Re: How can you detect if you are running as a system service?
From: George Hester (hesterloli_at_hotmail.com)
Date: 02/14/04
- Next message: George Hester: "Re: Limit per user connections"
- Previous message: Christopher Pragash: "Authenticate IIS on Windows 2000 or 2003 against Kerberos on Unix"
- In reply to: Brad Waddell: "Re: How can you detect if you are running as a system service?"
- Next in thread: Brad Waddell: "Re: How can you detect if you are running as a system service?"
- Reply: Brad Waddell: "Re: How can you detect if you are running as a system service?"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 13 Feb 2004 20:32:42 -0500
I suggest you define a service the way it is defined. Namely if it is a service you will find it in the Services applet off the Adminsistrative Tools in the Control Panel. That is the normal behavior of a service.
--
George Hester
__________________________________
"Brad Waddell" <bradwww@despammed.com> wrote in message news:e4adnTcqM_LSuLHdRVn-gw@adelphia.com...
> Mr Wang,
>
> The key reason we need to determine if we are being run as a service is
> because the product we are communicating with cannot be loaded as a system
> service, and therefore, we must use a different method to communicate with
> it depending on where we are loaded.
>
> I define a system service as a program running in protected background mode
> and not on the desktop, which usually includes web services and SQL servers.
>
> I hope that makes it clearer!
>
> brad
>
> "David Wang [Msft]" <someone@online.microsoft.com> wrote in message
> news:eulMDgF0DHA.3224@tk2msftngp13.phx.gbl...
> > Actually, can you define what you mean by "system service"? What is the
> key
> > reason you want to distinguish where your driver is loaded?
> >
> > For example, on IIS6, your driver can be loaded inside a process that does
> > not have "local system" privileges but is used to execute ASP code that
> uses
> > ODBC. So, "local system" doesn't mean "run by IIS". At the same time,
> > checking for process names also does not work, as the process names that
> > execute user code have changed between IIS6 and prior IIS versions.
> >
> > Are you trying to distinguish whether your driver is run by IIS, from a
> > commandline app, or whether your driver is running as an identity with
> > certain privileges, etc? I'm guessing you only care about the privileges
> > available to your driver, so you should use Wade's suggestion to check.
> >
> > Otherwise, please help refine your question by defining what is a "system
> > service" that you want to distinguish.
> >
> > --
> > //David
> > IIS
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > //
> > "Brad Waddell" <bradwww@despammed.com> wrote in message
> > news:OXuHb.3153$rZ6.2040635@news3.news.adelphia.net...
> > Here is the code we are currently using to determine if we are a system
> > service, please comment on this method, as we want to create something
> that
> > will always be accurate for all OS variations, not just certain ones, and
> > anytime a user is running in system service (background) mode. thanks.
> >
> > This is the code I used:
> > Returning TRUE means is a system service. If at any point it fails
> I
> > assume it was a system service since an interactive thread should have
> > rights to do all the functions successfully.
> >
> > hWinStaSave = GetProcessWindowStation();
> > dwThreadId = GetCurrentThreadId();
> > hDeskSave = GetThreadDesktop(dwThreadId);
> >
> > hWinStaUser = OpenWindowStation("winsta0", FALSE,
> MAXIMUM_ALLOWED);
> > if (hWinStaUser == NULL) {
> > return(TRUE); // The Interactive user has rights to do
> this
> > }
> > SetProcessWindowStation(hWinStaUser);
> > hDeskUser = OpenDesktop("default", 0, FALSE, MAXIMUM_ALLOWED);
> > if (hDeskUser == NULL) {
> > SetProcessWindowStation(hWinStaSave);
> > CloseWindowStation(hWinStaUser);
> > return(TRUE); // The Interactive user has rights to do
> this
> > }
> > SetThreadDesktop(hDeskUser);
> >
> > bReturn = (GetThreadDesktop(dwThreadId) != hDeskSave);
> >
> > // Restore window station and desktop.
