c++ service doesn't start after windows shutdo

2019-08-22 06:25发布

站内问答 / C++
1280 2 4

I wanted to make a windows service in c++ to start my programs as administrator every time the user log in without pop up UAC window As it's the first time for me to do it I used the project from here : https://code.msdn.microsoft.com/windowsapps/CppWindowsService-cacf4948/view/SourceCode

I edited line 74 in CppWindowsService.cpp to this :

InstallService(
        SERVICE_NAME,               // Name of service
        SERVICE_DISPLAY_NAME,       // Name to display
        SERVICE_AUTO_START,         // Service start type
        SERVICE_DEPENDENCIES,       // Dependencies
        0,            // Service running account
        SERVICE_PASSWORD            // Password of the account
        );

and added some code to the worker thread in SampleService.cpp line 101 to become like this :

 void CSampleService::ServiceWorkerThread(void)
{
// Periodically check if the service is stopping.
PSID gpSidMIL_High;
ConvertStringSidToSidW(L"S-1-16-12288", &gpSidMIL_High);
DWORD userSessionID = WTSGetActiveConsoleSessionId();
HANDLE hToken, hToken2;


if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken)) WriteEventLogEntry(L"OpenProcessToken failed error", EVENTLOG_ERROR_TYPE);
if (!DuplicateTokenEx(hToken, MAXIMUM_ALLOWED, NULL, SecurityIdentification, TokenPrimary, &hToken2)) WriteEventLogEntry(L"DuplicateTokenEx error", EVENTLOG_ERROR_TYPE);

if (!SetTokenInformation(hToken2, TokenSessionId, &userSessionID, sizeof(userSessionID))) WriteEventLogEntry(L"SetTokenInformation 1 error", EVENTLOG_ERROR_TYPE);

DWORD dwUIAccess = 1;
if (!SetTokenInformation(hToken2, TokenUIAccess, &dwUIAccess, sizeof(dwUIAccess))) WriteEventLogEntry(L"SetTokenInformation 2 error", EVENTLOG_ERROR_TYPE);

//Set "high" mandatory integrity level
TOKEN_MANDATORY_LABEL tml = { 0 };
tml.Label.Attributes = SE_GROUP_INTEGRITY;
tml.Label.Sid = gpSidMIL_High;

if (!SetTokenInformation(hToken2, TokenIntegrityLevel, &tml, sizeof(TOKEN_MANDATORY_LABEL) + ::GetSidLengthRequired(1))) WriteEventLogEntry(L"SetTokenInformation 3 error", EVENTLOG_ERROR_TYPE);
LPVOID pEnv = 0;
if (!CreateEnvironmentBlock(&pEnv, hToken2, FALSE)) WriteEventLogEntry(L"CreateEnvironmentBlock error", EVENTLOG_ERROR_TYPE);

if (!ImpersonateLoggedOnUser(hToken2)) WriteEventLogEntry(L"ImpersonateLoggedOnUser error", EVENTLOG_ERROR_TYPE);

while (!m_fStopping)
{
     STARTUPINFO stinfo = { 0 };
   PROCESS_INFORMATION pinfo = { 0 };
   stinfo.cb = sizeof(stinfo);
   stinfo.lpDesktop = L"winsta0\\default";
   if (!CreateProcessAsUserW(hToken2, L"path to exe that shows a message box", 0, 0, 0, FALSE, CREATE_UNICODE_ENVIRONMENT|CREATE_BREAKAWAY_FROM_JOB, pEnv, L"cwd of the exe file", &stinfo, &pinfo))
   {
// after debugging I found that the error is coming from here 
       std::wstring error = L"CreateProcessAsUserW failed with error : ";
       error += std::to_wstring(GetLastError());
       WriteEventLogEntry(wcsdup(error.c_str()), EVENTLOG_ERROR_TYPE);
       Sleep(10000);
   }
   while (!m_fStopping && pinfo.hProcess)
   {
       if(WaitForSingleObject(pinfo.hProcess, 1000) != WAIT_TIMEOUT) break;
   }
   // ::Sleep(2000);  // Simulate some lengthy operations.
}

