UdkL FeopZAXYDCEQ8EBo+x0qkAqBQIPQy+FVyHuDkjvchI9NPjsUVzYNxlGf9Gw6O61F ulYL9Q4kNckeHHLwL1f6wzozguTkg8RL0VPRHTQxIz+i2uCMdN/9BmcvfaFeIq9I = Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.2 spammy=AVG, avg, bet, lottery X-HELO: mx009.vodafonemail.xion.oxcs.net From: Achim Gratz To: cygwin AT cygwin DOT com Subject: Re: Fork issue on W10 WOW References: <7ad0e0d4-438b-33ad-a711-e0b1996fa6f6 AT gmail DOT com>

<20180709090332 DOT GC3111 AT calimero DOT vinschen DOT de> <87e94b8c-13d0-928e-957d-c32b15b8a962 AT gmail DOT com> <20180709123739 DOT GB27673 AT calimero DOT vinschen DOT de> <20180712133847 DOT GT27673 AT calimero DOT vinschen DOT de> <874lh17txr DOT fsf AT Rainer DOT invalid> <87zhyt66o4 DOT fsf AT Rainer DOT invalid> <7bdb2eb7-8612-0c4d-b79c-767efb58b31a AT SystematicSw DOT ab DOT ca> <185ef5f6-aa31-0619-633c-087d8e55210a AT gmail DOT com> Date: Sun, 15 Jul 2018 11:18:08 +0200 In-Reply-To: <185ef5f6-aa31-0619-633c-087d8e55210a@gmail.com> (Marco Atzeri's message of "Sun, 15 Jul 2018 08:49:30 +0200") Message-ID: <87tvp0eu27.fsf@Rainer.invalid> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Marco Atzeri writes: > In this case AVG is innocent. > I removed all AV and the lottery is still there Again, if the ASLR setup has been changed via registry, I wouldn't bet that the uninstallation of the application that changed them to reset to the defaults (if it was indeed AVG,). > it seems the WOW64*.dll can be anywhere between > 50000000-7F000000 Any ASLR aware library can be mapped to rather low adresses, but that usually means it couldn't load to where it originally wanted to go. MS actually uses this to force non-ASLR aware images to random addresses if the corresponding option is set. https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr/ > I will wait until 1803 is installed, download is in progress, > before making new trials/experiments If mandatory ASLR and bottom-up forced randomization got switched on, that will probably result in the same behaviour. 1803 should offer (most of) these options from some GUI tab (Security Center / App Control / Exploit Protection), I don't remember what 1709 had available there. The defaults are all "on" except forced ASLR, I think. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Wavetables for the Terratec KOMPLEXER: http://Synth.Stromeko.net/Downloads.html#KomplexerWaves -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple