I want to stop the shutdown / log off API which appears when you have programs open to confirm a shutdown/logoff.
I have an application already that send a reason to the API.
I know this is bad practice but I really need to override / cancel the shutdown with out displaying the API after 5 seconds.
is there any way to hack this or run a custom shutdown script to override the shutdown.
thanks in advance
it doesnt matter about holding it for5 seconds just catching it if it is pressed once. I can do that but vista shows a API screen after 5 seconds which All i want is vista not to show that.
vista shows that because I prevent it from shutting down.
You may want to look at this:
http://msdn.microsoft.com/en-us/library/aa376871(VS.85).aspx
When I did this functionality I had to do everything in unmanaged C++ as I had problems trying to set the priviledge by using Interop.
You need this flag: EWX_FORCE in ExitWindowsEx.
Related
Firstly sorry for my poor english. I don't really know how to formulate the question, but I can explain you my intentions so it may help you to understand me better.
Im developing tool that notifies you when a windows service goes down.
The exact logic that I follow is:
When a service goes down gracefully logs an event that you can see in windows event viewer. I've created a sheduled task that will be triggered when the service is stopped according to windows event log (Thanks to a XML filter).
This task triggers a powershell script that sends a request to a telegram bot that will notify me when the service dies.
This process works perfectly when I manually stop the service (From service.msc or Powershell's Stop-Service). The objective is to have a realtime track of the service, and in this case works correctly.
The problem comes here: I cannot force the service to crash in order to see if it logs information in windows event viewer.
My questions are:
If an error occurs will windows shut the service down gracefully (like when using Stop-Service) or will it kill the process without registering any log info (like when using taskkill /f)?
Any other suggestions? Is there another way to track a windows service in real time and trigger a script without a loop that runs every certain time.
Hope y'all understand me :)
If a service crashes, you should still see an error message in the event log under Windows Logs > System. The Source will be "Service Control Manager" and Event ID should be either 7031 or 7032 or 7034.
So you can add a filter for these and have your PowerShell script run on these kinds of events as well.
First off, I know some proper ways of making a truly interactive Windows Service.
The situation is, I do have a tool that does not interact with the user as such. However, it does display non-blocking notifications both via popup windows and via the Windows Notification Area (aka System Tray). It also writes a logfile of the notifications it displays.
This tool is normally spawned by a main user application and as long as the main application is a normal application, these notifications do work as intended.
When this tool is spawned by a Windows Service, no notifications are displayed, naturally. (The Desktop Session for the service isn't visible.) But this would be OK, we have the logfile and these notifications are just - notifications, nothing the user absolutely must see under all circumstances.
The question now becomes: Is a process running in the context of a Service (the Service itself or any process it starts) "allowed" to make Windows API calls that display a visible GUI?
Will most Windows API calls (e.g. creating and showing a window, using Shell_NotifyIcon, etc.) behave the same in the invisible session of the service?
Or would I have to make sure throughout the source code, that no GUI displaying/modifying stuff is called in the context of the service?
And yes, calling ::MessageBox is a bad idea because it will block. But I can handle these calls.
And yes, this could be designed better, but it's what I have at the moment and it would be nice if I hadn't to rip the whole tool apart to make sure no GUI related code is run in the service.
GUI elements from a Windows Service are shown on Session 0. On Windows XP & 2003, users were allowed to log in to Session 0 and interact normally with the windows created by a service, but Microsoft put a knife in the heart of interactive services in Vista (and beyond) by isolating Session 0.
So, to answer your specific questions:
Is a process running in the context of a Service (the Service itself
or any process it starts) "allowed" to make Windows API calls that
display a visible GUI?
Will most Windows API calls (e.g. creating and showing a window, using Shell_NotifyIcon, etc.) behave the same in the invisible session
of the service?
Yes, GUI calls are allowed and should succeed as normal. The only notable exceptions that I know of are those related to tray icons because the process providing the task bar (explorer.exe) is not running in the isolated Session 0.
Or would I have to make sure throughout the source code, that no GUI displaying/modifying stuff is called in the context of the service?
That should not be necessary, though you should proceed cautiously with any GUI interaction from your service. Test thoroughly!
I would like to provide some info wrt. Raymonds Chen's comment to the other answer
You should avoid presenting UI in a service because you may trigger
the UI Detection Service which will switch the user to your service UI
temporarily. – Raymond Chen
I find these good articles:
What is Interactive Services Detection and Why is it Blinking at Me?
