I have written a Windows service which is logging user activities of the Windows system and makes a REST API request to the server for preserving data..
But I am facing the issue that when the system starts it causes the user System to hang.
Window Application log Reports:
Version=1
EventType=ServiceHang
EventTime=130095268907958116
ReportType=3
Consent=1
UploadTime=130123814084883007
ReportIdentifier=6fe19abe-9ce8-11e2-afdf-00218508c07c
Response.BucketId=6956ff7a549827f0fa19859393538633
Response.BucketTable=5
Response.LegacyBucketId=-743991677
Response.type=4
Sig[0].Name=Service Name
Sig[0].Value=DMAService
Sig[1].Name=Image Name
Sig[1].Value=Com.Altair.DMA.DMAService.exe"
Sig[2].Name=Image Version
Sig[2].Value=0.0.0.0
Sig[3].Name=Service Type
Sig[3].Value=10
Sig[4].Name=Start Type
Sig[4].Value=2
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=6.2.9200.2.0.0.768.101
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=1033
LoadedModule[0]=C:\Program Files\Altair Engineering Inc\DMAService\Com.Altair.DMA.DMAService.exe
LoadedModule[1]=C:\WINDOWS\SYSTEM32\ntdll.dll
LoadedModule[2]=C:\WINDOWS\SYSTEM32\MSCOREE.DLL
LoadedModule[3]=C:\WINDOWS\system32\KERNEL32.dll
LoadedModule[4]=C:\WINDOWS\system32\KERNELBASE.dll
LoadedModule[5]=C:\WINDOWS\system32\ADVAPI32.dll
LoadedModule[6]=C:\WINDOWS\system32\msvcrt.dll
LoadedModule[7]=C:\WINDOWS\SYSTEM32\sechost.dll
LoadedModule[8]=C:\WINDOWS\system32\RPCRT4.dll
LoadedModule[9]=C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
LoadedModule[10]=C:\WINDOWS\system32\SHLWAPI.dll
LoadedModule[11]=C:\WINDOWS\system32\USER32.dll
LoadedModule[12]=C:\WINDOWS\system32\GDI32.dll
LoadedModule[13]=C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
LoadedModule[14]=C:\WINDOWS\SYSTEM32\MSVCR110_CLR0400.dll
LoadedModule[15]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dll
LoadedModule[16]=C:\WINDOWS\system32\ole32.dll
LoadedModule[17]=C:\WINDOWS\SYSTEM32\combase.dll
LoadedModule[18]=C:\WINDOWS\SYSTEM32\CRYPTBASE.dll
LoadedModule[19]=C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll
LoadedModule[20]=C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
LoadedModule[21]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\a7811936e59aaee26b1d9d467174d6d4\System.ni.dll
LoadedModule[22]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\1f3dbc5b0a874bf49a4559e71274f8ba\System.ServiceProcess.ni.dll
LoadedModule[23]=C:\WINDOWS\SYSTEM32\VERSION.dll
LoadedModule[24]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\cb1bedf1f9e8972aa76ad73f725b964b\System.Management.ni.dll
LoadedModule[25]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\05cc6faa6704d01e78700561b22937e3\System.Configuration.ni.dll
LoadedModule[26]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\e1ec8b9a6d4f9af9d6065c4187fb1b5f\System.Xml.ni.dll
LoadedModule[27]=C:\WINDOWS\SYSTEM32\CRYPTSP.dll
LoadedModule[28]=C:\WINDOWS\system32\rsaenh.dll
LoadedModule[29]=C:\Windows\Microsoft.NET\Framework\v4.0.30319\wminet_utils.dll
LoadedModule[30]=C:\WINDOWS\system32\OLEAUT32.dll
LoadedModule[31]=C:\WINDOWS\SYSTEM32\clbcatq.dll
LoadedModule[32]=C:\WINDOWS\system32\wbem\wmiutils.dll
LoadedModule[33]=C:\WINDOWS\SYSTEM32\wbemcomn.dll
LoadedModule[34]=C:\WINDOWS\system32\WS2_32.dll
LoadedModule[35]=C:\WINDOWS\system32\NSI.dll
LoadedModule[36]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\0247de206c1c48ac4f8b55df16468405\System.Core.ni.dll
LoadedModule[37]=C:\WINDOWS\system32\wbem\wbemprox.dll
LoadedModule[38]=C:\WINDOWS\system32\wbem\wbemsvc.dll
LoadedModule[39]=C:\WINDOWS\system32\wbem\fastprox.dll
LoadedModule[40]=C:\WINDOWS\SYSTEM32\rasapi32.dll
LoadedModule[41]=C:\WINDOWS\SYSTEM32\rasman.dll
LoadedModule[42]=C:\WINDOWS\SYSTEM32\rtutils.dll
LoadedModule[43]=C:\WINDOWS\system32\mswsock.dll
LoadedModule[44]=C:\WINDOWS\SYSTEM32\winhttp.dll
LoadedModule[45]=C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL
LoadedModule[46]=C:\WINDOWS\SYSTEM32\WINNSI.DLL
LoadedModule[47]=C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL
LoadedModule[48]=C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL
State[0].Key=Transport.DoneStage1
State[0].Value=1
State[1].Key=Headless.2ndLevelConsentNeeded
State[1].Value=1
File[0].CabName=WERInternalMetadata.xml
File[0].Path=WER756D.tmp.WERInternalMetadata.xml
File[0].Flags=327682
File[0].Type=5
File[0].Original.Path=C:\Windows\Temp\WER756D.tmp.WERInternalMetadata.xml
File[1].CabName=memory.hdmp
File[1].Path=WER761A.tmp.hdmp
File[1].Flags=2162688
File[1].Type=3
File[1].Original.Path=C:\Windows\Temp\WER761A.tmp.hdmp
File[2].CabName=minidump.mdmp
File[2].Path=WERAEA7.tmp.mdmp
File[2].Flags=2359298
File[2].Type=2
File[2].Original.Path=C:\Windows\Temp\WERAEA7.tmp.mdmp
FriendlyEventName=Service Hang Report
ConsentKey=ServiceHang
AppName=DMAService
AppPath="C:\Program Files\Altair Engineering Inc\DMAService\Com.Altair.DMA.DMAService.exe"
ReportDescription=Service DMA Service hung on starting
But I am not able to decipher what is cause making service to hang at warm boot (the service is running in elevated permission).
Can I debug my service when the system starts?
Related
Summary: EventWaitHandle.OpenExisting() and MemoryMappedFile.OpenExisting() both failing but only on one PC out of a ~hundred.
Detail: I have a program that uses an EventWaitHandle to allow a client C# object to wait for a worker object to update some data shared through MMF. This is in a program that is installed probably on a hundred Win 7 and Win 10 PCs. Works great on every one expect on one stinking PC that a customer has kindly provided to test with... Acer Aspine V5 AMD A6-1450 1Ghz Win10 Home x64.
Here is the code that creates the EventWaitHandle in the client object...
var users = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
// Rule that allows anybody in the "Users" group to synchronize with us...
var rule = new EventWaitHandleAccessRule(users, EventWaitHandleRights.Synchronize | EventWaitHandleRights.Modify, AccessControlType.Allow);
var security = new EventWaitHandleSecurity();
security.AddAccessRule(rule);
Boolean created;
eventWaitHandleForCommands = new EventWaitHandle(
true,
EventResetMode.ManualReset, // Ignored. This instance doesn't reset.
"MyEventWaitHandle78AEE98", // Unique name
out created,
security
);
Here is the code that opens the EventWaitHandle in the worker object...
handleDomeCommand = EventWaitHandle.OpenExisting("MyEventWaitHandle78AEE98");
Here is the exception that occurs on that line when run on the Acer Aspine machine...
Exception = WaitHandleCannotBeOpenedException
Message = "No handle of the given name exists"
HResult = 8013152C
Now it gets more interesting... recall that I mentioned using MMF as well? So, I commented out the EventWaitHandle.OpenExisting() so that the worker object could move on to opening the MMF with the following call...
memMappedFile = MemoryMappedFile.OpenExisting("MyMMF_78AEE98", MemoryMappedFileRights.ReadWrite);
Which then bombs out with the exception below but only on this PC (about a hundred other installs it is OK!)...
Exception = System.IO.FileNotFoundException
Message = "Unable to find the specified file"
HResult = 80070002
By the way, the MMF was created in the client object as follows...
MemoryMappedFileSecurity CustomSecurity = new MemoryMappedFileSecurity();
CustomSecurity.AddAccessRule(new
AccessRule<MemoryMappedFileRights>("everyone", MemoryMappedFileRights.FullControl, AccessControlType.Allow));
mmfDome = MemoryMappedFile.CreateNew("MyMMF_78AEE98", MMF_CommandOffsets.MMF_Size,
MemoryMappedFileAccess.ReadWrite, MemoryMappedFileOptions.None, CustomSecurity, System.IO.HandleInheritability.Inheritable);
So, it seems this PC is jinxed but I've been around enough to know if it is a problem with one customers others will follow.
Other things I tried...
Tried setting MS Visual Studio Solution Platforms from "Any CPU" to x86. Did not help.
Thinking that this behavior might be due to the Acer Aspine PC being super slow, and the OS/NET-core might not have gotten around to creating the EventWaitHandle by the time my worker object opened it, I put 4 sequential message box pop-ups in between creation and "open existing"... did not help.
Turn on/off Norton anti-virus... did not help.
Install Norton anti-virus on another PC... my program works fine running with Norton on this other PC.
Run as admin... did not help
Tried putting "Global\" in front of the EventWaitHandle name... did not help.
So, looking for suggestions/thoughts. Thanks! /Chris
I'm currently working on a C# Windows Service.
I'm logging various things to the Windows Event Log, and using the Event Viewer to check the results.
As happens during development, things don't work, and every now and then Service would break and the Windows Error Reporting would log lots of entries like
Fault bucket , type 0
Event Name: CLR20r3
Response: Not available
Cab Id: 0
Problem signature:
P1: MyServiceName.exe
P2: 1.0.0.0
P3: 5b9fcf54
P4: MyServiceName
P5: 1.0.0.0
P6: 5b9fcf54
P7: 280
P8: 16e
P9: System.NullReferenceException
P10:
Attached files:
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF8E3.tmp.WERInternalMetadata.xml
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MyServiceName_...
Analysis symbol:
Rechecking for solution: 0
Report Id: 7c7efe65-6759-4a75-8581-72bc12182800
Report Status: 100
Hashed bucket:
Cab Guid: 0
All fair enough, or so I thought.
The problem is that I'm getting these reports at random times as well.
It might log them after five minutes, or half an hour, or anywhere in between.
I started off thinking something was broken, and trying to find the bug, but then it logged a load of errors while the service was uninstalled. Not just not running, completely uninstalled.
I have now tried all of the following, and I am STILL getting these random Windows Error Reporting logs, which is making it impossible to tell actual problems from this random junk:-
1) Uninstall the Service
It's not showing up in the Services App list.
If I start a Command Prompt in Administrator mode and type:
C:\WINDOWS\system32>sc queryex MyServiceName
it returns
[SC] EnumQueryServicesStatus:OpenService FAILED 1060:
The specified service does not exist as an installed service.
If I look through Processes and Services in Task Manager, nothing shows up
The service is uninstalled!
2) Rebooting
Just in case something was still in memory
3) Deleting every reference to MyServiceName in the Windows Registry
In case these was a dodgy registry key still kicking about
4) Rebooting
If all else fails...
5) Deleting the .EXE file
So there's no way it can be loaded and run
6) Rebooting yet again
Because why not!
And still, within a few minutes of rebooting, there they are...
