X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=-1.9 required=5.0	tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE
X-Spam-Check-By: sourceware.org
Message-ID: <4F4C51D0.70307@acm.org>
Date: Mon, 27 Feb 2012 20:02:24 -0800
From: David Rothenberger <daveroth AT acm DOT org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: BLODA detection code in latest snapshot
References: <20120227122614 DOT GB31025 AT calimero DOT vinschen DOT de> <4F4C41B5 DOT 7040804 AT acm DOT org>
In-Reply-To: <4F4C41B5.7040804@acm.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Reply-To: cygwin AT cygwin DOT com
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On 2/27/2012 6:53 PM, David Rothenberger wrote:
> On 2/27/2012 4:26 AM, Corinna Vinschen wrote:
>>   Of course this is not foolproof.  The only filtered system DLLs so
>>   far are kernel32.dll, ntdll.dll, mswsock.dll, amd ws2_32.dll.  If you
>>   playing around with this, and if you find that a core system DLL is
>>   reported (like, say, advapi32.dll), then please notify this list, too.
> 
> On one of my Windows XP 32 boxes, it is reporting
> 
> Potential BLODA detected!  Thread function called outside of Cygwin DLL:
>   C:\WINDOWS\system32\advapi32.dll
> 
> when I ssh to another host. The machine DOES have potential BLODA,
> though: Symantec Endpoint Protection. It's never caused me any problems.
> 
> You did say above to report to the list if advapi32.dll is reported, and
> you didn't say not to report it if there is helpful anti-workright
> software on the machine, so, here's your report. Forgive me if I
> misunderstood.

Here's another one, this time on a Win7-64 machine:

Potential BLODA detected!  Thread function called outside of Cygwin DLL:
  C:\Windows\syswow64\SHLWAPI.dll

I get this when running

% cygstart --hide "$(cygpath -W)/sysnative/msg" $USER test

There's no BLODA on this machine.

-- 
David Rothenberger  ----  daveroth AT acm DOT org

Adler's Distinction:
        Language is all that separates us from the lower animals,
        and from the bureaucrats.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple