The Big List of Dodgy Apps
Brian Dessent
brian@dessent.net
Tue Mar 20 18:45:00 GMT 2007
Dave Korn wrote:
> > I would think it was possible to have cygcheck do something like
> > sysinternals' process explorer does to get the DLL list, but to do it
> > only on itself - essentially asking the question "to which DLLs am I
> > linked?" The expected DLLs can be eliminated from all enquiries. If
> > the fingerprint of a known offender is detected, it can be reported as
> > such. Anything else can be reported as a "potential problem".
>
> This seems a reasonably good idea. I was thinking at one point of adding it
> to the cygwin crashdump routines invoked after fork() errors.
It won't work to check "to which DLLs am I linked", at least not in the
way of inspecting the PE headers of the file on disk. The injecting is
dynamic, through system hook functions, so you have to use the
DebugHlp/ImageHlp libraries to inspect the process space, IIRC.
Brian
More information about the Cygwin-talk
mailing list