Fault bucket , type 0
Event Name: CLR20r3
Response: Not available
Cab Id: 0
Problem signature:
P1: MyServiceName.exe
P2: 1.0.0.0
P3: 5b9fcf54
P4: MyServiceName
P5: 1.0.0.0
P6: 5b9fcf54
P7: 280
P8: 16e
P9: System.NullReferenceException
P10:
Attached files:
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF8E3.tmp.WERInternalMetadata.xml
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MyServiceName_...
Analysis symbol:
Rechecking for solution: 0
Report Id: 7c7efe65-6759-4a75-8581-72bc12182800
Report Status: 100
Hashed bucket:
Cab Guid: 0
And a couple of dozen others just like it.
I haven't installed or run the Service since I started trying to get rid of these random errors, and as I mentioned I've even deleted the .EXE files so it can't be installed or run.
Anyone know why I'm still getting this random junk, and more importantly how to stop it?
Edit: JuanR asked for the AppCrash file, so here it is:-
Version=1
EventType=CLR20r3
EventTime=131817392609639254
ReportType=2
Consent=1
UploadTime=131817585683279486
ReportStatus=100
ReportIdentifier=428e2b66-f3ae-461f-8221-df0633ba6dad
IntegratorReportIdentifier=e2ac36e7-3506-403f-9efc-cd22cfac94da
Wow64Host=34404
Wow64Guest=332
NsAppName=MyServiceName.exe
OriginalFilename=MyServiceName.exe
AppSessionGuid=000015b4-0000-0007-71e5-c234384fd401
TargetAppId=W:00064dae5f701edaa06ce44c0466d2ceb81300000000!0000a6504bbe6f18e0042ad1f80d12f5a7c97896d572!MyServiceName.exe
TargetAppVer=2018//09//18:10:11:10!0!MyServiceName.exe
BootId=4294967295
ServiceSplit=13
TargetAsId=2065
IsFatal=1
Response.type=4
Sig[0].Name=Problem Signature 01
Sig[0].Value=MyServiceName.exe
Sig[1].Name=Problem Signature 02
Sig[1].Value=1.0.0.0
Sig[2].Name=Problem Signature 03
Sig[2].Value=5ba0cf3e
Sig[3].Name=Problem Signature 04
Sig[3].Value=System
Sig[4].Name=Problem Signature 05
Sig[4].Value=4.7.3151.0
Sig[5].Name=Problem Signature 06
Sig[5].Value=5b44403a
Sig[6].Name=Problem Signature 07
Sig[6].Value=2da3
Sig[7].Name=Problem Signature 08
Sig[7].Value=11f
Sig[8].Name=Problem Signature 09
Sig[8].Value=System.Security.Security
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=10.0.17134.2.0.0.256.48
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=2057
DynamicSig[22].Name=Additional Information 1
DynamicSig[22].Value=2beb
DynamicSig[23].Name=Additional Information 2
DynamicSig[23].Value=2beba6fb4680d73a8c78ca7c24ccdb46
DynamicSig[24].Name=Additional Information 3
DynamicSig[24].Value=b1f0
DynamicSig[25].Name=Additional Information 4
DynamicSig[25].Value=b1f0b380dbcd74b72a4df4e63607c2ae
UI[2]=C:\TFSOnline\Tools\MyServiceName\MyServiceName\bin\Debug\MyServiceName.exe
UI[5]=Check online for a solution (recommended)
UI[6]=Check for a solution later (recommended)
UI[7]=Close
UI[8]=MyServiceName stopped working and was closed
UI[9]=A problem caused the application to stop working correctly. Windows will notify you if a solution is available.
UI[10]=&Close
LoadedModule[0]=C:\TFSOnline\Tools\MyServiceName\MyServiceName\bin\Debug\MyServiceName.exe
LoadedModule[1]=C:\WINDOWS\SYSTEM32\ntdll.dll
LoadedModule[2]=C:\WINDOWS\SYSTEM32\MSCOREE.DLL
LoadedModule[3]=C:\WINDOWS\System32\KERNEL32.dll
LoadedModule[4]=C:\WINDOWS\System32\KERNELBASE.dll
LoadedModule[5]=C:\WINDOWS\System32\ADVAPI32.dll
LoadedModule[6]=C:\WINDOWS\System32\msvcrt.dll
LoadedModule[7]=C:\WINDOWS\System32\sechost.dll
LoadedModule[8]=C:\WINDOWS\System32\RPCRT4.dll
LoadedModule[9]=C:\WINDOWS\System32\SspiCli.dll
LoadedModule[10]=C:\WINDOWS\System32\CRYPTBASE.dll
LoadedModule[11]=C:\WINDOWS\System32\bcryptPrimitives.dll
LoadedModule[12]=C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
LoadedModule[13]=C:\WINDOWS\System32\SHLWAPI.dll
LoadedModule[14]=C:\WINDOWS\System32\combase.dll
LoadedModule[15]=C:\WINDOWS\System32\ucrtbase.dll
LoadedModule[16]=C:\WINDOWS\System32\GDI32.dll
LoadedModule[17]=C:\WINDOWS\System32\gdi32full.dll
LoadedModule[18]=C:\WINDOWS\System32\msvcp_win.dll
LoadedModule[19]=C:\WINDOWS\System32\USER32.dll
LoadedModule[20]=C:\WINDOWS\System32\win32u.dll
LoadedModule[21]=C:\WINDOWS\System32\kernel.appcore.dll
LoadedModule[22]=C:\WINDOWS\SYSTEM32\VERSION.dll
LoadedModule[23]=C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
LoadedModule[24]=C:\WINDOWS\SYSTEM32\MSVCR120_CLR0400.dll
