Windows event log service holding executable file handle - c++

I have a service application that on startup and shutdown logs an event log record.
I rebuild the application frequently and also then the executable on the host machine. And here is the problem, after my service shutdown the Windows Eventlog service (not the event log viewer) is holding an open handle to the executable so I cant update it.
I have the event log messages embedded in the executable, i could move it out but then I just move the update problem to another file.
I've double checked and I have paired ::RegisterEventSource/::DeregisterEventSource correctly.
Anyone encountered this problem ?

I've also run into this issue, so just adding some of my experiences.
I have a Windows 2008 Service system (have not seen this on 2003 Server), and when I stop my service, and instance of svchost.exe loads the service executable (visible using vmmap.exe or Process Hacker) preventing it from being deleted/overwritten during uninstall/install. The instance of svchost.exe is running the DHCP Client (Dhcp), TCP/IP NetBIOS Helper (lmhosts), and Windows Event Log (EventLog) services.
In our case, we have created a registry entry to make our service executable an event source. (though I'm unsure exactly why we are doing this, or whether we should be doing this).
Empirically, if I remove that registry entry before stopping the service, the executable is not loaded by svchost.exe and all is fine. If the service has already been stopped and executable loaded by svchost.exe, restarting the Event Log service (or killing the process) also frees up the executable.
I'm guessing our service is not well-behaved (perhaps a side effect of being a 32-bit process on 64-bit OS?) or correctly installed, but haven't isolated the issue yet.
Update: It appears this issue is only happening on HP systems (and not Dell or IBM) which is curious. There are HP-specific management components installed, so perhaps one of them is altering the behavior somehow?

I've also run into this issue. In my case, nxlog service reading logs. Simply stop nxlog service before replace event source file.

I think it is probably the event log viewer. Close the viewer and you'll be fine.

Related

How can service be notified of driver uninstall?

I have a driver that is installed via INF file.
A service will also be started automatically when the driver is installed.
All binary files will be inside %SystemRoot%\System32\DriverStore\FileRepository upon successful install.
Now when I uninstall my driver from device manager>System devices check "Delete the driver software for this device"
My service will receive SERVICE_CONTROL_STOP form Service Control Manager. After receiving this event, I want to call DeleteService() to delete the service and its corresponding registry entries.
However, realized I can't just call DeleteService() immediately because it is possible that the SERVICE_CONTROL_STOP from SCM is triggered by stopping the service manually, service must not be deleted in this case.
So I wonder how can I determine from my service that my driver got uninstalled so that i know when to call DeleteService() properly.
Here's what i got so far after i 'google' for a couple of hours:
In some versions of windows, binary files are deleted immediately in DriverStore\FileRepository after uninstall just before service gets notified with SERVICE_CONTROL_STOP. I can check if driver binaries are deleted and if so, it is uninstalled.
Adding SPSVCINST_STOPSERVICE in DelService section of INF will send a stop event in service when driver is uninstalled. But again, i can't know if the stop event is coming from manual stop or uninstall.
As a workaround I created a separate service that monitors when binary files are deleted in DriverStore\FileRepository by FindNextChangeNotification(m_handle);. Once it detects delete, then I call DeleteService()

Windows Service stays in Starting state

I have a Windows service written in CPP that I start manually. The service starts up just fine and works ok. However we have recently noticed in the Windows Services GUI that the service shows in the Starting state. Upon examining the Event Viewer it clearly shows that the service has entered the Running state.
Anyone got any nuggets of gold on this one?
Thanks.
The problem turned out to be an unaccounted for call to the SCM to start the service. Deleted the line and the problem went away.

Windows Service for launching and restarting a user process (with GUI)

I need a certain process to be constantly running in every user’s computer. If that .exe is killed, I must be able to restart it and send an alert.
I immediately thought of building a Windows Service as the ideal solution, but I am facing a problem:
The process started by that service needs to be able to interact with the user, e.g. be able to show him a GUI.
my application also sets a keyboard hook in order to monitor the user's typing rhythms, and when I start the .exe from a service, that information is not accessible.
From the service I am able to launch the process "as the user" (using the LogonUser and CreateProcessAsUser functions), but still can’t see the GUI.
Is this possible? If not, what can I use to achieve the desired functionality?
tia
By default the GUI .exe will be run in the service session, which is separate from the interactive session of the user. You need to look into techniques for building an interactive service.

How can I Execute a Function when Windows Shut down

How Can I execute a function when Windows shutdown. Here is my scenario, I am mounting a drive using WNetAddConnection2 function in my application. Now I want user to set the option if the drive will be mounted on next system startup or not.
If he selects , not to mount on next startup , then I need to remove the drive using WNetCancelConnection2 , but this should only happen when user shutdown the system.
I can only think of only solution. Create a service which will check the user option and then decide whether to mount the drive or not.
Are there any other ways to go ahead with it?
If you have a main window (even an invisible one) that can process messages, you can handle the WM_ENDSESSION message.
See: http://msdn.microsoft.com/en-us/library/aa376889(v=VS.85).aspx
If you can make your app into a Windows service (or have your app communicate state with one that you provide) you can perform required actions on receipt of SERVICE_CONTROL_SHUTDOWN in your service control handler function. This would decouple your app that handles user interaction from the shutdown handling, which requires something to be running all the time (what if the user logs off?).
explorer.exe is the GUI process of windows which usually only gets shut down if Windows shuts down (exceptions have to be made for certain error conditions). You could listen on the WM_DESTROY window message for the process ID of explorer.exe and dismount then.
The way I can think of is to:
Register your program to auto Start up (when PC starts). Here's a tutorial on howto.
Store the user option (as mentioned above) in a repository or registry (if you know how). When your app would have started, you can read your registry and act accordingly.
For shutdown, your application will have to hook itself on a SystemEvent to detect shutdown (then you can act accordingly). Here's an example on howto (C#). For C++, you can listen to WM_ENDSESSION message.
I hope that my 2 cents can help you.

CruiseControl.NET run as a windows service and as a standalone process behaves differently

I have a project that is being built using CruiseControl.NET. The project contains an 'MSBuild task' that runs the build for the project and also the unit tests. The unit test in turn is just a MSBuild 'exec' task that runs an executable.
The unit test involves some .NET remoting. And when the unit tests are run through the system command prompt, the software's window opens up, tests run and the process exits.
When I force a build through the web dashboard, the build hangs at the point where the unit test starts running. The software's window does not open up, but the executable is running. If the process is killed through the task explorer, the build goes through with a 'Failure' status. This happens when I run ccnet as a windows service.
If I run CCNet directly (not as a windows service) and force a build through the web dashboard, the build and unit tests go through fine as expected. (with the window of the software opening up.)
It looks like there is a deadlock in the case where CCNet is run as a windows service. I am guessing it is related to the standard output/error streams.
Is this is known problem?
What might be the problem going on?
Any suggestions on debugging this?
How can I get around it?
(I am using CCNet version 1.4.4 SP1)
When CCNet is running as a service it is not going to have access to the display, so don't expect to see anything on the screen in this configuration. The first thing I would check is the permissions - make sure the service runs as an account that has permissions to access whatever resources you need. You also have CCNet log files, which you can find via Dashboard.
On a side note, try TeamCity instead of CCNet, its 10 years ahead.
Maybe this answer will help :
delphi windows service can't download file from internet
You should know that when running CCNet as an application (the dosbox) it uses the environment variables and all rights from the logged account. So it may connect to a server, use cached passwords, get registry variables for this account.
BUT when ran as a service, the account is the one you provided : LocalSystem for exampe, where env. varibales are not the same.
So, what you can do is to change the CCNet service account for test. Change it to your user account (with password), and I'm sure it will work better !