"Segmentation fault" CygWin tools with code Injection-MS Detours

Louis Lecaroz louis.lecaroz@le-resistant.com
Thu Aug 11 16:01:00 GMT 2005 

Christopher,
That's a possible workaround.
I tried to LD_PRELOAD my Microsoft DLL Hook, & it appears to work, 
cygwin is loaded correctly, & code is not injected but loaded by cygwin. &
Hooks appears working ! that's a great improvement on my issue. So it 
appears to be the code injection from one process to another one which 
is doing crashing cygwin tools !

But..... The LD_PRELOAD is only done one time when loading the first 
instance of bash !
if starting another instance of a cygwin tool under bash, I can see in 
my traces a createprocess on bash itself before loading the child process.
I suppose bash forking itself before spawning the child process (ls.exe 
for exemple). & because the forked process is initiliazed by a 
setjmp/longjmp, the LD_PRELOAD not read in the forked instance (due to 
entry point moved by the fork() methode of cygwin)...

Am I wrong or right ?
If yes, & if it is possible to correct this special really interresting 
undocumented CygWin Feature, I think, it will allow me to trace systems 
Win32 native call (not cygwin call like strace), in all cygwin tools. 
Then if a cygwin process will spawn a native Win32 process (not a 
cygwin), I will be able to inject myself inside (if cygwin does not 
execute specific code like exec fixup in Win32 native processes !!! )

???????????????????????

Thx in advance for your answer,
Louis



On Thu, Aug 11, 2005 at 02:58:58PM +0200, Louis Lecaroz wrote:

>>Having (if possible  ;)  ) a patch & a standard modification in cygwin to
>>allow this type of programming will be really great !
>  
>

Cygwin has its own (currently undocumented) hooking mechanism.  Setting
the LD_PRELOAD environment variable to the name of a DLL will cause any
function in the DLL to override the similarly named cygwin function.  It
works similarly to linux:

LD_PRELOAD
  A whitespace-separated list of additional, user-specified, ELF shared
  libraries to be loaded before all others.  This can be used to
  selectively override functions in other shared libraries.

except that it uses DLLs rather than "ELF shared libraries".

cgf



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

More information about the Cygwin mailing list