This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: "Segmentation fault" CygWin tools with code Injection-MS Detours

From: Louis Lecaroz <louis dot lecaroz at club-internet dot fr>
To: Dave Korn <dave dot korn at artimi dot com>
Cc: cygwin at cygwin dot com
Date: Thu, 11 Aug 2005 18:32:16 +0200
Subject: Re: "Segmentation fault" CygWin tools with code Injection-MS Detours
References: <SERRANOhxuNhTnWwsPh00000243@SERRANO.CAM.ARTIMI.COM>

Hi Dave, First I really understand your point of view of starting programs sent by internet ! I am working like you to have a secure computer ;)

Next, ok, I said, I am writing a TRuss program but by using the Microsoft Detours toolkit. You have some example shipped with the MS Detours, doing CreateProcess & CreateFile hooking like me. & I zipped to you standards exemples not to introduce my code & to eliminate bugs from my code ;) I am sure You will understand this step from me.

Next, I am not sure, there is a real "bug" in MS Detours & in CygWin... Not by default but more an incompatibility.... I think, the problem is more on the fork() emulation as If I have understound correctly the bash workflow, it first fork itself before spawning the child process. But the fork() emulation (as this feature does not exists on Win32), introduce & re-write BSS/DATA segments in the forked instance of bash, & I am supposing this to crashing as the child process to spawn never appears in my CreateProcess Hooked version traces (but the createprocess call performed on bash to fork itself (so createprocess(bash), & next longjmp/setjmp & bss/data fixing).

I think, we have an issue at this point on this. Why am I supposing this, because instead of injecting code by using the MS Detours but installing MS Detours hooks by LD_PRELOAD (loading my hooking dll instead of injecting it with Microsoft APIs) works... But because the LD_PRELOAD does not appears to be done in the fork instance, I loose the hook for the process forked (not spawned) :( . (See already sent subject on this here : http://cygwin.com/ml/cygwin/2005-08/msg00470.html )

So, my next question... is without compiling by using gcc of CygWin, how to be able to force my DLL to be also able to preload in forked instances or to force my dll to be loaded inside forked instances :( ?

I am really near the goal. Next, because by using the LD_PREALOD environment variable works for parent instance of the fork (not on the spawned), I think, I will be able from my DLL loaded in the cygwin process (by LD_PREALOD) be able to hook createprocess & to inject me in child Win32 native processes as they doesn't take care of LD_PRELOAD ;)

But... As I said in the other post above... I hope cygwin, not to fixing & modifing native Win32 child process to allow me to inject my code in non cygwin executable... I hope I have been clear in my mail (sorry for my poor english) ?

As I said, I think, Logging a bug into the Microsoft Support, they will answer to me... : Hey guy ! CygWin performs strange code overwritting BSS/Data segments & other things like this in their code. Check with them to ask them to be totally native Win32 coding :( glups ! :(

?????????
Louis

Dave Korn wrote:

----Original Message----

From: Louis Lecaroz Sent: 11 August 2005 16:13

Dave, For your information, you don't need my code specificaly, as it is not directly link to "my" code but to the Microsoft Toolkit, but I think, when You were talking about my code, You mean Microsoft ?.
 I'm not sure now; I thought you said you were writing a truss tool?  Your
first email said ...
I wrote an Advanced "truss like" tool to examine files opened by a process by using code injection.
 ... but now I guess what you mean is "I downloaded and compiled a program
but didn't write any code myself".
But, I have attached for you, some already compiled sample of the sdk you can execute on your computer. you can download all the ms toolkit (only the 1.5 is still public) with sample on : http://research.microsoft.com/sn/detours/

Yes, I know about the Detours library, I've read all about it before.

Unzip it in your cygwin\bin dir & run :
 Not to be rude, but you must be out of your mind if you think I'm going to
execute a random binary sent to me through email by a complete stranger!
Because I am really accustomed, it appears to be more simple for me, to understand/generate & debug microsoft tools than CygWin specific code (really sorry). This is the reason I have posted here, hopping I will be able to undertand something or to find a solution, to have ONLY ONE TRUSS similar command able to hook & trace system calls for CygWin & Win32 native. This allow, for exemple tracing cygwin & a child Win32 native process launch by cygwin... ;)
 If you want Microsoft tools to support Cygwin calling sequences, you
really have to ask Microsoft to add support to their code, there's no point
asking us to somehow change the Detours library (or any other M$ tool)!
 Or you could debug the crash yourself, find out why it's happening, patch
your local copy of the detours library to work with Cygwin, and you should
have the tool you want.
cheers, DaveK

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

References:
- RE: "Segmentation fault" CygWin tools with code Injection-MS Detours
  - From: Dave Korn

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]