C# .NET Windows 服务在 ntdll.dll 中崩溃
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10136183/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
.NET Windows Service crashes in ntdll.dll
提问by Phil Bolduc
I have a Windows Service written in C#. It is crashing when it calls into a 3rd party COM component. The problem only appears on Windows 7 (x86 and x64). When I run the same service code as a console application on Windows 7 (x86 and x64), it works fine.
我有一个用 C# 编写的 Windows 服务。它在调用第 3 方 COM 组件时崩溃。该问题仅出现在 Windows 7(x86 和 x64)上。当我在 Windows 7(x86 和 x64)上运行与控制台应用程序相同的服务代码时,它工作正常。
When I run the same service on Windows 2003, it also works properly. I think it could be related to UAC. I am looking for suggestions/direction on debugging this service to identify what is causing the problem. Use debug symbols for ntdll.dll? Below the info from the event log.
当我在 Windows 2003 上运行相同的服务时,它也能正常工作。我认为这可能与UAC有关。我正在寻找有关调试此服务的建议/方向,以确定导致问题的原因。对 ntdll.dll 使用调试符号?在事件日志中的信息下方。
Event ID: 1000, Level: Error
事件 ID:1000,级别:错误
Faulting application name: ServiceHost.exe, version: 1.0.0.0, time stamp: 0x4f87bc9a
错误的应用程序名称:ServiceHost.exe,版本:1.0.0.0,时间戳:0x4f87bc9a
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
错误模块名称:ntdll.dll,版本:6.1.7601.17725,时间戳:0x4ec49b60
Exception code: 0xc0000005
异常代码:0xc0000005
Fault offset: 0x0002bcbb
故障偏移:0x0002bcbb
Faulting process id: 0x151c
错误进程 ID:0x151c
Faulting application start time: 0x01cd1939c9017b2d
错误的应用程序启动时间:0x01cd1939c9017b2d
Faulting application path: E:\ServiceHost\bin\Debug\ServiceHost.exe
错误的应用程序路径:E:\ServiceHost\bin\Debug\ServiceHost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
错误模块路径:C:\Windows\SYSTEM32\ntdll.dll
Report Id: 08da6aa3-852d-11e1-a889-00155d016f32
报告 ID:08da6aa3-852d-11e1-a889-00155d016f32
采纳答案by Damien_The_Unbeliever
As a wild guess, you might be falling foul of Session 0 Isolation:
作为一个疯狂的猜测,您可能会遇到Session 0 Isolation 的问题:
In Windows XP?, Windows Server? 2003, and earlier versions of the Windows? operating system, all services run in the same session as the first user who logs on to the console. This session is called Session 0. Running services and user applications together in Session 0 poses a security risk because services run at elevated privilege and therefore are targets for malicious agents that are looking for a means to elevate their own privilege levels.
在 Windows XP?、Windows Server? 2003 和更早版本的 Windows?操作系统中,所有服务都在与第一个登录控制台的用户相同的会话中运行。此会话称为会话 0。在会话 0 中同时运行服务和用户应用程序会带来安全风险,因为服务以提升的权限运行,因此成为寻求提升自身权限级别方法的恶意代理的目标。
Where this usually causes issues for services is if, for instance, something tries to create UI.
这通常会导致服务出现问题的情况是,例如,某些东西试图创建 UI。
The easiestapproach to dealing with this issue would be to talk to the vendor of the 3rd party component and ensure it's supported for use with services. However, if the vendor no longer exists, that may not be possible.
处理此问题的最简单方法是与第 3 方组件的供应商交谈并确保它支持与服务一起使用。但是,如果供应商不再存在,那可能就不可能了。
If the issue arises whilstthe service is running, it may be possible to attach a debugger to it and capture a dump at the point at which the error happens (e.g. using something like adplus from the debugging tools for windows). If the issue is happening during service startup, it may be trickier to diagnose.
如果问题出现,而该服务正在运行,有可能在在该错误发生点到一个调试器附加到它,并捕获转储(例如,使用类似从调试工具ADPlus的窗户)。如果问题发生在服务启动期间,则诊断起来可能会比较棘手。
You really need to isolate the last function call in yourcode that brings on the error, and then try to diagnose from there.
你真的需要隔离在一个函数调用的代码上的错误带来的,然后尝试从那里来诊断。
回答by AgentFire
Try changing the account of service to any other. Like Local System.
尝试将服务帐户更改为任何其他帐户。喜欢Local System。
回答by Xaqron
The 3rd party COM component is using some hacks (some unleashed APIs) to boost its performance and the OSinterface has been changed without notice in the next versions on Windows.
第 3 方 COM 组件正在使用一些 hacks(一些释放的 API)来提高其性能,并且OS在 Windows 的下一个版本中界面已更改,恕不另行通知。
This was an old policy from early days of windows (Norton, Office...) to make some direct calls to Kernel and ...
这是 Windows(诺顿、Office...)早期的一项旧政策,用于直接调用内核和...