The problem is that this service works very well after restarting windows or starting it manually through sc.exe or services control manager, but not after booting from previous shutdown When I shutdown then boot the computer I can see the exe of the service running in task manager so I knew that the service is running and there is an error comes from a function , I used the windows events and logged the errors and I finally found that the error comes from CreateProcessAsUser which return error 5 (Access denied) I don’t know where is the problem here as the service runs well after restart or upon starting it manually

2条回答
做自己的国王
2楼-- · 2019-08-22 06:40

ServiceMain is not called during fast startup. when fast startup is used,session 0 was(including kernel,drivers,all services) not terminated. It hibernated session 0 when you shutdown and continue run like hanging up VirtualMachine with user logout. So your service keeps status instead of starting again.

A simple way to handle this: handle SERVICE_ACCEPT_SESSIONCHANGE control code.

Here is an example.

SERVICE_STATUS gSvcStatus;
DWORD WINAPI HandleCtrlEx(
    DWORD dwControl,
    DWORD dwEventType,
    LPVOID lpEventData,
    LPVOID lpContext
)
{
    // Handle the requested control code. 
    switch (dwControl)
    {
        case SERVICE_CONTROL_SHUTDOWN:
        case SERVICE_CONTROL_STOP:
            ReportSvcStatus(SERVICE_STOP_PENDING, NO_ERROR, 0);

            // Signal the service to stop.

            SetEvent(ghSvcStopEvent);
            ReportSvcStatus(gSvcStatus.dwCurrentState, NO_ERROR, 0);

            break;

        case SERVICE_CONTROL_SESSIONCHANGE:
            if (dwEventType == WTS_SESSION_LOGON) {
                DWORD *data = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(DWORD));
                *data = ((PWTSSESSION_NOTIFICATION)lpEventData)->dwSessionId;
                HANDLE hThread = CreateThread(NULL, 0, RunProgram, data, 0, NULL);// remember to free memory in RunProgram
                if (!hThread) {
                    PrintLogA(LOG"can't create thread,error:%u", GetLastError());
                }
                else {
                    CloseHandle(hThread);
                }
            }
            break;

        default:
            break;
    }
    return NO_ERROR;
}

VOID ReportSvcStatus(DWORD dwCurrentState,
    DWORD dwWin32ExitCode,
    DWORD dwWaitHint)
{
    static DWORD dwCheckPoint = 1;

    // Fill in the SERVICE_STATUS structure.

    gSvcStatus.dwCurrentState = dwCurrentState;
    gSvcStatus.dwWin32ExitCode = dwWin32ExitCode;
    gSvcStatus.dwWaitHint = dwWaitHint;

    if (dwCurrentState == SERVICE_START_PENDING)
        gSvcStatus.dwControlsAccepted = 0;
    else {
        gSvcStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP;
        gSvcStatus.dwControlsAccepted |= SERVICE_ACCEPT_SESSIONCHANGE;// <--- remember add this.
    }

    if ((dwCurrentState == SERVICE_RUNNING) ||
        (dwCurrentState == SERVICE_STOPPED))
        gSvcStatus.dwCheckPoint = 0;
    else gSvcStatus.dwCheckPoint = dwCheckPoint++;

    // Report the status of the service to the SCM.
    SetServiceStatus(gSvcStatusHandle, &gSvcStatus);
}

VOID SvcInit(DWORD dwArgc, LPTSTR *lpszArgv)
{
    ghSvcStopEvent = CreateEvent(
        NULL,    // default security attributes
        TRUE,    // manual reset event
        FALSE,   // not signaled
        NULL);   // no name

    if (ghSvcStopEvent == NULL)
    {
        ReportSvcStatus(SERVICE_STOPPED, NO_ERROR, 0);
        return;
    }

    // Report running status when initialization is complete.
    ReportSvcStatus(SERVICE_RUNNING, NO_ERROR, 0);

    RunProgram();

    // Check whether to stop the service.
    WaitForSingleObject(ghSvcStopEvent, INFINITE);
    ReportSvcStatus(SERVICE_STOPPED, NO_ERROR, 0);
    return;
}

VOID WINAPI SvcMain(DWORD dwArgc, LPTSTR *lpszArgv){
    // Register the handler function for the service
    gSvcStatusHandle = RegisterServiceCtrlHandlerEx(
        SVCNAME,
        HandleCtrlEx,
        NULL);
    if (!gSvcStatusHandle)
    {
        SvcReportEventA(LOG"RegisterServiceCtrlHandler failed");
        return;
    }

    // These SERVICE_STATUS members remain as set here

    gSvcStatus.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
    gSvcStatus.dwServiceSpecificExitCode = 0;
    // Report initial status to the SCM

    ReportSvcStatus(SERVICE_START_PENDING, NO_ERROR, 3000);

    // Perform service-specific initialization and work.