LoadedModule[25]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\399032397425364b053c532bbbeacc09\mscorlib.ni.dll
LoadedModule[26]=C:\WINDOWS\System32\ole32.dll
LoadedModule[27]=C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
LoadedModule[28]=C:\WINDOWS\System32\OLEAUT32.dll
LoadedModule[29]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6e52f5ddc8a0027c55a2c15df97d50a9\System.ni.dll
LoadedModule[30]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\2d2bc5d43039ac23595b27676dcfcd3b\System.Core.ni.dll
LoadedModule[31]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\ce7b3ccf1b67903e135f62bd847db8dc\System.Configuration.ni.dll
LoadedModule[32]=C:\WINDOWS\System32\shell32.dll
LoadedModule[33]=C:\WINDOWS\System32\cfgmgr32.dll
LoadedModule[34]=C:\WINDOWS\System32\shcore.dll
LoadedModule[35]=C:\WINDOWS\System32\windows.storage.dll
LoadedModule[36]=C:\WINDOWS\System32\profapi.dll
LoadedModule[37]=C:\WINDOWS\System32\powrprof.dll
LoadedModule[38]=C:\WINDOWS\System32\FLTLIB.DLL
LoadedModule[39]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\536177f34c4c0eeb95bcccd76ca90847\System.Xml.ni.dll
LoadedModule[40]=C:\WINDOWS\SYSTEM32\bcrypt.dll
LoadedModule[41]=C:\WINDOWS\SYSTEM32\CRYPTSP.dll
LoadedModule[42]=C:\WINDOWS\system32\rsaenh.dll
LoadedModule[43]=C:\WINDOWS\SYSTEM32\iphlpapi.dll
LoadedModule[44]=C:\WINDOWS\SYSTEM32\DNSAPI.dll
LoadedModule[45]=C:\WINDOWS\System32\WS2_32.dll
LoadedModule[46]=C:\WINDOWS\System32\NSI.dll
LoadedModule[47]=C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL
LoadedModule[48]=C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL
LoadedModule[49]=C:\WINDOWS\SYSTEM32\WINNSI.DLL
LoadedModule[50]=C:\WINDOWS\SYSTEM32\activeds.dll
LoadedModule[51]=C:\WINDOWS\SYSTEM32\adsldpc.dll
LoadedModule[52]=C:\WINDOWS\System32\WLDAP32.dll
LoadedModule[53]=C:\WINDOWS\System32\clbcatq.dll
LoadedModule[54]=C:\WINDOWS\system32\adsldp.dll
LoadedModule[55]=C:\WINDOWS\SYSTEM32\sxs.dll
LoadedModule[56]=C:\WINDOWS\SYSTEM32\wkscli.dll
LoadedModule[57]=C:\WINDOWS\SYSTEM32\cscapi.dll
LoadedModule[58]=C:\WINDOWS\SYSTEM32\netutils.dll
LoadedModule[59]=C:\WINDOWS\SYSTEM32\logoncli.dll
LoadedModule[60]=C:\WINDOWS\system32\mswsock.dll
LoadedModule[61]=C:\Windows\System32\rasadhlp.dll
LoadedModule[62]=C:\WINDOWS\System32\fwpuclnt.dll
LoadedModule[63]=C:\WINDOWS\SYSTEM32\DSPARSE.dll
LoadedModule[64]=C:\WINDOWS\System32\msv1_0.DLL
LoadedModule[65]=C:\WINDOWS\SYSTEM32\NtlmShared.dll
LoadedModule[66]=C:\WINDOWS\SYSTEM32\cryptdll.dll
LoadedModule[67]=C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
LoadedModule[68]=C:\WINDOWS\System32\psapi.dll
LoadedModule[69]=C:\WINDOWS\SYSTEM32\rasapi32.dll
LoadedModule[70]=C:\WINDOWS\SYSTEM32\rasman.dll
LoadedModule[71]=C:\WINDOWS\SYSTEM32\rtutils.dll
LoadedModule[72]=C:\WINDOWS\SYSTEM32\winhttp.dll
LoadedModule[73]=C:\WINDOWS\SYSTEM32\secur32.dll
LoadedModule[74]=C:\WINDOWS\System32\schannel.dll
LoadedModule[75]=C:\WINDOWS\System32\CRYPT32.dll
LoadedModule[76]=C:\WINDOWS\System32\MSASN1.dll
LoadedModule[77]=C:\WINDOWS\SYSTEM32\mskeyprotect.dll
LoadedModule[78]=C:\WINDOWS\SYSTEM32\ncrypt.dll
LoadedModule[79]=C:\WINDOWS\SYSTEM32\NTASN1.dll
LoadedModule[80]=C:\WINDOWS\system32\ncryptsslp.dll
LoadedModule[81]=C:\WINDOWS\Microsoft.Net\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
LoadedModule[82]=C:\WINDOWS\Microsoft.Net\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
LoadedModule[83]=C:\WINDOWS\Microsoft.Net\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
LoadedModule[84]=C:\WINDOWS\SYSTEM32\urlmon.dll
LoadedModule[85]=C:\WINDOWS\SYSTEM32\iertutil.dll
LoadedModule[86]=C:\WINDOWS\SYSTEM32\PROPSYS.dll
LoadedModule[87]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\6e4d9ba028653154945437d7674d20a3\System.Xml.Linq.ni.dll
LoadedModule[88]=C:\WINDOWS\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
LoadedModule[89]=C:\WINDOWS\system32\security.dll
LoadedModule[90]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\5470ed48a2649b4c1fd9e883daa502b9\System.Runtime.Serialization.ni.dll
OsInfo[0].Key=vermaj
OsInfo[0].Value=10
OsInfo[1].Key=vermin
OsInfo[1].Value=0
OsInfo[2].Key=verbld
OsInfo[2].Value=17134
OsInfo[3].Key=ubr
OsInfo[3].Value=286
OsInfo[4].Key=versp
OsInfo[4].Value=0
OsInfo[5].Key=arch
OsInfo[5].Value=9
