.NET Windows Service crashes in ntdll.dll

c# windows windows-services crash
26,560

Solution 1

As a wild guess, you might be falling foul of Session 0 Isolation:

In Windows XP®, Windows Server® 2003, and earlier versions of the Windows® operating system, all services run in the same session as the first user who logs on to the console. This session is called Session 0. Running services and user applications together in Session 0 poses a security risk because services run at elevated privilege and therefore are targets for malicious agents that are looking for a means to elevate their own privilege levels.

Where this usually causes issues for services is if, for instance, something tries to create UI.

The easiest approach to dealing with this issue would be to talk to the vendor of the 3rd party component and ensure it's supported for use with services. However, if the vendor no longer exists, that may not be possible.

If the issue arises whilst the service is running, it may be possible to attach a debugger to it and capture a dump at the point at which the error happens (e.g. using something like adplus from the debugging tools for windows). If the issue is happening during service startup, it may be trickier to diagnose.

You really need to isolate the last function call in your code that brings on the error, and then try to diagnose from there.

Solution 2

Try changing the account of service to any other. Like Local System.

Share:
26,560
Phil Bolduc
Author by

Phil Bolduc

Updated on July 31, 2021

Comments

  • Phil Bolduc
    Phil Bolduc over 2 years

    I have a Windows Service written in C#. It is crashing when it calls into a 3rd party COM component. The problem only appears on Windows 7 (x86 and x64). When I run the same service code as a console application on Windows 7 (x86 and x64), it works fine.

    When I run the same service on Windows 2003, it also works properly. I think it could be related to UAC. I am looking for suggestions/direction on debugging this service to identify what is causing the problem. Use debug symbols for ntdll.dll? Below the info from the event log.

    Event ID: 1000, Level: Error
Faulting application name: ServiceHost.exe, version: 1.0.0.0, time stamp: 0x4f87bc9a
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000005
Fault offset: 0x0002bcbb
Faulting process id: 0x151c
Faulting application start time: 0x01cd1939c9017b2d
Faulting application path: E:\ServiceHost\bin\Debug\ServiceHost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 08da6aa3-852d-11e1-a889-00155d016f32
  • Phil Bolduc
    Phil Bolduc about 12 years
    This is a good suggestion. The crash is not during start-up. I'll give this a try today.
  • Phil Bolduc
    Phil Bolduc about 12 years
    I had set the account to run as my account which is a member of the local administrators group. I'll change the account and try that.
  • Phil Bolduc
    Phil Bolduc about 12 years
    I do not believe this the reason. The COM component wraps some CORBA/HTTP requests.
  • Phil Bolduc
    Phil Bolduc about 12 years
    I was able to determine this is the cause. The COM component is trying to create a Device Context by calling CreateDC (msdn.microsoft.com/en-us/library/dd183490(v=vs.85).aspx). I will have to contact the vendor to see if this is really required.
  • AgentFire
    AgentFire about 12 years
    That is not enough. Your administator account could have no system rights anyway.
  • Phil Bolduc
    Phil Bolduc about 12 years
    No, the issue was related to Damien's answer. Session 0 isolation.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Run windows application from Windows service
sc.exe to install an exe as a service?
How to make HTTP request in windows service?
How can I get my windows service to run at a specific interval?
Launching GUI App from Windows Service - Window Does Not Appear
Windows services with windows forms in the same process
Is it possible to programmatically set the user account for a windows service?
Windows Application Experience service - could it be the cause of a crash?
How to schedule a C# Windows Service to run a method daily?
How can I change the name of a windows service?