This is the mail archive of the
cygwin-talk
mailing list for the cygwin project.
RE: The Big List of Dodgy Apps
- From: "Dave Korn" <dave dot korn at artimi dot com>
- To: "'spoon failure'" <cygwin-talk at cygwin dot com>
- Date: Tue, 20 Mar 2007 18:07:12 -0000
- Subject: RE: The Big List of Dodgy Apps
- References: <84952F09F3FC0C418393E60D116EB9CC180FAC@Traf-Mail.int.ascribe.com>
- Reply-to: The Cygwin-Talk Maiming List <cygwin-talk at cygwin dot com>
On 20 March 2007 18:02, Phil Betts wrote:
> It seems that most, if not all, of the offenders insert themselves
> (or rather get themselves inserted) into every process's DLL list.
Yes, I think that's certainly the most common underlying cause.
> I would think it was possible to have cygcheck do something like
> sysinternals' process explorer does to get the DLL list, but to do it
> only on itself - essentially asking the question "to which DLLs am I
> linked?" The expected DLLs can be eliminated from all enquiries. If
> the fingerprint of a known offender is detected, it can be reported as
> such. Anything else can be reported as a "potential problem".
This seems a reasonably good idea. I was thinking at one point of adding it
to the cygwin crashdump routines invoked after fork() errors.
> A database of known offenders' fingerprints can be built up from the
> submitted cygcheck output once a problem has been resolved. It may
> also be worth building up a whitelist of known innocent fingerprints.
Yep.
> I don't know what the sysinternals license was before MS closed-sourced
> their apps, but my guess is that it would be necessary to reverse-
> engineer their technique.
No, absolutely no need at all, it's all reasonably well-documented and
understood stuff.
cheers,
DaveK
--
Can't think of a witty .sigline today....