.NET Windows Service crashes in ntdll.dll
Solution 1
As a wild guess, you might be falling foul of Session 0 Isolation:
In Windows XP®, Windows Server® 2003, and earlier versions of the Windows® operating system, all services run in the same session as the first user who logs on to the console. This session is called Session 0. Running services and user applications together in Session 0 poses a security risk because services run at elevated privilege and therefore are targets for malicious agents that are looking for a means to elevate their own privilege levels.
Where this usually causes issues for services is if, for instance, something tries to create UI.
The easiest approach to dealing with this issue would be to talk to the vendor of the 3rd party component and ensure it's supported for use with services. However, if the vendor no longer exists, that may not be possible.
If the issue arises whilst the service is running, it may be possible to attach a debugger to it and capture a dump at the point at which the error happens (e.g. using something like adplus from the debugging tools for windows). If the issue is happening during service startup, it may be trickier to diagnose.
You really need to isolate the last function call in your code that brings on the error, and then try to diagnose from there.
Solution 2
Try changing the account of service to any other. Like Local System
.
Phil Bolduc
Updated on July 31, 2021Comments
-
Phil Bolduc over 2 years
I have a Windows Service written in C#. It is crashing when it calls into a 3rd party COM component. The problem only appears on Windows 7 (x86 and x64). When I run the same service code as a console application on Windows 7 (x86 and x64), it works fine.
When I run the same service on Windows 2003, it also works properly. I think it could be related to UAC. I am looking for suggestions/direction on debugging this service to identify what is causing the problem. Use debug symbols for ntdll.dll? Below the info from the event log.
Event ID: 1000, Level: Error Faulting application name: ServiceHost.exe, version: 1.0.0.0, time stamp: 0x4f87bc9a Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0002bcbb Faulting process id: 0x151c Faulting application start time: 0x01cd1939c9017b2d Faulting application path: E:\ServiceHost\bin\Debug\ServiceHost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 08da6aa3-852d-11e1-a889-00155d016f32
-
Phil Bolduc about 12 yearsThis is a good suggestion. The crash is not during start-up. I'll give this a try today.
-
Phil Bolduc about 12 yearsI had set the account to run as my account which is a member of the local administrators group. I'll change the account and try that.
-
Phil Bolduc about 12 yearsI do not believe this the reason. The COM component wraps some CORBA/HTTP requests.
-
Phil Bolduc about 12 yearsI was able to determine this is the cause. The COM component is trying to create a Device Context by calling CreateDC (msdn.microsoft.com/en-us/library/dd183490(v=vs.85).aspx). I will have to contact the vendor to see if this is really required.
-
AgentFire about 12 yearsThat is not enough. Your administator account could have no system rights anyway.
-
Phil Bolduc about 12 yearsNo, the issue was related to Damien's answer. Session 0 isolation.