OsInfo[6].Key=lcid
OsInfo[6].Value=2057
OsInfo[7].Key=geoid
OsInfo[7].Value=242
OsInfo[8].Key=sku
OsInfo[8].Value=48
OsInfo[9].Key=domain
OsInfo[9].Value=1
OsInfo[10].Key=prodsuite
OsInfo[10].Value=256
OsInfo[11].Key=ntprodtype
OsInfo[11].Value=1
OsInfo[12].Key=platid
OsInfo[12].Value=10
OsInfo[13].Key=sr
OsInfo[13].Value=0
OsInfo[14].Key=tmsi
OsInfo[14].Value=48160
OsInfo[15].Key=osinsty
OsInfo[15].Value=3
OsInfo[16].Key=iever
OsInfo[16].Value=11.285.17134.0-11.0.85
OsInfo[17].Key=portos
OsInfo[17].Value=0
OsInfo[18].Key=ram
OsInfo[18].Value=8144
OsInfo[19].Key=svolsz
OsInfo[19].Value=445
OsInfo[20].Key=wimbt
OsInfo[20].Value=0
OsInfo[21].Key=blddt
OsInfo[21].Value=180410
OsInfo[22].Key=bldtm
OsInfo[22].Value=1804
OsInfo[23].Key=bldbrch
OsInfo[23].Value=rs4_release
OsInfo[24].Key=bldchk
OsInfo[24].Value=0
OsInfo[25].Key=wpvermaj
OsInfo[25].Value=0
OsInfo[26].Key=wpvermin
OsInfo[26].Value=0
OsInfo[27].Key=wpbuildmaj
OsInfo[27].Value=0
OsInfo[28].Key=wpbuildmin
OsInfo[28].Value=0
OsInfo[29].Key=osver
OsInfo[29].Value=10.0.17134.286.amd64fre.rs4_release.180410-1804
OsInfo[30].Key=buildflightid
OsInfo[30].Value=39b802d6-2dc5-4161-973b-28cf09eb3ffb
OsInfo[31].Key=edition
OsInfo[31].Value=Professional
OsInfo[32].Key=ring
OsInfo[33].Key=expid
OsInfo[34].Key=containerid
OsInfo[35].Key=containertype
OsInfo[36].Key=edu
OsInfo[36].Value=0
File[0].CabName=WERInternalMetadata.xml
File[0].Path=WERCF72.tmp.WERInternalMetadata.xml
File[0].Flags=327682
File[0].Type=5
File[0].Original.Path=\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERCF72.tmp.WERInternalMetadata.xml
FriendlyEventName=Stopped working
ConsentKey=CLR20r3
AppName=MyServiceName
AppPath=C:\TFSOnline\Tools\MyServiceName\MyServiceName\bin\Debug\MyServiceName.exe
NsPartner=windows
NsGroup=windows8
ApplicationIdentity=9EE7A7FA2D9AD07D426D34AC6F6F0ACA
MetadataHash=1785215478
The path is mentions throughout is
C:\TFSOnline\Tools\MyServiceName\MyServiceName\bin\Debug\MyServiceName.exe
This is one of the EXEs I deleted. I also deleted the one in obj/Debug.
I've scanned the entire drive, using several methods, and no other instances of MyServiceName.exe exist, so it's not been copied anywhere.
And the one thing I realised I never mentioned: it's a Windows 10 machine
Edit #2:
None of the things the Service does, for example adding Windows Event logs, adding database table rows or creating files, are happening at the moment, so I'm reasonably sure the service isn't running.
I had all that working before starting to look into this issue, and haven't changed any of it since, so if it was running I'd expect to still see them.
To check, I've just re-installed the service as it was before, and I'm getting all the entries I expect.
Edit #3:
Tried deleting it with the SC command:-
C:\WINDOWS\system32>sc delete MyServiceName.exe
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
Solved it!
Nothing to do with the Service at all, just Windows being crap as always.
Turns out that every time Windows was logging a message, it was also churning out a load of old messages that had got stuck in its queue, and logging them as new messages.
I ran Disk Cleanup, and told it to clear out all the old error messages, and it's been running for three days now with no errors at all.
For Example: I have installed an application called "RivaTuner Statistics Server v6.6.0" which has made for gamers to show FPS mark on games, since WPF apps are using DirectX, this program attaches a module to my WPF app by mistake which makes it crash (without giving any exceptions) before my app gets loaded, and when I close that program, my app works just fine!
I've fixed this problem by setting RenderOptions.ProcessRenderMode = RenderMode.SoftwareOnly
I also have the same problem with BitDefender antivirus, my program is a VPN Connection software that uses Proxifier app to set global proxy.. When my app begins to start Proxifier process, my app crashes without any exceptions.. by the way BitDefender doesn't detect Proxifier or my app as a virus or threat, it just makes my app crash and Proxifier continues to work without any problem. (Which whitelisting my app got the problem solved).
What I want to know generally, is there any way to prevent DLL injection or stopping it after it attached?