Inside Session 0 Isolation and the UI Detection Service, Part1, Part2
Where one can find explanation on what the UI detection service (UI0Detect) is and does and how it's supposed to work.
Interactive Services Detection (the blinking button on the taskbar) is
a mitigation for legacy applications that detects if a service is
trying to interact with the desktop. This is handled by the
Interactive Services Detection (UI0Detect) service.
However, one must note that this only can work if the service that is trying to view a GUI has the flag "Allow service to interact with desktop" set, because only then the service process will be running on WinSta0of Session0 even allowing it to show anything at all.
Alex Ionescu mentions this:
If UI0Detect.exe ...
the SCM has started it at the request of the Window Hook DLL. The
service will proceed ...
The service first does some
validation to make sure it’s running on the correct WinSta0\Default
windowstation and desktop and then notifies the SCM of success or
failure.
So, to come back to Raymond's comment: As far as I can see, as long as a service doesn't tick the type= interact option (see sc.exe), and normally you don't tick this, the UI0Detect service doesn't do anything and there shouldn't be any "danger" of triggering it.
Note: The information above is based on my limited research and tests on only a single Windows 7 PC.
I have a windows Service always running once PC started, how would i detect using .NET 3.5 or WMI, when the user or some other application/process has requested a shutdown or reboot in windows.
I do not want to stop it, just log the time and who initiated the shutdown (user or process is fine, don't really need to know which process)
Thank you
Use the Microsoft.Win32.SystemEvents.SessionEnding event.
However, note that you are in a Windows Service, and this event won't fire for you unless you create a hidden form in your service. You can get one of these for free by enabling the "Interact with Desktop" option on the service.
You're looking for the SystemEvents.SessionEnding event.
Occurs when the user is trying to log
off or shut down the system.
Win32.SessionEnded event gets fired when the system is being shut down. You should attach to this in your program.
I've got a service that acts as a watchdog for several apps/servers. There are no user sessions on this machine. I'd like the watchdog to be capable of beeping on the internal speaker should something go wrong (that'd be my queue to go fix whatever it's complaining about)
when I try the Beep() API on Windows nothing happens - I suspect the problem is that the services session isnt permitted to make noises?
can I make this work? any other ideas for how to make the service alert me?
-CG
Call CreateFile on \device\beep, then send down IOCTL_BEEP_SET (see http://www.koders.com/c/fidFEC3527B9D951559D62722A9C0C603863106CA9B.aspx for details)
It may work if you allow it to interact with the desktop (an option configurable somewhere, I can't remember where).
But personally, I'd have it email me.
Though maybe you could have it use the task scheduling API to schedule a task for yourself, so next time you log on you can see it.
I don't know; you've got a few options. I'd avoid beeping though.
Try sending beep char "\a" to console. Not sure if it will work.
Beeping doesn't seem like a good idea - it might end up driving everyone mad....
I'd also agree about the "interact with desktop" option and you set this in the services parameters see A Windows Service without a template
I'd recommend creating a simple client application that polls that server to query for any problems and returns a set of status messages. Then an appropriate UI would be raised (e.g. balloon on the tray), an email sent, etc. containing any warning or failure messages.
This way you also know that the watchdog itself is running and has network connectivity - if the watchdog dies and/or machine locks up you wouldn't otherwise know.
It also avoids being thrown out of a window when the machine starts beeping continuously just after you go to lunch. [+1 to #mikej] :-)
The poll period should be around half (see Nyquist sampling rate) your minimum required response time.
I want to be able to 1. detect (and, if needed 2. abort) OS shutdown from my application, preferably by using the Windows API.
I know that it is possible to abort shutdown manually using the command shutdown -a In the worst case, I could ShellExecute this, but I was wondering if there was a better way to prevent the shutdown programatically.
Maybe it would be enough to be notified programatically that the OS is about to shut down - how to do this?
From MSDN:
The WM_QUERYENDSESSION message is sent when the user chooses to end the session or when an application calls one of the system shutdown functions. If any application returns zero, the session is not ended. The system stops sending WM_QUERYENDSESSION messages as soon as one application returns zero.
So, my application's WindowProc now processes the WM_QUERYENDSESSION message and returns 0.
Didn't expect it to be this simple; as a bonus, it also works on Windows 2000.
In regards to 'simply' returning 0 to block a shutdown, it isn't as simple as that if you want to do it in the proper way. Especially on Vista. For example please also read http://msdn.microsoft.com/en-us/library/ms700677(VS.85).aspx