Re: How can you detect if you are running as a system service?
From: Brad Waddell (bradwww_at_despammed.com)
Date: 02/13/04
- Next message: C K: "IIS 6 ASP: Which Process Identity Is It Using? App Pool or Anon?"
- Previous message: David Slinn: "Limit per user connections"
- Next in thread: George Hester: "Re: How can you detect if you are running as a system service?"
- Reply: George Hester: "Re: How can you detect if you are running as a system service?"
- Reply: David Wang [Msft]: "Re: How can you detect if you are running as a system service?"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 12 Feb 2004 17:17:38 -0800
Mr Wang,
The key reason we need to determine if we are being run as a service is
because the product we are communicating with cannot be loaded as a system
service, and therefore, we must use a different method to communicate with
it depending on where we are loaded.
I define a system service as a program running in protected background mode
and not on the desktop, which usually includes web services and SQL servers.
I hope that makes it clearer!
brad
"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:eulMDgF0DHA.3224@tk2msftngp13.phx.gbl...
> Actually, can you define what you mean by "system service"? What is the
key
> reason you want to distinguish where your driver is loaded?
>
> For example, on IIS6, your driver can be loaded inside a process that does
> not have "local system" privileges but is used to execute ASP code that
uses
> ODBC. So, "local system" doesn't mean "run by IIS". At the same time,
> checking for process names also does not work, as the process names that
> execute user code have changed between IIS6 and prior IIS versions.
>
> Are you trying to distinguish whether your driver is run by IIS, from a
> commandline app, or whether your driver is running as an identity with
> certain privileges, etc? I'm guessing you only care about the privileges
> available to your driver, so you should use Wade's suggestion to check.
>
> Otherwise, please help refine your question by defining what is a "system
> service" that you want to distinguish.
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> //
> "Brad Waddell" <bradwww@despammed.com> wrote in message
> news:OXuHb.3153$rZ6.2040635@news3.news.adelphia.net...
> Here is the code we are currently using to determine if we are a system
> service, please comment on this method, as we want to create something
that
> will always be accurate for all OS variations, not just certain ones, and
> anytime a user is running in system service (background) mode. thanks.
>
> This is the code I used:
> Returning TRUE means is a system service. If at any point it fails
I
> assume it was a system service since an interactive thread should have
> rights to do all the functions successfully.
>
> hWinStaSave = GetProcessWindowStation();
> dwThreadId = GetCurrentThreadId();
> hDeskSave = GetThreadDesktop(dwThreadId);
>
> hWinStaUser = OpenWindowStation("winsta0", FALSE,
MAXIMUM_ALLOWED);
> if (hWinStaUser == NULL) {
> return(TRUE); // The Interactive user has rights to do
this
> }
> SetProcessWindowStation(hWinStaUser);
> hDeskUser = OpenDesktop("default", 0, FALSE, MAXIMUM_ALLOWED);
> if (hDeskUser == NULL) {
> SetProcessWindowStation(hWinStaSave);
> CloseWindowStation(hWinStaUser);
> return(TRUE); // The Interactive user has rights to do
this
> }
> SetThreadDesktop(hDeskUser);
>
> bReturn = (GetThreadDesktop(dwThreadId) != hDeskSave);
>
> // Restore window station and desktop.
> SetThreadDesktop(hDeskSave);
> SetProcessWindowStation(hWinStaSave);
> CloseDesktop(hDeskUser);
> CloseWindowStation(hWinStaUser);
> return(bReturn);
>
>
> brad
>
>
> "Wade A. Hilmo [MS]" <wadeh@microsoft.com> wrote in message
> news:OnTvlQQzDHA.2872@TK2MSFTNGP09.phx.gbl...
> > Hi Brad,
> >
> > Pardon my jumping in, but IIS itself does not invoke any ODBC drivers.
> For
> > your driver to get loaded into IIS, it would have to be done by some
other
> > code running in IIS, like the aforementioned ISAPI or an ASP page, etc.
> >
> > To answer your direct question, you can call OpenProcessToken to get the
> > token associated with your process. Then you can call
GetTokenInformation
> > and use the TOKEN_PRIVILEGES enumeration to get the privileges assigned
to
> > the token,and LookupPrivilegeName to actually identify each of the
> > privileges. If one of the privileges is called SeTcbPrivilege, then you
> are
> > running within a process that has system privileges.
> >
> > I hope that this helps,
> > -Wade A. Hilmo,
> > -Microsoft
> >
> > "Brad Waddell" <bradwww@despammed.com> wrote in message
> > news:2dpHb.3121$rZ6.1984272@news3.news.adelphia.net...
> > > Mr Wang - What do you mean by "integration code"? Our shared DLL is an
> > ODBC
> > > Driver, it has no idea who has invoked it, which is why I am asking
how
> to
> > > properly tell if I am running as a system service, or not - which I
> > thought
> > > was a simple question!
> > >
> > > What do you mean by "where it was invoked" - how do I get this
> > information?
> > > We do not use ISAPI at all - we are a driver, invoked directly by IIS
> via
> > > ODBC services in the OS.
> > >
> > > Please tell me the best way to determine if I am in system service
mode
> or
> > > not - thanks!
> > >
> > > brad
> > >
> > > "David Wang [Msft]" <someone@online.microsoft.com> wrote in message
> > > news:eY%23ify5xDHA.2712@TK2MSFTNGP11.phx.gbl...
> > > > How about having the integration code actually tell your shared DLL
> this
> > > > information?
> > > >
> > > > In desktop mode, something has to cause your DLL to load; that
> something
> > > > should also inform this shared DLL where it was invoked. Similarly,
> > > > integration with IIS requires an ISAPI -- so have the ISAPI Load
your
> > DLL
> > > > and have the ISAPI inform the DLL that it's running under IIS.
> > > >
> > > > I would not search based on process names since it can change. For
> > > example,
> > > > in IIS6, ISAPI can be launched in w3wp.exe with a parent process of
> > > > svchost.exe -- completely new process names when compared to
previous
> > > > versions of IIS, but the names are perfectly valid. Code that
checks
> > for
> > > > inetinfo.exe by name is just poorly designed.
> > > >
> > > > --
> > > > //David
> > > > IIS
> > > > This posting is provided "AS IS" with no warranties, and confers no
> > > rights.
> > > > //
> > > > "Brad Waddell" <bradwww@despammed.com> wrote in message
> > > > news:pULEb.1564$rZ6.467079@news3.news.adelphia.net...
> > > > I have a driver product (DLL) that can be run in foreground/desktop
> mode
> > > and
> > > > in system service mode under products such as IIS. How can I detect
> > which
> > > > mode I am running in on the users machine? thanks!
> > > >
> > > > --
> > > > brad
> > > > www.qodbc.com - The ODBC Driver for Quickbooks
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
>
- Next message: C K: "IIS 6 ASP: Which Process Identity Is It Using? App Pool or Anon?"
- Previous message: David Slinn: "Limit per user connections"
- Next in thread: George Hester: "Re: How can you detect if you are running as a system service?"
- Reply: George Hester: "Re: How can you detect if you are running as a system service?"
- Reply: David Wang [Msft]: "Re: How can you detect if you are running as a system service?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
