Link to home
Start Free TrialLog in
Avatar of Luzcka
Luzcka

asked on

NT Service and Hook problem .....

Hi,

 I made a system that monitors some messages through a Hook, the
communication between Hook and the program is made through named pipes,
this works very well and without any problem,
 I get to monitor the messages correspondents for any program being
executed in the system, this everything works in the windows 2000 prof.
SP2, with Administrator login,  but I had to alter the program. . . .
and make it a service of the windows.

I have a problem with the service (I believe at least) the problem is
that Hook is not executed. . . to not to be when I click well in the
button of " Ok " in the service message installed and when it is in the
" ok " to the uninstall, I could monitor the operation of the hook with
a log " file. . . and out of the service he is not used. . . . the only
reason that I can think so that this happens it is a problem of safety.
. . , but I inform that the service was installed and tested with the
administrating user (windows 2000 sp2), any idea is wellcome ....!!!!

Sorry my poor English ...

Thanks in advance,
Pablo.


Avatar of fva
fva

Check the rights of the user that is used by the service when running. Even if you installed it as Administrator, it will run under SYSTEM (I guess) and it might miss a right (most likely debug or similar).
Unless someone else comes up with a better suggestion:
For testing, make a user with every conceivable right and assign it to your service. If it runs OK, try to remove one-by-one rights until it fails. Beware that you might be creating a huge security hole by doing this. Do not use it in a production environment until you sort out all the potential security issues.

Just guessing, too,
F.
fva is probably pointing you into the right direction. The SYSTEM account is sort of a local administrator account, but with no networking access (excapt for direct network protocol access). Named pipes are considered to be network features, thus you cannot use them from within a service which runs in the SYSTEM account.

You have pretty much two possible solutions:
* Make your app run as another user
* Use another method to do IPC which is allowed for the SYSTEM user, for instance TCP/IP
Avatar of Luzcka

ASKER

Before anything else I want to thank the answers..., but I believe that I have not been
very clear.... I will explain the current operation of the system so that they can have like
this a vision of him as of the problem.

The system is composed by a service and a DLL (my global Hook), the two are in
the same computer..., when carrying the service, this installs the hook to
monitoring the system (in the case, of keyboard and mouse), to each respective event  
correspond a message of the hook to the service using " Named Pipes "... these messages are worked for threads where each event is saved in a database...
well..., two events are saved (a click when beginning and another when
concluding, I believe that are in the window of installation messagebox and
uninstall message box of the service)...
I placed a routine in the hook that saves a message in a txt file each
time that the hook is called, and this routine just works twice....
what indicates that the hook was just used twice....
that I discard that the problem is in the communication through pipes (that is
local), with relationship to the service.... he was already installed without user
and with user Administrator (.\Administrator) but nothing change....; I don't know a lot of programming in the NT system.... I don't know if Administrator possesses or not all the rights..., in mine researches I verified that limitations exist in the use of Pipes... and
other methods of IPC.... but anything that indicates limitations of a service when using or
work with a hook....
if they want I can send them sources (Delphi) and /or the exe file and dll so that
they look at.. or if they have another idea.... please inform me...

Thanks in advance

Pablo.
Maybe that the DLL hook executes sometimes under an account with limited privileges (the hooked program changes its logon identity during operation). Therefore you get only the calls made while operating at proper privilege level.

F.
Avatar of Luzcka

ASKER

hi,

 The hook got to work, I created a "super user" but didn't advance..., but when set the property " Interactive " ( Allow service to interact with desktop ) the hook began to work....
I just left the property and I removed the user and it continued working.... fou to try with other logins to see it happens some difference ....

Thanks to all !!!

Pablo.
ASKER CERTIFIED SOLUTION
Avatar of Russell Libby
Russell Libby
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Luzcka

ASKER

Well, I had already found this solution. . . . and had made a comment indicating, but it is answer it is much clearer and explanatory; forced the whole ones for the help that was of big were worth.

Thanks to all ...!!!

Pablo.