> > SetThreadDesktop(hDeskSave);
> > SetProcessWindowStation(hWinStaSave);
> > CloseDesktop(hDeskUser);
> > CloseWindowStation(hWinStaUser);
> > return(bReturn);
> >
> >
> > brad
> >
> >
> > "Wade A. Hilmo [MS]" <wadeh@microsoft.com> wrote in message
> > news:OnTvlQQzDHA.2872@TK2MSFTNGP09.phx.gbl...
> > > Hi Brad,
> > >
> > > Pardon my jumping in, but IIS itself does not invoke any ODBC drivers.
> > For
> > > your driver to get loaded into IIS, it would have to be done by some
> other
> > > code running in IIS, like the aforementioned ISAPI or an ASP page, etc.
> > >
> > > To answer your direct question, you can call OpenProcessToken to get the
> > > token associated with your process. Then you can call
> GetTokenInformation
> > > and use the TOKEN_PRIVILEGES enumeration to get the privileges assigned
> to
> > > the token,and LookupPrivilegeName to actually identify each of the
> > > privileges. If one of the privileges is called SeTcbPrivilege, then you
> > are
> > > running within a process that has system privileges.
> > >
> > > I hope that this helps,
> > > -Wade A. Hilmo,
> > > -Microsoft
> > >
> > > "Brad Waddell" <bradwww@despammed.com> wrote in message
> > > news:2dpHb.3121$rZ6.1984272@news3.news.adelphia.net...
> > > > Mr Wang - What do you mean by "integration code"? Our shared DLL is an
> > > ODBC
> > > > Driver, it has no idea who has invoked it, which is why I am asking
> how
> > to
> > > > properly tell if I am running as a system service, or not - which I
> > > thought
> > > > was a simple question!
> > > >
> > > > What do you mean by "where it was invoked" - how do I get this
> > > information?
> > > > We do not use ISAPI at all - we are a driver, invoked directly by IIS
> > via
> > > > ODBC services in the OS.
> > > >
> > > > Please tell me the best way to determine if I am in system service
> mode
> > or
> > > > not - thanks!
> > > >
> > > > brad
> > > >
> > > > "David Wang [Msft]" <someone@online.microsoft.com> wrote in message
> > > > news:eY%23ify5xDHA.2712@TK2MSFTNGP11.phx.gbl...
> > > > > How about having the integration code actually tell your shared DLL
> > this
> > > > > information?
> > > > >
> > > > > In desktop mode, something has to cause your DLL to load; that
> > something
> > > > > should also inform this shared DLL where it was invoked. Similarly,
> > > > > integration with IIS requires an ISAPI -- so have the ISAPI Load
> your
> > > DLL
> > > > > and have the ISAPI inform the DLL that it's running under IIS.
> > > > >
> > > > > I would not search based on process names since it can change. For
> > > > example,
> > > > > in IIS6, ISAPI can be launched in w3wp.exe with a parent process of
> > > > > svchost.exe -- completely new process names when compared to
> previous
> > > > > versions of IIS, but the names are perfectly valid. Code that
> checks
> > > for
> > > > > inetinfo.exe by name is just poorly designed.
> > > > >
> > > > > --
> > > > > //David
> > > > > IIS
> > > > > This posting is provided "AS IS" with no warranties, and confers no
> > > > rights.
> > > > > //
> > > > > "Brad Waddell" <bradwww@despammed.com> wrote in message
> > > > > news:pULEb.1564$rZ6.467079@news3.news.adelphia.net...
> > > > > I have a driver product (DLL) that can be run in foreground/desktop
> > mode
> > > > and
> > > > > in system service mode under products such as IIS. How can I detect
> > > which
> > > > > mode I am running in on the users machine? thanks!
> > > > >
> > > > > --
> > > > > brad
> > > > > www.qodbc.com - The ODBC Driver for Quickbooks
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
> >
>
>
- Next message: George Hester: "Re: Limit per user connections"
- Previous message: Christopher Pragash: "Authenticate IIS on Windows 2000 or 2003 against Kerberos on Unix"
- In reply to: Brad Waddell: "Re: How can you detect if you are running as a system service?"
- Next in thread: Brad Waddell: "Re: How can you detect if you are running as a system service?"
- Reply: Brad Waddell: "Re: How can you detect if you are running as a system service?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