Here is the provided information by EventViewer:
Version=1
EventType=APPCRASH
EventTime=131414331835897163
ReportType=2
Consent=1
UploadTime=131414331849773927
ReportStatus=393
ReportIdentifier=c52be1e0-6378-4555-bddc-cd49f22e98d4
IntegratorReportIdentifier=e415e187-7b4d-4689-92a7-5522957c6300
Wow64Host=34404
NsAppName=TurboVPN.exe
AppSessionGuid=000037d0-0001-0015-6d89-3176a3e0d201
TargetAppId=W:00065bd30e4a6caee77eb9ec126f39eeb11200000000!000072443a77ce17608085aa75f649187cf7129fd9a8!TurboVPN.exe
TargetAppVer=2017//06//08:20:58:47!0!TurboVPN.exe
BootId=4294967295
TargetAsId=3395
Response.BucketId=c2e6858b6015d605f3dea6f209e5a680
Response.BucketTable=4
Response.LegacyBucketId=120776215139
Response.type=4
Sig[0].Name=Application Name
Sig[0].Value=TurboVPN.exe
Sig[1].Name=Application Version
Sig[1].Value=8.0.0.0
Sig[2].Name=Application Timestamp
Sig[2].Value=5939ba87
Sig[3].Name=Fault Module Name
Sig[3].Value=d3d9.dll
Sig[4].Name=Fault Module Version
Sig[4].Value=10.0.15063.0
Sig[5].Name=Fault Module Timestamp
Sig[5].Value=631de416
Sig[6].Name=Exception Code
Sig[6].Value=c0000005
Sig[7].Name=Exception Offset
Sig[7].Value=000000000000fd0c
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=10.0.15063.2.0.0.256.4
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=1033
DynamicSig[22].Name=Additional Information 1
DynamicSig[22].Value=9b4f
DynamicSig[23].Name=Additional Information 2
DynamicSig[23].Value=9b4f78d83ca7cfa07fe4d1531372a428
DynamicSig[24].Name=Additional Information 3
DynamicSig[24].Value=9991
DynamicSig[25].Name=Additional Information 4
DynamicSig[25].Value=99915f8f3f68939dc06e64d116ece58a
UI[2]=C:\Users\Mr\Documents\Visual Studio 2015\Projects\TurboVPN\TurboVPN\bin\Release\TurboVPN.exe
UI[3]=TurboVPN has stopped working
UI[4]=Windows can check online for a solution to the problem.
UI[5]=Check online for a solution and close the program
UI[6]=Check online for a solution later and close the program
UI[7]=Close the program
LoadedModule[0]=C:\Users\Mr\Documents\Visual Studio 2015\Projects\TurboVPN\TurboVPN\bin\Release\TurboVPN.exe
LoadedModule[1]=C:\WINDOWS\SYSTEM32\ntdll.dll
LoadedModule[2]=C:\WINDOWS\SYSTEM32\MSCOREE.DLL
LoadedModule[3]=C:\WINDOWS\System32\KERNEL32.dll
LoadedModule[4]=C:\WINDOWS\System32\KERNELBASE.dll
LoadedModule[5]=C:\Program Files\Bitdefender\Bitdefender 2017\Active Virus Control\Avc3_00125_004\avcuf64.dll
LoadedModule[6]=C:\WINDOWS\SYSTEM32\apphelp.dll
LoadedModule[7]=C:\WINDOWS\System32\ADVAPI32.dll
LoadedModule[8]=C:\WINDOWS\System32\msvcrt.dll
LoadedModule[9]=C:\WINDOWS\System32\sechost.dll
LoadedModule[10]=C:\WINDOWS\System32\RPCRT4.dll
LoadedModule[11]=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
LoadedModule[12]=C:\WINDOWS\System32\SHLWAPI.dll
LoadedModule[13]=C:\WINDOWS\System32\combase.dll
LoadedModule[14]=C:\WINDOWS\System32\ucrtbase.dll
LoadedModule[15]=C:\WINDOWS\System32\bcryptPrimitives.dll
LoadedModule[16]=C:\WINDOWS\System32\GDI32.dll
LoadedModule[17]=C:\WINDOWS\System32\gdi32full.dll
LoadedModule[18]=C:\WINDOWS\System32\msvcp_win.dll
LoadedModule[19]=C:\WINDOWS\System32\USER32.dll
LoadedModule[20]=C:\WINDOWS\System32\win32u.dll
LoadedModule[21]=C:\WINDOWS\System32\IMM32.DLL
LoadedModule[22]=C:\WINDOWS\System32\kernel.appcore.dll
LoadedModule[23]=C:\WINDOWS\SYSTEM32\VERSION.dll
LoadedModule[24]=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
LoadedModule[25]=C:\WINDOWS\SYSTEM32\MSVCR120_CLR0400.dll
LoadedModule[26]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\mscorlib\59ea37125345a946fbfb8868aa11ed27\mscorlib.ni.dll
LoadedModule[27]=C:\WINDOWS\System32\ole32.dll
LoadedModule[28]=C:\WINDOWS\system32\uxtheme.dll
LoadedModule[29]=C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
LoadedModule[30]=C:\WINDOWS\SYSTEM32\WINMM.dll
LoadedModule[31]=C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9279_none_08e667efa83ba076\MSVCR90.dll
LoadedModule[32]=C:\WINDOWS\SYSTEM32\WINMMBASE.dll
LoadedModule[33]=C:\WINDOWS\System32\cfgmgr32.dll
LoadedModule[34]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\System\4b4b69a2aa9b596c8b8e7a32267eac35\System.ni.dll
LoadedModule[35]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\System.Core\d4035216edd875be919d339859343a6c\System.Core.ni.dll
LoadedModule[36]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\WindowsBase\d6053a0b7badab04868dc6e51ab4c02e\WindowsBase.ni.dll
LoadedModule[37]=C:\WINDOWS\SYSTEM32\CRYPTSP.dll
LoadedModule[38]=C:\WINDOWS\system32\rsaenh.dll
LoadedModule[39]=C:\WINDOWS\SYSTEM32\bcrypt.dll
LoadedModule[40]=C:\WINDOWS\SYSTEM32\CRYPTBASE.dll
LoadedModule[41]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\PresentationCore\b5bfbcf78210cf783ff665fea098ebfa\PresentationCore.ni.dll
LoadedModule[42]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Presentatio5ae0f00f#\73dece296df0b44862aa59e1f73825c3\PresentationFramework.ni.dll
LoadedModule[43]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\System.Xaml\44f34f029c456762dba3d085d6b9fa9c\System.Xaml.ni.dll
LoadedModule[44]=C:\WINDOWS\SYSTEM32\dwrite.dll
LoadedModule[45]=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll
LoadedModule[46]=C:\WINDOWS\System32\OLEAUT32.dll
LoadedModule[47]=C:\WINDOWS\SYSTEM32\MSVCP120_CLR0400.dll
LoadedModule[48]=C:\WINDOWS\SYSTEM32\D3DCOMPILER_47.dll