    SvcInit(dwArgc, lpszArgv);
}
查看更多
0人赞 添加讨论(0) 举报
干净又极端
3楼-- · 2019-08-22 06:50

these are the members of the class going to be initialized :

PSID gpSidMIL_High = 0;
DWORD userSessionID = 0;
HANDLE hToken = 0, hToken2 = 0;
DWORD dwUIAccess = 1;
TOKEN_MANDATORY_LABEL tml = { 0 };
LPVOID pEnv = 0;
STARTUPINFO stinfo = { 0 };
PROCESS_INFORMATION pinfo = { 0 };

and in the protected methods I made this method :

void intialize();

and this is the function :

void CSampleService::intialize() {
// the members may were used before , without assigning them to zero again all the functions below will fail , I don't know why ?
gpSidMIL_High = 0;
userSessionID = 0;
hToken = 0, hToken2 = 0;
dwUIAccess = 1;
tml = { 0 };
pEnv = 0;
stinfo = { 0 };
pinfo = { 0 };

WriteEventLogEntry(L"initializing", EVENTLOG_INFORMATION_TYPE);

ConvertStringSidToSidW(L"S-1-16-12288", &gpSidMIL_High);
userSessionID = WTSGetActiveConsoleSessionId();

if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken)) WriteErrorLogEntry(L"OpenProcessToken");
if (!DuplicateTokenEx(hToken, MAXIMUM_ALLOWED, NULL, SecurityIdentification, TokenPrimary, &hToken2)) WriteErrorLogEntry(L"DuplicateTokenEx error");

if (!SetTokenInformation(hToken2, TokenSessionId, &userSessionID, sizeof(userSessionID))) WriteErrorLogEntry(L"SetTokenInformation 1 error");

if (!SetTokenInformation(hToken2, TokenUIAccess, &dwUIAccess, sizeof(dwUIAccess))) WriteErrorLogEntry(L"SetTokenInformation 2");

//Set "high" mandatory integrity level
//TOKEN_MANDATORY_LABEL tml = { 0 };
tml.Label.Attributes = SE_GROUP_INTEGRITY;
tml.Label.Sid = gpSidMIL_High;

if (!SetTokenInformation(hToken2, TokenIntegrityLevel, &tml, sizeof(TOKEN_MANDATORY_LABEL) + ::GetSidLengthRequired(1))) WriteErrorLogEntry(L"SetTokenInformation 3");
LPVOID pEnv = 0;
if (!CreateEnvironmentBlock(&pEnv, hToken2, FALSE)) WriteErrorLogEntry(L"CreateEnvironmentBlock");
 }

finally in the worker thread : 

void CSampleService::ServiceWorkerThread(void)
{
WriteEventLogEntry(L"the thread of the service started", EVENTLOG_INFORMATION_TYPE);
intialize();
while (!m_fStopping)
{
stinfo.cb = sizeof(stinfo);
   stinfo.lpDesktop = L"winsta0\\default";
   // the service starts from here after fast boot
   if (!CreateProcessAsUserW(hToken2, L"C:\\Users\\user\\Desktop\\ConEmuTrap\\test.exe", 0, 0, 0, FALSE, CREATE_UNICODE_ENVIRONMENT | CREATE_BREAKAWAY_FROM_JOB, pEnv, L"C:\\Users\\user\\Desktop\\ConEmuTrap", &stinfo, &pinfo))
   {
       WriteErrorLogEntry(L"CreateProcessAsUserW 1");
       intialize();
   }
   while (!m_fStopping && pinfo.hProcess)
   {
       if(WaitForSingleObject(pinfo.hProcess, 1000) != WAIT_TIMEOUT) break;
   }
 }
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)