BitDefender again

Michael Kairys kairys@comcast.net
Wed Aug 26 00:10:00 GMT 2009 

BitDefender AntiVirus 2009 and Cygwin got along fine, but when I upgraded to 
2010 all my Cygwin-based apps started crashing. If I turn off their "Active 
Virus Control" the problem goes away.

They offer this advice:

=====================================
There is an incompatibility between cygwin and BitDefender AVC (Behavioral 
Scanner).

I'm going to get a little bit technical here in order to explain in detail 
what is happening :

Unfortunately, cygwin1.dll has a hardcoded image loading base (0x61000000) 
wich conflicts with one of the BitDefender AVC plugins injected into 
processes for monitoring their behaviour. Since, to offer maximum 
protection, the BitDefender AVC dlls are among the first to be loaded in the 
address space of any process, and well before cygwin1.dll, the cygwin1.dll 
cannot load at its desired image base, thus generating crashes. In a general 
purpose DLL written for Windows, this is not a problem, since such dll can 
work being loaded at any imagebase. But this is not the case for cygwin, 
wich insists on loading at the fixed address, and if not, generating 
crashes.

Now, how to fix :

1. Temporary disable AVC (BitDefender->Antivirus->Advanced Settings, uncheck 
AVC).
2. Make sure all cygwin applications are closed.
3. Open a cmd line and enter the following :
cd c:\cygwin\bin
copy cygwin1.dll cygwin_orig.dll
copy cygwin1.dll cygwin_tmp.dll
rebase -b 0x35000000 cygwin_tmp.dll
copy cygwin_tmp.dll cygwin1.dll
4. Reenable AVC (BitDefender->Antivirus->Advanced Settings, check AVC)

Try now to run cygwin.

By doing the above, we remapped cygwin1.dll to another imagebase 
(0x35000000). If it still does not work, please try remapping at various 
imagebases (such as 0x30000000 or 0x40000000 or 0x25000000 etc) until you 
find one that works.
=======================================

I have a very limited understanding here, enough to run rebaseall (which 
I've done) and that's about it. Can someone please interpret the above for 
me and tell me if there's anything I can do besides shop for a new AV vendor 
(again :)



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list