-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
395 lines (311 loc) · 18 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
$Id$
Abstract:
================================================================================
The Cygwin rebase distribution contains four utilities, rebase, rebaseall,
peflags, and peflagsall. The first utility is modeled after Microsoft's SDK
rebase. However, instead of linking rebase against Microsoft's imagehlp
library, it is linked against Ralf Habacker's imagehelper library.
The following are the advantages of using Ralf's library:
1. rebase can be a Cygwin application. If rebase is linked against
Microsoft's imagehlp library, then it must be a Mingw application.
This is because imagehlp is dependent on Microsoft's C runtime and
therefore cannot be used in an application that is dependent on
another C runtime (i.e., Cygwin).
2. With recent improvements, libimagehelper supports operations on
64bit objects, and can itself be compiled as either a 32bit or
64bit library.
3. rebase can be used on Windows Me. For some reason, Microsoft's
imagehlp.dll does not function properly on this platform.
4. Ralf's imagehelper library also provides FixImage() which fixes
bad relocations in DLLs that can be caused by stripping.
I would like to thank Ralf Habacker for providing the imagehelper
library. This library has enabled me to create a rebase utility that
is usable by all Cygwin user (regardless of platform) on all DLLs
(regardless of stripping).
I would like to thank Chuck Wilson for providing peflags and peflagsall. This
enables Cygwin to take advantage of the Address Space Layout Randomization
facility on Windows Vista and later.
Background
================================================================================
The rebaseall utility is a convenient way for users that suffer from the
Cygwin rebase problem to rebase their entire system (i.e., all of their
DLLs). The following is a list of known Cygwin applications that are
affected by the rebase problem:
Apache
Perl
Python
The rebase problem is due to fork() failing when it is unable to load
DLLs in the child at the same address as in the parent. This is caused
by DLLs which have conflicting base addresses. An error message like
the following will be displayed when the problem is triggered:
C:\cygwin\bin\python.exe: *** unable to remap C:\cygwin\bin\cygssl.dll to same address as parent(0xDF0000) != 0xE00000
Note that rebaseall is only a stop-gap measure. Eventually the rebase
functionality will be added to Cygwin's setup.exe, so that rebasing will
happen automatically.
On Vista and newer, it is possible to employ the Address Space Layout
Randomization facility to help solve the image load address clashing
problem:
Since Windows relies on relocations instead of position
independent code, a DLL must be loaded at the same address
in each process that uses it to allow the physical memory
used by the DLL to be shared. To facilitate this behaviour,
a global bitmap called _MiImageBitMap is used to represent
the address space from 0x50000000 to 0x78000000. The bitmap
is 0x2800 bits in length with each bit representing 64KB
of memory. As each DLL is loaded, its position is recorded
by setting the appropriate bits in the bitmap to mark the
memory where the DLL is being mapped. When the same DLL
is loaded in another process, its section object is reused
and it is mapped at the same virtual addresses.
http://taossa.com.nyud.net:8080/archive/bh08sotirovdowd.pdf
Thus, IF all cygwin dlls (except cygwin1.dll) -- or, at least the
ones for which you often get the *** unable to remap *** error --
are marked ASLR-compatible, then the Windows runtime loader can be
coerced into ensuring that the DLLs are loaded at the same memory
location for all concurrent processes. After using the peflagsall
utility to mark the dlls appropriately, you may need to reboot to
cause Windows to take notice.
Requirements:
================================================================================
The following packages or later are required to build and/or execute Cygwin
rebase/peflags, and/or rebaseall/peflagsall:
binutils 2.20.51-2
cygwin 1.7.9-1
dash 0.5.6.1-2
gcc4 4.3.4-4
coreutils 8.10-1
grep 2.6.3-1
gzip 1.4-1
sed 4.2.1-1
w32api 3.17-2
Install:
================================================================================
Cygwin rebase does not require any special installation procedures.
If the database is used, Cygwin and MSYS rebase will expect to find the
databases:
/etc/rebase.db.i386
/etc/rebase.db.x86_64
For MinGW, the database location is deduced as
<location-of-rebase.exe>/../etc/rebase.db.i386
<location-of-rebase.exe>/../etc/rebase.db.x86_64
rebaseall, by default, uses the database.
Usage:
================================================================================
Use the following procedure to rebase your entire system:
1. shutdown all Cygwin processes and services
2. start ash or dash (do not use bash or a terminal emulator like rxvt
or mintty). The easiest way to do this is to use Windows Explorer
and navigate to the top level of your cygwin installation, and
double-click ash.exe or dash.exe in the bin/ directory.
3. execute /bin/rebaseall (in the ash/dash window)
If you get any errors due to DLLs being in-use or read-only, then take the
appropriate action and rerun rebaseall. Otherwise, you run the risk of fork()
failing.
Use a similar procedure to set the peflags for all cygwin executables and
dlls on your entire system:
1. shutdown all Cygwin processes and services
2. start ash or dash (do not use bash or a terminal emulator like rxvt
or mintty). The easiest way to do this is to use Windows Explorer
and navigate to the top level of your cygwin installation, and
double-click ash.exe or dash.exe in the bin/ directory.
3. execute /bin/peflagsall (in the ash window)
Both procedures may be combined into a single, 4-step procedure if desired.
Note that by default, peflagsall will set the tsaware flag on all executables
(ash.exe and peflags.exe themselves excluded), and will remove the dynamicbase
flag on all 'dll', 'so' and 'oct' files (cygwin1.dll and cyglsa64.dll excluded).
If you are used to using the -s option with rebaseall, to add additional
suffixes to the rebase list (such as .oct), be warned that peflags behaves
differently. If you specify custom suffixes, you must restate the default
ones, AND explicitly specify what action to perform; peflagsall disables
all default behavior when custom settings are used. For instance:
peflagsall -s oct -s dll -s so -s exe -d 1 -t 1
^^^^^^ ^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^
custom restate default restate
suffix suffixes default actions
Whereas rebaseall only has a single action, and new suffixes are added
to the existing default set of suffixes. See 'Command line syntax', in
the next section.
Command line syntax
================================================================================
rebaseall
--------------------------------------------------------------------------------
The following is the rebaseall command line syntax:
rebaseall [-b BaseAddress] [-o Offset] [-s DllSuffix] [-T FileList | -] [-4|-8] [-p] [-t] [-v]
where:
-b => base address used by rebase (default: 0x70000000)
-o => offset between each DLL rebased (default: 0x10000 MinGW/MSYS, 0x0 Cygwin)
-p => skip test for running ash or dash only. This option is supposed to
be used by Cygwin's setup tool. Only use it if you know what you're
doing!
-s => specify DLL suffix, use multiple if necessary (default: dll, so, oct)
-T => specify filelist (or stdin) to list additional files
-4 => operate only on 32bit objects (ignore 64bit objects) (*)
-8 => operate only on 64bit objects (ignore 32bit objects) (*)
-t => change modification timestamp of successfully rebased files
-v => verbose (default: off)
(*) -4 and -8 are mutually exclusive. -4 is the default if rebaseall is
executed in a 32bit environment; -8 is the default if rebaseall is executed
64bit environment.
rebaseall now uses the database functionality provided by rebase. See the
description below.
peflagsall
--------------------------------------------------------------------------------
The following is the peflagsall command line syntax:
peflagsall [-p extra_args] [-d bool] [-t bool] [-s suffix] [-T FileList | -] [-vnh]
When invoked with no arguments, peflagsall modifies every cygwin exe|dll|so|oct
on the system: .exe files have their tsaware flag set, while .dll, .so and .oct
files have their dynamicbase flag removed. However, if any of [-d|-t|-s] are
specified then ONLY the actions so specified will occur.
-p extra_args pass extra_args to peflags.exe
-d bool set the dynamicbase flag to 'bool' on all specified files
-t bool set the tsaware flag to 'bool' on all specified files
-s suffix search for all files with the specified suffix(es)
default: 'exe|dll|so|oct'
-T FileList in addition to files located via the normal search and
suffix list, also operate on files listed in FileList
May be '-' which indicates stdin
-n do not modify any files, but display the peflags commands
-k keep all temporary files
-v verbose mode
-h show this help
bool may be '0', '1', 'true', 'false', 'yes', or 'no'
Note: peflagsall will NOT set the dynamicbase flag on executables, nor will
it set the tsaware flag on dlls. If you must do this, use peflags itself
rebase
--------------------------------------------------------------------------------
The following is the rebase command line syntax:
rebase [OPTIONS] [FILE]...
Rebase PE files, usually DLLs, to a specified address or address range.
-4, --32 Only rebase 32 bit DLLs. (*)
-8, --64 Only rebase 64 bit DLLs. (*)
-b, --base=BASEADDRESS Specifies the base address at which to start rebasing.
-s, --database Utilize the rebase database to find unused memory
slots to rebase the files on the command line to.
(Implies -d).
If -b is given, too, the database gets recreated.
-O, --oblivious Do not change any files already in the database
and do not record any changes to the database.
(Implies -s).
-i, --info Rather then rebasing, just print the current base
address and size of the files. With -s, use the
database. The files are ordered by base address.
A '*' at the end of the line is printed if a
collisions with an adjacent file is detected.
One of the options -b, -s, -O or -i is mandatory. If no rebase database
exists yet, -b is required together with -s.
-d, --down Treat the BaseAddress as upper ceiling and rebase
files top-down from there. Without this option the
files are rebased from BaseAddress bottom-up.
With the -s option, this option is implicitly set.
-n, --no-dynamicbase Remove PE dynamicbase flag from rebased DLLs, if set.
-o, --offset=OFFSET Specify an additional offset between adjacent DLLs
when rebasing. Default is no offset.
-t, --touch Use this option to make sure the file's modification
time is bumped if it has been successfully rebased.
Usually rebase does not change the file's time.
-T, --filelist=FILE Also rebase the files specified in FILE. The format
of FILE is one DLL per line.
-q, --quiet Be quiet about non-critical issues.
-v, --verbose Print some debug output.
-V, --version Print version info and exit.
-h, --help, --usage This help.
(*) -4 and -8 are mutually exclusive. -4 is the default if rebase.exe itself
was compiled as a 32bit application; -8 is the default if rebase.exe is
a 64bit application.
There are actually two separate database files, for 32bit and 64bit objects.
On Cygwin and MSYS, these are:
/etc/rebase.db.i386
/etc/rebase.db.x86_64
For MinGW, the database location is deduced as
<location-of-rebase.exe>/../etc/rebase.db.i386
<location-of-rebase.exe>/../etc/rebase.db.x86_64
The (optional) database allows to easily rebase new DLLs so that they don't
collide with other DLLs which already have been rebased. Because rebaseall uses
the database, rebaseall will now only rebase new DLLs, or those DLLs which
have been updated -- e.g. their current ImageBase does not match the value in
the database, or their size has changed (grown) such that they no longer 'fit'
in the previously-assigned location. (If an updated DLL still fits in its
previously-assigned location, it will be rebased back to that location).
Thus, the (optional) database allows to keep an installation in a stable
state, and only modifies the ImageBase of DLLs when absolutely necessary.
A complete rebase can be forced by (a) specifying -b to either rebase.exe
itself, or to rebaseall, or (b) deleting the existing database files and
re-running rebase/rebaseall.
peflags
--------------------------------------------------------------------------------
The following is the peflags command line syntax:
Usage: peflags [OPTIONS] file(s)...
Sets, clears, or displays various flags in PE files (that is,
exes and dlls). For each flag, if an argument is given, then
the specified flag will be set or cleared; if no argument is
given, then the current value of that flag will be displayed.
-d, --dynamicbase [BOOL] Image base address may be relocated using
address space layout randomization (ASLR)
-f, --forceinteg [BOOL] Code integrity checks are enforced
-n, --nxcompat [BOOL] Image is compatible with data execution
prevention
-i, --no-isolation [BOOL] Image understands isolation but do not
isolate the image
-s, --no-seh [BOOL] Image does not use SEH. No SE handler may
be called in this image
-b, --no-bind [BOOL] Do not bind this image
-W, --wdmdriver [BOOL] Driver uses the WDM model
-t, --tsaware [BOOL] Image is Terminal Server aware
-w, --wstrim [BOOL] Aggressively trim the working set.
-l, --bigaddr [BOOL] The application can handle addresses
larger than 2 GB
-S, --sepdbg [BOOL] Debugging information was removed and
stored separately in another file.
-T, --filelist FILE Indicate that FILE contains a list
of PE files to process
-v, --verbose Display diagnostic information
-V, --version Display version information
-h, --help Display this help
BOOL: may be 1, true, or yes - indicates that the flag should be set
if 0, false, or no - indicates that the flag should be cleared
if not present, then display symbolicly the value of the flag
Valid forms for short options: -d, -d0, -d1, -dfalse, etc
Valid forms for long options : --tsaware, --tsaware=true, etc
To set a value, and display the results symbolic, repeat the option:
--tsaware=true --tsaware -d0 -d
Source:
================================================================================
Cygwin rebase builds OOTB under Cygwin, MinGW, and MSYS. It also can be compiled
using the 64bit mingw64 compiler: x86_64-w64-mingw32-gcc. Cross compilation is
(somewhat) supported, but YMMV.
Build:
================================================================================
See build.sh in the source archive for my exact build recipe for configuring,
making, and packaging this distribution.
Test:
================================================================================
rebase does not contain any regression tests.
peflagsall may be invoked with the -n, -k, and -v options to allow inspection
of what it WOULD do, without actually doing it.
peflags will make no changes to any files unless it is given an flagname
argument *with* a boolean value for that flag (0 or 1). If no boolean argument
is provided, then peflags will merely display the current value of the flag in
the specified files.
Issues:
================================================================================
The following are the known Cygwin rebase issues:
1. rebase should be integrated with Cygwin's setup.exe.
2. rebase does not handle in-use DLLs.
3. rebase skips read-only DLLs.
Issues #1, #2, and #3 also apply to the peflags utility.
Homepage:
================================================================================
The primary rebase web site is:
http://www.tishler.net/jason/software/rebase/
Download:
================================================================================
The primary rebase download site is:
http://www.tishler.net/jason/software/rebase/
Access to the CVS development sources is available:
cvs -d:pserver:anoncvs@cygwin.com:/cvs/cygwin-apps co rebase
Mailing Lists:
================================================================================
Please report problems, suggestions, etc. to <cygwin@cygwin.com>.
Maintainer:
================================================================================
Jason Tishler <jason@tishler.net>