07 June 2009

Cygwin1.dll and the mysterious version problem

As i started computing on Linux/FreeBSD, I still my little habits to parse logs (awk/sed/cat/sort/uniq…).
Recently, cygwin, a Unix shell port on Windows, stopped working:

cygwin

So there is a trouble with cygwin1.dll. Indeed, i am also using another tool, John the ripper, that has been ported to Windows through cygwin.
But the DLL for JTR is much older than the one included in my cygwin. Starting in the reverse order gives same result, except it's JTR that crash for same reason.

Procmon from Sysinternals confirm that each program load its own cygwin1.dll. But cygwin doesn't read the DLL file, instead it just do a "Load image". JTR does it, but after reading the DLL file:

procmon

Process Explorer helps me to point out the root cause. Cygwin1.dll uses a section type handle that have the same name, anyway which version of the DLL is used.

Handles for JTR:
cygwin1_processexplorer_jtr

Handles for cygwin itself (bash.exe)cygwin1_processexplorer_cygwin

I could confirm the diagnostic using a feature of Process Explorer: close an handle inside a process:

cygwin1_processexplorer_jtr_close

The cygwin shell is now working while JTR is also running. The thing is that i don't what could be the consequences in JTR:

cygwin

No comments: