i wrote a little desktop utility which automatically detects an USB Stick which contains updates for antivirus patterns and software packages. It can either perform those updates on detection or on system shutdown/restart and here comes the problem...
I am not able to get the suspended shutdown to work properly..
If i am using this code my application sucessfully blocks the windows shutdown, but won´t perform the updating process.
' >>>>Process Windows Shutdown<<<<
If m.Msg = WM_QUERYENDSESSION OrElse m.Msg = WM_ENDSESSION Then
ShutdownBlockReasonCreate(Me.Handle, "Performing #### and Kasperksy Updates...")
UnZipKit()
ShutdownBlockReasonDestroy(Me.Handle)
Return
End If
I already found out that i need to return FALSE somewhere, but i can´t figure out how. The Microsoft statement can be found here: https://learn.microsoft.com/en-us/previous-versions/windows/desktop/ms700677(v=vs.85)
As for additional information, if i won´t include the RETURN windows shutdown won´t be delayed what so ever...
A different approach is to write a shutdown script.
Like here described https://learn.microsoft.com/en-us/previous-versions/technet-magazine/dd630947(v=msdn.10)
a vbs script can do almost anything analogue to vb net-
Related
I have a very specific problem that I need fixing. The major issue is that I don't exactly know how to properly search the remnants of my problem on google. Therefore I am coming to StackOverflow for advice in hopes that someone will assist me.
Summary
So I am writing an application which is to be PCI-compliant for the company which I am starting. The application involves IPC (Inter-process communication) and two "watch-dog" apps which monitor the status of the main application. One of these "watch-dog" applications is an updater (sends an HTTP Request to the server looking for updates of the application).
So! This method which I am using to check the server if the application is up-to-date is using the WinInet library and InternetOpen() to send the request. Then read the response of the page and use GetCookie() to store the response in a buffer. It shall then parse the response accordingly.
If the response says that the current version of my application is less than the version located on the server. It will then tell the customer (user) that their application is out of date, and ask them whether or not they want to update the software. If they choose to update the software, it will perform a Download And Execute from the internet and launch the update-installer on the user's PC.
The Problem
Unfortunately, windows is very "secure" when it comes to having an "unauthorized" application send an HTTP Request to an outgoing url, let alone download something from the server then execute it on the users PC.
My conclusion to this issue was to add the watch-dog programs to the Task Scheduler. That way after the main application is run, it will spawn the watch-dog programs and check if they are running with NTAUTHORITY privileges (which are granted by the Task Scheduler).
After implementing the code to create the task and point it to the location of the watch-dog programs, naming it, writing a description and everything. I executed the program. It ran without errors though here the REAL PROBLEM:
1) Programs executes
2) Spawns watch-dog programs
3) Watchdog program checks for new version
4) Version is found
5) Installer is downloaded, execute ... but
6) The installer does not appear on the screen!
When I run my 'Process Hacker' application to monitor all process actions. I can see that the new installer is download & executed. It is running as NTAUTHORITY/SYSTEM just like the watch-dog programs but it doesn't appear on the system.
I made sure that in my code the status of the window is set to SW_SHOWNORMAL not SW_HIDE. I also made sure that all flags are set accordingly. Though it doesn't appear on the screen!
When I run the application without adding it to the Task Scheduler as my user without NTAUTHORITY/SYSTEM status and just regular user status. It executes (obviously since I am already running as administrator) -- everything works fine. But after adding it to Task Scheduler and having it run with SYSTEM level privileges. The window doesn't appear on the screen visually. Why's that?
I would greatly appreciate anyone that is able to assist me with this problem. Thank-you!
edit 1
Can anyone help me understand how this user applied his fix in the registry? By reading the problem I can somewhat interpret that he had the same issue as me.
App is invisible if started from Task Scheduler without any user logged in
In any case, I am trying to use the advice that Gisley gave me to run the application in Interactive Mode. Possibly going to try to give that a try. Still looking for more answers but I am going to be working no this none-the-less in the meantime.
edit 2
I tried setting the INTERACTIVE FLAG and it had no effect unfortunately.
Allow me to just emphasize my problem:
For example I write a program which has message boxes and put it in a loop.
for
message box
get current pid
make process in the task scheduler
spawn new process as the task scheduler proc with NTAUTHORITY/SYSTEM
kill last proc pid
end for
Then when I execute it:
I get the message box. Then after new process opens with NTAUTHORITY/SYSTEM the message box does not appear anymore.
