?
Solved

NT Service and Hook problem .....

Posted on 2001-06-03
7
Medium Priority
?
287 Views
Last Modified: 2010-04-06
Hi,

 I made a system that monitors some messages through a Hook, the
communication between Hook and the program is made through named pipes,
this works very well and without any problem,
 I get to monitor the messages correspondents for any program being
executed in the system, this everything works in the windows 2000 prof.
SP2, with Administrator login,  but I had to alter the program. . . .
and make it a service of the windows.

I have a problem with the service (I believe at least) the problem is
that Hook is not executed. . . to not to be when I click well in the
button of " Ok " in the service message installed and when it is in the
" ok " to the uninstall, I could monitor the operation of the hook with
a log " file. . . and out of the service he is not used. . . . the only
reason that I can think so that this happens it is a problem of safety.
. . , but I inform that the service was installed and tested with the
administrating user (windows 2000 sp2), any idea is wellcome ....!!!!

Sorry my poor English ...

Thanks in advance,
Pablo.


0
Comment
Question by:Luzcka
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 4

Expert Comment

by:fva
ID: 6151590
Check the rights of the user that is used by the service when running. Even if you installed it as Administrator, it will run under SYSTEM (I guess) and it might miss a right (most likely debug or similar).
Unless someone else comes up with a better suggestion:
For testing, make a user with every conceivable right and assign it to your service. If it runs OK, try to remove one-by-one rights until it fails. Beware that you might be creating a huge security hole by doing this. Do not use it in a production environment until you sort out all the potential security issues.

Just guessing, too,
F.
0
 
LVL 14

Expert Comment

by:AvonWyss
ID: 6153895
fva is probably pointing you into the right direction. The SYSTEM account is sort of a local administrator account, but with no networking access (excapt for direct network protocol access). Named pipes are considered to be network features, thus you cannot use them from within a service which runs in the SYSTEM account.

You have pretty much two possible solutions:
* Make your app run as another user
* Use another method to do IPC which is allowed for the SYSTEM user, for instance TCP/IP
0
 

Author Comment

by:Luzcka
ID: 6154542
Before anything else I want to thank the answers..., but I believe that I have not been
very clear.... I will explain the current operation of the system so that they can have like
this a vision of him as of the problem.

The system is composed by a service and a DLL (my global Hook), the two are in
the same computer..., when carrying the service, this installs the hook to
monitoring the system (in the case, of keyboard and mouse), to each respective event  
correspond a message of the hook to the service using " Named Pipes "... these messages are worked for threads where each event is saved in a database...
well..., two events are saved (a click when beginning and another when
concluding, I believe that are in the window of installation messagebox and
uninstall message box of the service)...
I placed a routine in the hook that saves a message in a txt file each
time that the hook is called, and this routine just works twice....
what indicates that the hook was just used twice....
that I discard that the problem is in the communication through pipes (that is
local), with relationship to the service.... he was already installed without user
and with user Administrator (.\Administrator) but nothing change....; I don't know a lot of programming in the NT system.... I don't know if Administrator possesses or not all the rights..., in mine researches I verified that limitations exist in the use of Pipes... and
other methods of IPC.... but anything that indicates limitations of a service when using or
work with a hook....
if they want I can send them sources (Delphi) and /or the exe file and dll so that
they look at.. or if they have another idea.... please inform me...

Thanks in advance

Pablo.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 4

Expert Comment

by:fva
ID: 6155167
Maybe that the DLL hook executes sometimes under an account with limited privileges (the hooked program changes its logon identity during operation). Therefore you get only the calls made while operating at proper privilege level.

F.
0
 

Author Comment

by:Luzcka
ID: 6161574
hi,

 The hook got to work, I created a "super user" but didn't advance..., but when set the property " Interactive " ( Allow service to interact with desktop ) the hook began to work....
I just left the property and I removed the user and it continued working.... fou to try with other logins to see it happens some difference ....

Thanks to all !!!

Pablo.
0
 
LVL 26

Accepted Solution

by:
Russell Libby earned 800 total points
ID: 6165648

Pablo,

User account has nothing to do with your problem, but running interactive does. In your situation, you can set a global hook, but it won't do anything.

Per MSDN

SYMPTOMS

On a computer running Microsoft Windows NT 4.0, a Win32 Service cannot set a hook on a 32-bit GUI application.

CAUSE
When an interactive service wants to hook a user's process, it is not allowed to because the desktop opened does not have the DF_ALLOWOTHERACCOUNTHOOK flag set.

RESOLUTION
A fix was developed such that if "Allow Service to Interact with Desktop" is set, the service is allow to set hooks on a user's process. This fix requires Microsoft Windows NT version 4.0 Service Pack 2 to be installed.
0
 

Author Comment

by:Luzcka
ID: 6166216
Well, I had already found this solution. . . . and had made a comment indicating, but it is answer it is much clearer and explanatory; forced the whole ones for the help that was of big were worth.

Thanks to all ...!!!

Pablo.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction The parallel port is a very commonly known port, it was widely used to connect a printer to the PC, if you look at the back of your computer, for those who don't have newer computers, there will be a port with 25 pins and a small print…
Creating an auto free TStringList The TStringList is a basic and frequently used object in Delphi. On many occasions, you may want to create a temporary list, process some items in the list and be done with the list. In such cases, you have to…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses
Course of the Month10 days, 12 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question