Getting login name in a service routine

Posted on 2009-07-07
Medium Priority
Last Modified: 2013-12-04
I have the following code in a dummy windows app that works just fine, but when I move the code to a service application (an application that will run as a service) it errors. By erroring I mean that the service starts and stops itself. Is there something in the code that is 'illegal' in a service app? Is there a way I can see WHY it stopped itself? I am using CBuilder++ Rad studio 2007

      NET_API_STATUS netStatus;
      WKSTA_USER_INFO_0 *buf;
      char buffer[1000];
      netStatus = NetWkstaUserGetInfo(NULL, 0, (LPBYTE *)&buf);
      wcstombs(buffer, buf->wkui0_username, 100);
      FILE* file=fopen("C:\\systemlog.txt","at");
      if (file) {
            fprintf(file,"Start : %s\n",DateTimeToStr(Now()).c_str());
            fprintf(file,"        User : %s\n", buffer);

Question by:BrianDumas
  • 2
LVL 86

Accepted Solution

jkr earned 750 total points
ID: 24794949
'NetWkstaUserGetInfo()' is most likely to fail in a service (services running under the 'LocalSystem' account have almost OS privileges, but are not allowed to use _any_ networking facilities), and since you're not checking the return value, 'wcstombs()' might cause an access violation. Since you apparently want to get the name of the logged on user, there's a new problem - with XP and later, there might be more than one. The following code should help, though:

// DisplayLocalLogons
// Scans the HKEY_USERS key of the specified computer to see who
// has their profile loaded. Returns true if someone is logged on.
BOOLEAN DisplayLocalLogons( LPWSTR ServerName, LPWSTR UserName  )
    BOOLEAN          first = TRUE;
   TCHAR          errorMessage[1024];
   TCHAR          userName[MAX_NAME_STRING], domainName[MAX_NAME_STRING];
   TCHAR          subKeyName[MAX_PATH];
   DWORD          subKeyNameSize, index;
   DWORD          userNameSize, domainNameSize;
   FILETIME     lastWriteTime;
   HKEY          usersKey;
   PSID          sid;
   SID_NAME_USE sidType;
    BYTE          subAuthorityCount;
   DWORD          authorityVal, revision;
   DWORD          subAuthorityVal[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
   // Use RegConnectRegistry so that we work with remote computers
    if( ServerName ) {
         wprintf(L"Connecting to Registry of %s...", ServerName );
         fflush( stdout );
         if( RegConnectRegistry( ServerName, HKEY_USERS, &usersKey ) != ERROR_SUCCESS) {
              wprintf(L"\r                                                      \r");
              wprintf( L"Error opening HKEY_USERS for %s\n", ServerName );
              return FALSE;
         wprintf(L"\r                                                      \r");
    } else {
         if( RegOpenKey( HKEY_USERS, NULL, &usersKey ) != ERROR_SUCCESS ) {
              wprintf( errorMessage, L"Error opening HKEY_USERS" );
              PrintWin32Error( errorMessage, GetLastError() );
              return FALSE;
   // Enumerate keys under HKEY_USERS
   index = 0;
   subKeyNameSize = sizeof( subKeyName );
   while( RegEnumKeyEx( usersKey, index, subKeyName, &subKeyNameSize,
                        NULL, NULL, NULL, &lastWriteTime ) == ERROR_SUCCESS ) {
       // Ignore the default subkey and win2K user class subkeys
       if( wcsicmp( subKeyName, L".default" ) &&
              !wcsstr( subKeyName, L"Classes")) {
              // Convert the textual SID into a binary SID
           subAuthorityCount= swscanf( subKeyName, L"S-%d-%x-%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu",
                                       &revision, &authorityVal,
                                       &subAuthorityVal[7] );
           if( subAuthorityCount >= 3 ) {
               subAuthorityCount -= 2;
               // Note: we can only deal with authority values
               // of 4 bytes in length
               authority.Value[5] = *(PBYTE) &authorityVal;
               authority.Value[4] = *((PBYTE) &authorityVal+1);
               authority.Value[3] = *((PBYTE) &authorityVal+2);
               authority.Value[2] = *((PBYTE) &authorityVal+3);
               authority.Value[1] = 0;
               authority.Value[0] = 0;
               // Initialize variables for subsequent operations
               sid = NULL;
               userNameSize   = MAX_NAME_STRING;
               domainNameSize = MAX_NAME_STRING;
               if( AllocateAndInitializeSid( &authority,
                                              &sid )) {
                        // We can finally lookup the account name
                        if( LookupAccountSid( ServerName,
                                                   &sidType )) {
                             // We've successfully looked up the user name
                           if( first && !UserName ) {
                                   wprintf(L"Users logged on locally:\n");
                                  first = FALSE;
                           if( !UserName || !wcsicmp( UserName, userName )) {
                                first = FALSE;
                                if( UserName ) wprintf(RESETLINE L"%s\\%s logged onto %s locally.\n",
                                                                 domainName, UserName, ServerName );
                                else                 wprintf( L"     %s\\%s\n", domainName, userName );
                if( sid ) FreeSid( sid );
       subKeyNameSize = sizeof( subKeyName );
    RegCloseKey( usersKey );
    if( first && !UserName ) wprintf(L"No one is logged on locally.\n");
    return !first;
// Code taken from http://www.sysinternals.com/files/PsLoggedonSrc.zip
// (no longer available)

Open in new window

LVL 86

Expert Comment

ID: 24804109
So, what would you have requested to grade that 'A'? What is missing?

Author Comment

ID: 24809624
t wouldn't compile as you had written it. So I made some changes to it to make it work. I meant no disfavor though.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

We were having a lot of "Heartbeat Alerts" in our SCOM environment, now "Heartbeat" in a SCOM environment for those of you who might not be familiar with SCOM is a packet of data sent from the agent to the management server on a regular basis, basic…
Many companies are making the switch from Microsoft to Google Apps (https://www.google.com/work/apps/business/). Use this article to learn more about what Google Apps has to offer and to help if you’re planning on migrating to Google Apps. It is …
The viewer will learn how to use and create keystrokes in Netbeans IDE 8.0 for Windows.
The viewer will learn how to synchronize PHP projects with a remote server in NetBeans IDE 8.0 for Windows.

587 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question