Same for if I open a calculator for example.
System("cmd.exe start /c calc.exe")
Program runs... opens calculator
Program gets NTAUTHORITY/SYSTEM status
ON the next loop it executes the calc.exe
I see it in my task manager but it doesnt appear on the screen
I hope the above helped emphasize the core of my issue. I dont see the processes opened by the task scheduler process id with NTAUTHORITY/SYSTEM rights... I dont see the procs executed by it on my screen, though I see them in the task manager | process hacker and they are running with NTAUTHORITY/SYSTEM privileges too.
A shot in the dark - try running the task in interactive mode, but you'll need to have a user logged on.
https://superuser.com/questions/616206/run-interactive-task-even-if-user-is-not-logged-on-windows
Alternatively, or additionally, pass parameters to the installer so that it installs silently.
Silent installation of a MSI package
If I launch an installer with MSIExec in quiet mode I can detect if a reboot is required to complete installation by checking if the exit code is 3010. But what I'd like to be able to do in a programmable form is test whether or not the installation of an MSI will require a reboot to complete before I launch the actual installer.
I've looked around at the MSI APIs:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa369426(v=vs.85).aspx
I did think I could:
Call MsiOpenPackage to get the installer ready to run
Call MsiDoAction with the following: CostInitialize, FileCost, CostFinalize, InstallValidate
Read records from the FilesInUse table (the following documentation on MSDN suggests this table is created after running CostFinalize/InstallValidate:
http://msdn.microsoft.com/en-us/library/aa369546(VS.85).aspx
However that table doesn't actually appear to exist when I query for it during the installation process. Are there any other ways to check if a reboot will be required?
Gareth, theoretically you don't need to perform the actual install, you should execute just the actions until InstallValidate (included) because then the Files In Use messages appear. However, when the installation is performed with an an external UI handler the Windows Installer may behave a little different so that should be tested.
The decision gets eventually made only during installation itself. As you know, it depends on circumstances like DLLs locked by a concurrently runnning application and therefore it is quite volatile.
There is no way that would guarantee you that you will not receive exit code 3010 after the real installation has completed.
That said, the exit code is not that closely bound to files in use. It may also indicate an inability to stop a service or perhaps some other transient or permanent condition. You can not learn whether a service could be stopped until you try.
Jirka is right about the volatility of is a restart required - all kinds of things could happen during the installation process.
However, I think I've got close to what I'd like to be able to do with a different method:
Register an external UI handler for INSTALLLOGMODE_RMFILESINUSE
Capture INSTALLMESSAGE_RMFILESINUSE messages
If I capture any INSTALLMESSAGE_RMFILESINUSE messages, return -1 and exit installation before any file copying proceeds
In this way I can attempt a silent background installation of software but if for any reason it looks like I won't be able to complete the install I can hold back. I think I might be able to do a rollback using the MsiBeginTransaction and MsiEndTransaction functions as well if I do end up in a state of the user has locked a file after starting to copy.
I am trying to write a non-interactive process that prints PDFs, and I need advice on how to build this on Windows Server 2008 (and Vista/7).
Previously, we have had a scheduled task (set to run whether the user account was logged on or not) that would print all PDFs inside of a directory. (A seperate process would move the PDFs into the directory.) At runtime, this would spin up another process (either Adobe Reader or Foxit Reader) to print the PDF. Both Adobe Reader and Foxit Reader feature silent printing, so everything would be sent to the default printer for the user that the scheduled task ran as. No UI was ever generated, and all files would be printed without a hitch. This worked on Server 2003.
The process no longer works on Server 2008. I'm not entirely sure, but I believe this has to do with Session 0 Isolation. I cannot prove this. However, I can say that the process works as a scheduled task when set as "Run only when the user is logged in". Now, while this works, it forces a user to log in to the machine, and thus does not fulfill my requirements. (My first clue was in this previous question.)
I cannot determine how I can move forward on this. Is there any way to fulfill my requirements?
A few notes :
Every solution I've seen seems to be using the credentials of a logged-in user. See the question I linked above - the solution listed appears to be grabbing the token of a logged-in user and using it to run the program. (Look at the GetCurrentUserToken() procedure - the returned value is later used in the API call CreateProcessAsUser().)