LoadedModule[49]=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationNative_v0400.dll
LoadedModule[50]=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
LoadedModule[51]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\System.Configuration\9f298b9fdf9d3d88c051ba8d0cfcdd98\System.Configuration.ni.dll
LoadedModule[52]=C:\WINDOWS\SYSTEM32\urlmon.dll
LoadedModule[53]=C:\WINDOWS\System32\shcore.dll
LoadedModule[54]=C:\WINDOWS\System32\windows.storage.dll
LoadedModule[55]=C:\WINDOWS\System32\powrprof.dll
LoadedModule[56]=C:\WINDOWS\System32\profapi.dll
LoadedModule[57]=C:\WINDOWS\SYSTEM32\iertutil.dll
LoadedModule[58]=C:\WINDOWS\SYSTEM32\SspiCli.dll
LoadedModule[59]=C:\WINDOWS\SYSTEM32\msiso.dll
LoadedModule[60]=C:\WINDOWS\SYSTEM32\PROPSYS.dll
LoadedModule[61]=C:\WINDOWS\System32\shell32.dll
LoadedModule[62]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\System.Xml\246b8fa70f43db970414bb4119fe629f\System.Xml.ni.dll
LoadedModule[63]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\System.Runt73a1fc9d#\9ed83e5a61548d2d78bc4b7a667e9139\System.Runtime.Remoting.ni.dll
LoadedModule[64]=C:\WINDOWS\System32\ws2_32.dll
LoadedModule[65]=C:\WINDOWS\system32\mswsock.dll
LoadedModule[66]=C:\WINDOWS\system32\dwmapi.dll
LoadedModule[67]=C:\WINDOWS\System32\MSCTF.dll
LoadedModule[68]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\System.Drawing\763d0ca89a77cfd983874efe156a9296\System.Drawing.ni.dll
LoadedModule[69]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\d63d7f874bb64e51ee0ef09cc99218f6\System.Windows.Forms.ni.dll
LoadedModule[70]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\System.Security\35f9d2604274a3e8fbf814e10789dc51\System.Security.ni.dll
LoadedModule[71]=C:\WINDOWS\System32\crypt32.dll
LoadedModule[72]=C:\WINDOWS\System32\MSASN1.dll
LoadedModule[73]=C:\WINDOWS\SYSTEM32\DPAPI.dll
LoadedModule[74]=C:\WINDOWS\SYSTEM32\WindowsCodecs.dll
LoadedModule[75]=C:\WINDOWS\SYSTEM32\d3d9.dll
LoadedModule[76]=C:\WINDOWS\SYSTEM32\igdumdim64.dll
LoadedModule[77]=C:\WINDOWS\System32\SETUPAPI.dll
LoadedModule[78]=C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Presentatioaec034ca#\248dd0bba3037acdc2ab60513b34c3f2\PresentationFramework.Aero2.ni.dll
LoadedModule[79]=C:\WINDOWS\SYSTEM32\WtsApi32.dll
LoadedModule[80]=C:\WINDOWS\SYSTEM32\WINSTA.dll
LoadedModule[81]=C:\WINDOWS\System32\clbcatq.dll
LoadedModule[82]=C:\WINDOWS\system32\dataexchange.dll
LoadedModule[83]=C:\WINDOWS\system32\d3d11.dll
LoadedModule[84]=C:\WINDOWS\system32\dcomp.dll
LoadedModule[85]=C:\WINDOWS\system32\dxgi.dll
LoadedModule[86]=C:\WINDOWS\system32\twinapi.appcore.dll
LoadedModule[87]=C:\WINDOWS\SYSTEM32\igdusc64.dll
State[0].Key=Transport.DoneStage1
State[0].Value=1
File[0].CabName=Report.zip
File[0].Path=Report.zip
File[0].Flags=196608
File[0].Type=11
File[0].Original.Path=\\?\C:\WINDOWS\system32\Report.zip
FriendlyEventName=Stopped working
ConsentKey=APPCRASH
AppName=TurboVPN
AppPath=C:\Users\Mr\Documents\Visual Studio 2015\Projects\TurboVPN\TurboVPN\bin\Release\TurboVPN.exe
NsPartner=windows
NsGroup=windows8
ApplicationIdentity=ED5A83A5552697FBE579A0CAAEF2FF9E
MetadataHash=1411986728
If you take a look, you can see the attached module LoadedModule[29]=C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
Preventing the DLL injection technique that this software uses completely defeats the point of using it. It has to do this, the only way it can wire itself into the DirectX render pipeline to display the statistics. That this ends up poorly and crashes your program with a completely undiagnosable AccessViolationException is quite normal. It takes just one change in an internal function that is not part of the documented API, the kind that the utility has to "hook", and the show is over.
It could be fixable, but that has to be done by the author of this utility. It is just one guy, a Russian master-hacker. Hard to get in touch with, his life can't possibly easy lately with Win10 updates arriving at a high rate these days.
You need to consider getting ahead by uninstalling it. There are other ways to accomplish the same thing, ways that are much less brittle, supported and dedicated to WPF. Use the WPF Performance Suite.
AFAIK, there are quite a few ways of preventing other processes to attach to your process.
Basically, there are two well-known approaches to attach to external process:
Debugging the external process
Injecting a thread to that process
you can overcome the first method by implementing one of anti-debug methods(There are a lot of these methods on the internet. An example would be to debug your own process )
To prevent other processes to inject thread to your process, you can set some hooks on CreateRemoteThread or LoadLibrary and initiate a procedure before they attach to your process.
Did you tried to catch exceptions during the initializecomponents function? Since this happens during the window drawing, you can try this:
public MainWindow()
{
try{
InitializeComponent();
//you remaining code
}
catch(Exception ex){
Console.Out.Writeline(ex.Message);
}
}
Also, you can try to subscribe to _Application.DispatcherUnhandledException_ and _AppDomain.CurrentDomain.UnhandledException_ that can give you more info about the application crash exception.
I've an C#/UWP-app in beta-release in the Microsoft App-Store. Most of the users have no problems with the App, but for one user the app is crashing on startup. You can't even see the Splash-Screen (it should be displaying a logo or color, however it is white).
In the eventlog this genreic event is logged:
0xc000027b (Windows.UI.XAML)
The only difference is, that his Windows-10 Build differs from the other users (10.0.10240 vs 10.0.10586). However, I've collected the crashdumps ("minidumps") and tried to follow this tutorial.
If i try this command:
dt <Parameter[0]> combase!_STOWED_EXCEPTION_INFORMATION_HEADER*
Windbg gives me this:
Memory read error (at Parameter[0])
Actually I've integrated the hockey-sdk for automatic crash-reports, but it doesn't report me that specific crash in the dashboard.
How can I trace down this crash?
Update:
I've managed to get the Call-Stack with PDE:
Windows_UI_Xaml!DirectUI::PropertyPathListener::GetValue+0x3e
Windows_UI_Xaml!DirectUI::BindingExpression::GetValue+0xbb
Windows_UI_Xaml!DirectUI::DependencyObject::SetValueExpression+0x24b
Windows_UI_Xaml!DirectUI::DependencyObject::SetBindingCore+0x56
Windows_UI_Xaml!DirectUI::DependencyObject::SetBindingCallback+0x146
Windows_UI_Xaml!CBinding::SetBinding+0x48
Windows_UI_Xaml!XamlNativeRuntime::SetValue+0x4c2
Windows_UI_Xaml!BinaryFormatObjectWriter::SetValueOnCurrentInstance+0x1ad
Windows_UI_Xaml!BinaryFormatObjectWriter::WriteNode+0x144a
Windows_UI_Xaml!CTemplateContent::LoadXbfVersion2+0xd1
Windows_UI_Xaml!CTemplateContent::Load+0x4d
Windows_UI_Xaml!CFrameworkTemplate::LoadContent+0x270
Windows_UI_Xaml!CControlTemplate::LoadContent+0x18
Windows_UI_Xaml!CFrameworkElement::ApplyTemplate+0x30a
Windows_UI_Xaml!CContentControl::ApplyTemplate+0x20
Windows_UI_Xaml!CFrameworkElement::InvokeApplyTemplate+0x17f
Windows_UI_Xaml!CFrameworkElement::MeasureCore+0x2a3
Windows_UI_Xaml!CUIElement::MeasureInternal+0x1cb
Windows_UI_Xaml!CUIElement::Measure+0x598
Windows_UI_Xaml!CGrid::MeasureOverride+0x307
Windows_UI_Xaml!CFrameworkElement::MeasureCore+0x707
Windows_UI_Xaml!CUIElement::MeasureInternal+0x1cb
Windows_UI_Xaml!CUIElement::Measure+0x598
Windows_UI_Xaml!CGrid::MeasureOverride+0x307
Windows_UI_Xaml!CFrameworkElement::MeasureCore+0x707
This would mean, that I've somewhere an incorrect binding?
When installing a service, there is a helpful .NET class called ServiceProcessInstaller. This class has a property Account, which is a ServiceAccount enumeration with possible values LocalService, LocalSystem, NetworkService and User.
This is fine at install-time, but does anybody know how I can change this value for an existing service?
I assuming that I need to move away from the actual install-type classes, and have been researching hooking into the advapi32 ChangeServiceConfig method, WMI and ManagementObjects etc.
Indeed I have found code which will actually change the account under which the service runs,
ManagementObject mo = new ManagementObject("Win32_Service.Name='" + myService + "'");
object[] configParams = new object[11];
configParams[6] = userName;
configParams[7] = password;
object result = mo.InvokeMethod("Change", configParams);
(which on its own looks a bit like black magic but makes sense when viewed with the ChangeServiceConfig signature)
However when I apply this code to a service which happens to be installed as LocalSystem, it has no effect (although when I interpret result the call is reporting success). This doesn't really surprise me since I am only setting a username and password, I am not saying "rather than running as a local service, this service needs to run under a specific user account".
Now, my gut feel is that I am heading along the right lines here. The problem is that none of the parameters in ChangeServiceConfig appear to offer the opportunity to do this.
Any ideas? TIA, Pete
Error code 16 means "Service marked for deletion". Sometimes when you change service parameter, in particular when you delete / re-create a service you need to reboot your PC for operation to complete. While it's still pending, you can't manipulate service and you get error code 16.
Also, it might not be the case, that you problem has something to do with the fact that the call is inside a dll. If you put you code in a test rig dll and call it from a test rig exe (the same way you tested it in a test rig exe) and don't create / delete service in between I think it will work anyway.
The reason it does not working in your application on my opinion has to do with what you did with the service before (and this something most likely is not described in your question).
You need Impersonate an thread to run at context of user.
Try this class :
A small C# Class for impersonating a User
or this one :
Impersonate User
Return code is 21: "Invalid Parameter".
I ran into the same issue: Problem occurs when trying to apply a new user/password to a service which currently has "LocalSystem" with "Allow Service to interact with desktop" enabled.
To resolve, set the "DesktopInteract" flag in the "Change" query
var query = new ManagementPath(string.Format("Win32_Service.Name='{0}'", serviceName)); // string.Format("SELECT * FROM Win32_Service where Name='{0}'", serviceName);
using (ManagementObject service = new ManagementObject(query))
{
object[] wmiParams = new object[10];
//WMI update doesn't work if the service's user is currently set to LocalSystem
// with Interact with desktop on
wmiParams[5] = false;
wmiParams[6] = serviceUserName;
wmiParams[7] = password;
//update credentials for the service
var rtn = service.InvokeMethod("Change", wmiParams);
}