This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

BLODA detection code in latest snapshot

Hi folks,

I've just uploaded a new snapshot "2012-02-27 12:04:23 UTC".  It
contains two code snippets which are supposed to help diagnosing BLODA

If you set the environment variable CYGWIN to "detect_bloda" and then
start a Cygwin process (bash or so), then Cygwin will detect two types
of anomalies:

- Threads injected into the process from an unknown source.

  Every thread started in a process triggers a message to the DLLs
  in a process.  When the Cygwin DLL gets this message, it tweaks
  the function pointer of the thread entry point so that it points to
  a Cygwin function.  Usually Cygwin just performs some setup and
  then starts the original thread function.

  If CYGWIN=detect_bloda, then the original function address is
  evaluated and if the address is neither in the Cygwin DLL, nor in
  the application image, nor in one of a few filtered system DLLs,
  then Cygwin prints a message like this:

    Potential BLODA detected!  Thread function called outside of Cygwin DLL:

  Of course this is not foolproof.  The only filtered system DLLs so
  far are kernel32.dll, ntdll.dll, mswsock.dll, amd ws2_32.dll.  If you
  playing around with this, and if you find that a core system DLL is
  reported (like, say, advapi32.dll), then please notify this list, too.

- Some BLODAs affect the network.  Winsock allows so-called "Layered
  Service Providers" (LSP).  The socket handle returned by a socket(2)
  call is not a real socket, but a pseudo handle returned by the LSP.
  While Cygwin tries to workaround this, it's nevertheless interesting
  to learn that an LSP is installed.
  For instance, there's the "Bytemobile optimization client" on our
  BLODA list at
  If this is installed on your machine, and if you have CYGWIN=detect_bloda
  set, it's existence will be recognized twice when you try to open a
  socket connection.  First it injects a thread into the application, so
  you'll see something like this:

    Potential BLODA detected!  Thread function called outside of Cygwin DLL:

  And additionally you'll see this:

    Potential BLODA detected!  Layered Socket Service Provider:
      BMA over MSAFD Tcpip [TCP/IP]

Please note that this new CYGWIN=detect_bloda setting is just for
diagnosing BLODA problems.  It's no swiss army knife to fix the BLODA
problems, but it might help to detect the cause for some of them.

Of course I'd be interested in your experience with this and in any
BLODA message you get by setting CYGWIN=detect_bloda.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]