Solved

need help with instsrv

Posted on 2004-08-14
9
634 Views
Last Modified: 2013-11-13
I am trying to create my own server.
I have no problems with creating the service and getting it to run, but i also need to be able to remove the service

when I try to remove the service by typing:

instsrv Myservice REMOVE

d:\nt\sdktools\reskit\content\instsrv\source\instsrv.c: Error 1783 from EnumServ
icesStatus on line 184

Does anyone know what this means?
Brad
0
Comment
Question by:Brad_nelson1
  • 6
  • 2
9 Comments
 

Author Comment

by:Brad_nelson1
ID: 11802526
By the way, i tried this on (2) windows 2003 servers and i get the same error.
0
 
LVL 22

Expert Comment

by:cookre
ID: 11802568
1783 - The stub received bad data. - RPC_X_BAD_STUB_DATA
0
 
LVL 22

Expert Comment

by:cookre
ID: 11802580
Two common ways to stop a service:

* The services.msc gui

* The SC command line:
   sc stop <svcname>

The SC command line has an advantage over services.msc in that it can also delete a service:
sc delete <svcname>
0
 
LVL 22

Expert Comment

by:cookre
ID: 11802607
See if this helps any:
http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3B822751

It's for a different, but related, API
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 22

Expert Comment

by:cookre
ID: 11802678
I dug up an old version of some source for instsrv and saw that it was, indeed, calling EnumServicesStatus() with a buffer size of well over 65k.
0
 

Author Comment

by:Brad_nelson1
ID: 11802696
Cookre what does that mean " buffer size well over 65k"  Im not a programmer so I could use some help.
0
 
LVL 6

Expert Comment

by:Fahdmurtaza
ID: 11803730
This means I think a buffer overflow command am I right  cookre .
Fahd Murtaza
0
 
LVL 22

Accepted Solution

by:
cookre earned 500 total points
ID: 11804779
It would appear as if some of the older API routines dealing with service enumeration in which you supply a buffer to receive ALL of the enumerated data (as opposed to other enumeration APIs that use a call back to provide enumerated items one at a time), have a wee problem when you specify a buffer size greater than 65K.  One presumes that's what the above linked-to patch fixes.

With respect to instsrv, I found an old source whose REMOVE option handler uses a deprecated call (Enu,ServicesStatus(), as opposed to the preferres EnumServicesStatusEx() in which the specified buffer size was about 140K.  

I have no idea how close this source matches the executable you're using.

Since you have the problem only on a REMOVE, I'd suggest using the SC commands:

SC STOP servicename
SC DELETE servicename

0
 
LVL 22

Expert Comment

by:cookre
ID: 11804940
Oops, I ignored the question.

Is it a buffer overflow problem?  

Probably not in the sense we're used to hearing, to wit, an insufficiently sized buffer receives more data that it was intended to hold, so the excess just slops into the following memory, thereby causing various degrees of mahem.

In this case, well, here's the proximate cause:

The deprecated call:

BOOL EnumServicesStatus(
SC_HANDLE                       hSCManager,
DWORD                             dwServiceType,
DWORD                             dwServiceState,
LPENUM_SERVICE_STATUS lpServices,
DWORD                             cbBufSize,
LPDWORD                          pcbBytesNeeded,
LPDWORD                          lpServicesReturned,
LPDWORD                          lpResumeHandle
);

The buffer into which the status of registered services is plopped is pointed to by 'lpServices'.  The returned data is an array of _ENUM_SERVICE_STATUS:

typedef struct _ENUM_SERVICE_STATUS
{
LPTSTR lpServiceName;  
LPTSTR lpDisplayName;  
SERVICE_STATUS ServiceStatus;
} ENUM_SERVICE_STATUS, *LPENUM_SERVICE_STATUS;

SERVICE_STATUS is:
typedef struct _SERVICE_STATUS
{
DWORD dwServiceType;  
DWORD dwCurrentState;  
DWORD dwControlsAccepted;  
DWORD dwWin32ExitCode;  
DWORD dwServiceSpecificExitCode;  
DWORD dwCheckPoint;  
DWORD dwWaitHint;
} SERVICE_STATUS, *LPSERVICE_STATUS;

The documentation for EnumServicesStatus()
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/enumservicesstatus.asp
say that the maximum size for the buffer pointed to by lpServices is 64K bytes.  One specifies the size in 'cbBufSize'.

The preferred way to size the buffer is to call the routine first, specifying a cbBufSize of 0 to receive how large the buffer needs to be to handle the current batch of services.

What the old instsrv source I have does is simply declare:
#define                             SZ_ENUM_BUF   4096
ENUM_SERVICE_STATUS    essServiceStatus[SZ_ENUM_BUF];
DWORD   dwBufSize=sizeof(essServiceStatus);

and passes along that dwBufSize.

Now, since one instance of essServiceStatus is 44 bytes, it's passing a buffer size of 44*4096=180,224 bytes, well above the stated max of 65,535.  

My guess is that the API (interestingly enough still using 16-bit indexes (65K is the max for a 16-bit UINT)) builds its table in a max 65K area, then does a bulk copy based on cbBufSisze.  At some point during the copy, the index goes above 65K, and eventually leaves the area allocated, triggering an error that is, like many, mis-diagnosed.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

A short article about a problem I had getting the GPS LocationListener working.
If you’re thinking to yourself “That description sounds a lot like two people doing the work that one could accomplish,” you’re not alone.
An introduction to basic programming syntax in Java by creating a simple program. Viewers can follow the tutorial as they create their first class in Java. Definitions and explanations about each element are given to help prepare viewers for future …
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now