Solved

NT Service and Hook problem .....

Posted on 2001-06-03
7
274 Views
Last Modified: 2010-04-06
Hi,

 I made a system that monitors some messages through a Hook, the
communication between Hook and the program is made through named pipes,
this works very well and without any problem,
 I get to monitor the messages correspondents for any program being
executed in the system, this everything works in the windows 2000 prof.
SP2, with Administrator login,  but I had to alter the program. . . .
and make it a service of the windows.

I have a problem with the service (I believe at least) the problem is
that Hook is not executed. . . to not to be when I click well in the
button of " Ok " in the service message installed and when it is in the
" ok " to the uninstall, I could monitor the operation of the hook with
a log " file. . . and out of the service he is not used. . . . the only
reason that I can think so that this happens it is a problem of safety.
. . , but I inform that the service was installed and tested with the
administrating user (windows 2000 sp2), any idea is wellcome ....!!!!

Sorry my poor English ...

Thanks in advance,
Pablo.


0
Comment
Question by:Luzcka
7 Comments
 
LVL 4

Expert Comment

by:fva
ID: 6151590
Check the rights of the user that is used by the service when running. Even if you installed it as Administrator, it will run under SYSTEM (I guess) and it might miss a right (most likely debug or similar).
Unless someone else comes up with a better suggestion:
For testing, make a user with every conceivable right and assign it to your service. If it runs OK, try to remove one-by-one rights until it fails. Beware that you might be creating a huge security hole by doing this. Do not use it in a production environment until you sort out all the potential security issues.

Just guessing, too,
F.
0
 
LVL 14

Expert Comment

by:AvonWyss
ID: 6153895
fva is probably pointing you into the right direction. The SYSTEM account is sort of a local administrator account, but with no networking access (excapt for direct network protocol access). Named pipes are considered to be network features, thus you cannot use them from within a service which runs in the SYSTEM account.

You have pretty much two possible solutions:
* Make your app run as another user
* Use another method to do IPC which is allowed for the SYSTEM user, for instance TCP/IP
0
 

Author Comment

by:Luzcka
ID: 6154542
Before anything else I want to thank the answers..., but I believe that I have not been
very clear.... I will explain the current operation of the system so that they can have like
this a vision of him as of the problem.

The system is composed by a service and a DLL (my global Hook), the two are in
the same computer..., when carrying the service, this installs the hook to
monitoring the system (in the case, of keyboard and mouse), to each respective event  
correspond a message of the hook to the service using " Named Pipes "... these messages are worked for threads where each event is saved in a database...
well..., two events are saved (a click when beginning and another when
concluding, I believe that are in the window of installation messagebox and
uninstall message box of the service)...
I placed a routine in the hook that saves a message in a txt file each
time that the hook is called, and this routine just works twice....
what indicates that the hook was just used twice....
that I discard that the problem is in the communication through pipes (that is
local), with relationship to the service.... he was already installed without user
and with user Administrator (.\Administrator) but nothing change....; I don't know a lot of programming in the NT system.... I don't know if Administrator possesses or not all the rights..., in mine researches I verified that limitations exist in the use of Pipes... and
other methods of IPC.... but anything that indicates limitations of a service when using or
work with a hook....
if they want I can send them sources (Delphi) and /or the exe file and dll so that
they look at.. or if they have another idea.... please inform me...

Thanks in advance

Pablo.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 4

Expert Comment

by:fva
ID: 6155167
Maybe that the DLL hook executes sometimes under an account with limited privileges (the hooked program changes its logon identity during operation). Therefore you get only the calls made while operating at proper privilege level.

F.
0
 

Author Comment

by:Luzcka
ID: 6161574
hi,

 The hook got to work, I created a "super user" but didn't advance..., but when set the property " Interactive " ( Allow service to interact with desktop ) the hook began to work....
I just left the property and I removed the user and it continued working.... fou to try with other logins to see it happens some difference ....

Thanks to all !!!

Pablo.
0
 
LVL 26

Accepted Solution

by:
Russell Libby earned 200 total points
ID: 6165648

Pablo,

User account has nothing to do with your problem, but running interactive does. In your situation, you can set a global hook, but it won't do anything.

Per MSDN

SYMPTOMS

On a computer running Microsoft Windows NT 4.0, a Win32 Service cannot set a hook on a 32-bit GUI application.

CAUSE
When an interactive service wants to hook a user's process, it is not allowed to because the desktop opened does not have the DF_ALLOWOTHERACCOUNTHOOK flag set.

RESOLUTION
A fix was developed such that if "Allow Service to Interact with Desktop" is set, the service is allow to set hooks on a user's process. This fix requires Microsoft Windows NT version 4.0 Service Pack 2 to be installed.
0
 

Author Comment

by:Luzcka
ID: 6166216
Well, I had already found this solution. . . . and had made a comment indicating, but it is answer it is much clearer and explanatory; forced the whole ones for the help that was of big were worth.

Thanks to all ...!!!

Pablo.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

A lot of questions regard threads in Delphi.   One of the more specific questions is how to show progress of the thread.   Updating a progressbar from inside a thread is a mistake. A solution to this would be to send a synchronized message to the…
In my programming career I have only very rarely run into situations where operator overloading would be of any use in my work.  Normally those situations involved math with either overly large numbers (hundreds of thousands of digits or accuracy re…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now