Hi, someone asked for a function to determine if a Win32 exe is running as a NT service? Use svccheck.c and svccheck.h, just call:
if (IsService(EXENAME_SERVICES,EXENAME_WINLOGON,SYSTEM_SID))
{
...
}
If you are running your service on a different account than the well
known SYSTEM_SID, which is "S-1-5-18", then specify your specific
one as the 3rd param (zero-terminated string).
Rgs, Ingo.
-----Ursprüngliche Nachricht-----
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Jeffrey Altman
Gesendet: Freitag, 8. August 2003 19:37
An: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Betreff: Re: BUG: CreateToolhelp32Snapshot
The reason that we go to all this trouble to examine alternative sources
of randomness other than CryptGetRandom() is that Microsoft has refused
to publish the sources of randomness which are used. Therefore, we have
no ability to know whether or not the randomness reported by Windows is
in fact random.
The fundamental trouble with the ToolHelp32 and HKEY_PERFORMANCE_DATA
when used in "Services" is that at the time the service is being loaded
and this code may be executing we are unaware of what other services
must first be loaded and initialized in order for them to work properly.
We never hear of problems for client applications. Nor do I ever see
problems with this code in the Internet Kermit Service when loaded on
NT/2000/2003 server. The IKS installs a small Windows Service which
then spawns processes which execute RAND_poll(). My assumption is that
those users who are having problems do not have the proper set of
dependencies set. Therefore, RAND_poll() is executed when the necessary
conditions are not quite met.
Of course, I have never had time to investigate this in detail. I wish
I had the time.
I wish we had a function that could determine if we were running as a
service. If so, we might be able to tailor this code to behave
differently.
Jeffrey Altman
Richard Levitte - VMS Whacker wrote:
> cardbox> As for the Windows 2003 Server crash: I agree that disabling
> cardbox> sections of code is a Bad Thing. What I've done (pending more
> cardbox> people researching the problem) is to put
> cardbox> BOOL bMJKGotRandomness=FALSE;
> cardbox> at the start of RAND_poll
> cardbox> bMJKGotRandomness=TRUE;
> cardbox> when either of the CryptGenRandom calls succeeds. Then
> cardbox> if (kernel)
> cardbox> can become
> cardbox> if (!bMJKGotRandomness && kernel)
> cardbox>
> cardbox> ... which seems a reasonably conservative way round the
> cardbox> problem. [The variable name isn't vanity, it's just that I
> cardbox> want to be able to recognise my own code so I know what
> cardbox> patches to re-apply to later releases of OpenSSL].
>
> OK, I'll look at that later today.
>
> cardbox> For those who are trying to reproduce the bug: I wonder if
> cardbox> perhaps MS have decided that ToolHelp is too powerful to be
> cardbox> safe and have started requiring that you have some sort of
> cardbox> special permissions to access it. This is just a thought in
> cardbox> case the bug turns out to be hard to reproduce.
>
> Hmm, again, I think "don't say it..." applies again. The gods may
> have a wry sense of humor today, and you may get what you wish for
> (regardless of whether you actually do or don't).
>
> *sacrifices a rubber ducky on a VAX altar*
>
svccheck.zip
Description: Zip compressed data