My current process generates, as near as I can tell, no UI. I've verified, using ProcMon, that the reader process (Adobe or Foxit) appears to print correctly and the print driver itself appears to have a problem. This is backed up by an attempt to use a print-to-file driver - the print-to-file driver runs in three visible steps and clearly finishes the first for all files without starting the second. So how does Session 0 Isolation affect the printer driver? This is unclear to me. (The best documentation I can find on the subject only mentions that printer drivers may be affected, even though the print spooler runs in Session 0.)
Printing as a Windows service never works, even when the process has 'Allow service to interact with desktop' checked.
Bold text added to counter the blear-inducing wall-of-text effect.
Try using Foxit Reader instead of Acrobat-Reader.
Foxit Reader supports GUI-less / commandline execution properly, also in Windows 2008 and above!
Printing is also possible, but you will have to add (or check) the printer in session0 every time you run the printjob.
If you need any more help on that, just ask again. I already built a powershell script which runs in task scheduler to print pdf-files with help of Foxit Reader.
I'm debugging plugins on Windows 7 and of course the plugin host (Cubase5.exe) occasionally crashes because of errors in the plugin. On XP or Vista, I could always restart it immediately and continue working. But on Windows 7, even though Cubase appears to close, it is still visible in Task Manager and I cannot kill it by any means. After a minute or two, it disappears by itself. In the mean time, I can't work because the plugin DLL is still locked by the process.
Does anyone know why this happens on Windows 7? I've already tried disabling Automatic Error Reporting but that didn't help. I've tried attaching cdb to Cubase, but I get:
Cannot debug pid 5252, NTSTATUS 0xC0000001
"{Operation Failed} The requested operation was unsuccessful."
Debuggee initialization failed, NTSTATUS 0xC0000001
"{Operation Failed} The requested operation was unsuccessful."
I tried following the instructions here but it appears this is only possible if I connect a second machine to my computer to debug it remotely.
I finally found the solution, using this article:
http://blogs.technet.com/b/markrussinovich/archive/2005/08/17/unkillable-processes.aspx
This required installing the Windows Debugging Tools for Windows (nice name) and LiveKd, but by following the steps outlined I was able to track which driver was causing the process to hang: it turned out to be the 64-bit driver for the M-Audio Oxygen 8 V2 controller I'm using. Unfortunately no driver update is available.
Anyway, if anyone encounters a similar problem, this is the way to solve it.
Have you tried Process Explorer by Mark Russinovich? It is really useful for "killing":)
If you have error reporting enabled, it's possible that werfault.exe has Cubase open to write a minidump for crash reporting purposes.
This is just a stab in the dark but it might be your problem.
One thing you can try is to check with Process Monitor what Cubase is doing. Set a filter so that everything with a process name containing "cubase" will be recorded. It could be that you are facing some timeout issue when Cubase wants to exit.
you can end the process the service is running under. You can find this process by going to the Services tab of the Task Manager, right-clicking, and selecting Go To Process(you need to click the Show processes from all users button.). Note that one process may host multiple services (especially if it's svchost.exe), and ending the process will kill all those services. Also, this is an unclean exit, and may cause data corruption depending on what the service(s) was doing when you killed it.
Depending on which specific service you are trying to stop, there may be a cleaner way to simulate failure.
In the second example (in the section examples) on this link, there is a description on using WM_QUERYENDSESSION to abort a shutdown. It also states that this does not work on versions of windows later than XP. This is conflicting with the advice given on another question here at stackoverflow. What is the correct answer? I do not have a computer with either so I am unable to test.
Some applications got the WM_QUERYENDSESSION handling wrong (Not passing to DefWindowProc, they incorrectly returned 0 even though they did not intend to block shutdown) and so MS changed it with Vista, you now need to call ShutdownBlockReasonCreate()
#Konamiman: shutdown.exe -a will abort a "scheduled" shutdown yes, but not a "normal" shutdown by someone calling ExitWindowsEx()
If anything else fails, remember that from command line it is shutdown.exe -a; maybe you could invoke this using the Process class.
EDIT. When mentioning the Process class I happily assumed that the question was about .NET programming, now I see that .NET is not mentioned neither in the question nor in the tags. Anyway I believe that there are ways to run executables from other programming environments as well.