"Attempt to execute non-executable address" on Server 2008 when ?Terminal Services installed

"Attempt to execute non-executable address" on Server 2008 when ?Terminal Services installed

Post by Corinna Vi » Thu, 30 Oct 2008 19:40:00



Thanks for the hint. I checked the initialization process and there are
only two cases in which VirtualProtect could be called at init time:

- Fixing inherited shared memory regions created by the parent process
using the POSIX mmap call in the child process after fork.
- Reloading shared libraries dynamically loaded by the parent process
using the LD_PRELOAD mechanism in the child process after fork.

Both cases are only triggered by a fork() and there's no fork involved
in the crashing cases. In fact, bash already crashes when called
immediately or through a cmd script. To be sure I debugged this again
and no VirtualProtect call within Cygwin gets called.

Thanks all the same. Every idea could be helpful.


Corinna

--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
 
 
 

"Attempt to execute non-executable address" on Server 2008 when ?Terminal Services installed

Post by Pavel A » Thu, 30 Oct 2008 21:45:37

So what is so special in calling a user function from main()?
The init code by itself calls many library subroutines,
and main itself is called ok.
Can it be something related with how the loader
interprets section names of user code vs. library routines...
are they in same .text section? Have unusual attributes?

--PA

 
 
 

"Attempt to execute non-executable address" on Server 2008 when ?Terminal Services installed

Post by roger.or » Thu, 30 Oct 2008 23:15:26

Sorry the suggestion didn't help.

Just a thought -- if you run this inside windbg what does !vadump
report for the segment containing the faulting address?

Roger.
 
 
 

"Attempt to execute non-executable address" on Server 2008 when ?Terminal Services installed

Post by Corinna Vi » Fri, 31 Oct 2008 00:58:37

Hi Pavel,



Yes, that's the basic question. Especially, why is it special only
with Terminal Services installed while it runs fine with DEP on a
non-TS server?


Right.


Not that I could see. The applications have only a small number
of segments. That's the output of `objdump -h bash.exe':

bash.exe: file format pei-i386

Sections:
Idx Name Size VMA LMA File off Algn
0 .text 000590a8 00401000 00401000 00000400 2**4
CONTENTS, ALLOC, LOAD, CODE
1 .data 00002380 0045b000 0045b000 00059600 2**5
CONTENTS, ALLOC, LOAD, DATA
2 .rdata 00012e20 0045e000 0045e000 0005ba00 2**5
CONTENTS, ALLOC, LOAD, READONLY, DATA
3 .bss 00003178 00471000 00471000 00000000 2**3
ALLOC
4 .idata 00003e3c 00475000 00475000 0006ea00 2**2
CONTENTS, ALLOC, LOAD, DATA

The start addresses of the crashing application functions are well
within the .text code segment. That's why this is so puzzeling.


Corinna

--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat