Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

NT Service and Hook problem .....

Posted on 2001-06-03
7
280 Views
Last Modified: 2010-04-06
Hi,

 I made a system that monitors some messages through a Hook, the
communication between Hook and the program is made through named pipes,
this works very well and without any problem,
 I get to monitor the messages correspondents for any program being
executed in the system, this everything works in the windows 2000 prof.
SP2, with Administrator login,  but I had to alter the program. . . .
and make it a service of the windows.

I have a problem with the service (I believe at least) the problem is
that Hook is not executed. . . to not to be when I click well in the
button of " Ok " in the service message installed and when it is in the
" ok " to the uninstall, I could monitor the operation of the hook with
a log " file. . . and out of the service he is not used. . . . the only
reason that I can think so that this happens it is a problem of safety.
. . , but I inform that the service was installed and tested with the
administrating user (windows 2000 sp2), any idea is wellcome ....!!!!

Sorry my poor English ...

Thanks in advance,
Pablo.


0
Comment
Question by:Luzcka
7 Comments
 
LVL 4

Expert Comment

by:fva
ID: 6151590
Check the rights of the user that is used by the service when running. Even if you installed it as Administrator, it will run under SYSTEM (I guess) and it might miss a right (most likely debug or similar).
Unless someone else comes up with a better suggestion:
For testing, make a user with every conceivable right and assign it to your service. If it runs OK, try to remove one-by-one rights until it fails. Beware that you might be creating a huge security hole by doing this. Do not use it in a production environment until you sort out all the potential security issues.

Just guessing, too,
F.
0
 
LVL 14

Expert Comment

by:AvonWyss
ID: 6153895
fva is probably pointing you into the right direction. The SYSTEM account is sort of a local administrator account, but with no networking access (excapt for direct network protocol access). Named pipes are considered to be network features, thus you cannot use them from within a service which runs in the SYSTEM account.

You have pretty much two possible solutions:
* Make your app run as another user
* Use another method to do IPC which is allowed for the SYSTEM user, for instance TCP/IP
0
 

Author Comment

by:Luzcka
ID: 6154542
Before anything else I want to thank the answers..., but I believe that I have not been
very clear.... I will explain the current operation of the system so that they can have like
this a vision of him as of the problem.

The system is composed by a service and a DLL (my global Hook), the two are in
the same computer..., when carrying the service, this installs the hook to
monitoring the system (in the case, of keyboard and mouse), to each respective event  
correspond a message of the hook to the service using " Named Pipes "... these messages are worked for threads where each event is saved in a database...
well..., two events are saved (a click when beginning and another when
concluding, I believe that are in the window of installation messagebox and
uninstall message box of the service)...
I placed a routine in the hook that saves a message in a txt file each
time that the hook is called, and this routine just works twice....
what indicates that the hook was just used twice....
that I discard that the problem is in the communication through pipes (that is
local), with relationship to the service.... he was already installed without user
and with user Administrator (.\Administrator) but nothing change....; I don't know a lot of programming in the NT system.... I don't know if Administrator possesses or not all the rights..., in mine researches I verified that limitations exist in the use of Pipes... and
other methods of IPC.... but anything that indicates limitations of a service when using or
work with a hook....
if they want I can send them sources (Delphi) and /or the exe file and dll so that
they look at.. or if they have another idea.... please inform me...

Thanks in advance

Pablo.
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 4

Expert Comment

by:fva
ID: 6155167
Maybe that the DLL hook executes sometimes under an account with limited privileges (the hooked program changes its logon identity during operation). Therefore you get only the calls made while operating at proper privilege level.

F.
0
 

Author Comment

by:Luzcka
ID: 6161574
hi,

 The hook got to work, I created a "super user" but didn't advance..., but when set the property " Interactive " ( Allow service to interact with desktop ) the hook began to work....
I just left the property and I removed the user and it continued working.... fou to try with other logins to see it happens some difference ....

Thanks to all !!!

Pablo.
0
 
LVL 26

Accepted Solution

by:
Russell Libby earned 200 total points
ID: 6165648

Pablo,

User account has nothing to do with your problem, but running interactive does. In your situation, you can set a global hook, but it won't do anything.

Per MSDN

SYMPTOMS

On a computer running Microsoft Windows NT 4.0, a Win32 Service cannot set a hook on a 32-bit GUI application.

CAUSE
When an interactive service wants to hook a user's process, it is not allowed to because the desktop opened does not have the DF_ALLOWOTHERACCOUNTHOOK flag set.

RESOLUTION
A fix was developed such that if "Allow Service to Interact with Desktop" is set, the service is allow to set hooks on a user's process. This fix requires Microsoft Windows NT version 4.0 Service Pack 2 to be installed.
0
 

Author Comment

by:Luzcka
ID: 6166216
Well, I had already found this solution. . . . and had made a comment indicating, but it is answer it is much clearer and explanatory; forced the whole ones for the help that was of big were worth.

Thanks to all ...!!!

Pablo.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A lot of questions regard threads in Delphi.   One of the more specific questions is how to show progress of the thread.   Updating a progressbar from inside a thread is a mistake. A solution to this would be to send a synchronized message to the…
Have you ever had your Delphi form/application just hanging while waiting for data to load? This is the article to read if you want to learn some things about adding threads for data loading in the background. First, I'll setup a general applica…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question