I have a Windows Service written in C#. It is crashing when it calls into a 3rd party COM component. The problem only appears on Windows 7 (x86 and x64). When I run the same service code as a console application on Windows 7 (x86 and x64), it works fine. When I run the same service on Windows 2003, it also works properly. I think it could be related to UAC. I am looking for suggestions/direction on debugging this service to identify what is causing the problem. Use debug symbols for ntdll.dll? Below the info from the event log. <pre class="prettyprint"><code>Event ID: 1000, Level: Error Faulting application name: ServiceHost.exe, version: 1.0.0.0, time stamp: 0x4f87bc9a Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x0002bcbb Faulting process id: 0x151c Faulting application start time: 0x01cd1939c9017b2d Faulting application path: E:\ServiceHost\bin\Debug\ServiceHost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 08da6aa3-852d-11e1-a889-00155d016f32 </code></pre>

As a wild guess, you might be falling foul of Session 0 Isolation: <blockquote> In Windows XP®, Windows Server® 2003, and earlier versions of the Windows® operating system, all services run in the same session as the first user who logs on to the console. This session is called Session 0. Running services and user applications together in Session 0 poses a security risk because services run at elevated privilege and therefore are targets for malicious agents that are looking for a means to elevate their own privilege levels. </blockquote> Where this usually causes issues for services is if, for instance, something tries to create UI. The easiest approach to dealing with this issue would be to talk to the vendor of the 3rd party component and ensure it's supported for use with services. However, if the vendor no longer exists, that may not be possible. If the issue arises whilst the service is running, it may be possible to attach a debugger to it and capture a dump at the point at which the error happens (e.g. using something like adplus from the debugging tools for windows). If the issue is happening during service startup, it may be trickier to diagnose. You really need to isolate the last function call in your code that brings on the error, and then try to diagnose from there.

Try changing the account of service to any other. Like <code>Local System</code>.

.NET Windows Service crashes in ntdll.dll

I have a Windows Service written in C#. It is crashing when it calls into a 3rd party COM component. The problem only appears on Windows 7 (x86 and x64). When I run the same service code as a console application on Windows 7 (x86 and x64), it works fine.

When I run the same service on Windows 2003, it also works properly. I think it could be related to UAC. I am looking for suggestions/direction on debugging this service to identify what is causing the problem. Use debug symbols for ntdll.dll? Below the info from the event log.

Event ID: 1000, Level: Error
Faulting application name: ServiceHost.exe, version: 1.0.0.0, time stamp: 0x4f87bc9a
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000005
Fault offset: 0x0002bcbb
Faulting process id: 0x151c
Faulting application start time: 0x01cd1939c9017b2d
Faulting application path: E:\ServiceHost\bin\Debug\ServiceHost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 08da6aa3-852d-11e1-a889-00155d016f32

How do I fix Ntdll DLL?

The ntdll. dll error you're receiving could be due to a one-time, temporary issue and a simple reboot may resolve the problem completely. Reinstall the program if the error only displays when you use a specific program. If the software program has any updates or service packs available, install them, too.

What is Ntdll DLL?

The ntdll. dll file is a file created by Microsoft with a description of "NT Layer DLL" and is the file containing NT kernel functions. The ntdll. dll file is located in the c:\windows\system32 or c:\winnt\system32 directory, also found in the c:\i386 directory.

As a wild guess, you might be falling foul of Session 0 Isolation:

In Windows XP®, Windows Server® 2003, and earlier versions of the Windows® operating system, all services run in the same session as the first user who logs on to the console. This session is called Session 0. Running services and user applications together in Session 0 poses a security risk because services run at elevated privilege and therefore are targets for malicious agents that are looking for a means to elevate their own privilege levels.

Where this usually causes issues for services is if, for instance, something tries to create UI.

The easiest approach to dealing with this issue would be to talk to the vendor of the 3rd party component and ensure it's supported for use with services. However, if the vendor no longer exists, that may not be possible.

If the issue arises whilst the service is running, it may be possible to attach a debugger to it and capture a dump at the point at which the error happens (e.g. using something like adplus from the debugging tools for windows). If the issue is happening during service startup, it may be trickier to diagnose.

You really need to isolate the last function call in your code that brings on the error, and then try to diagnose from there.

Try changing the account of service to any other. Like Local System.

.NET Windows Service crashes in ntdll.dll

Tags:

c#

windows

crash

windows-services

Phil Bolduc

People also ask

2 Answers

Damien_The_Unbeliever

AgentFire

Recent Activity

Donate For Us

.NET Windows Service crashes in ntdll.dll

Tags:

c#

windows

crash

windows-services

Phil Bolduc

People also ask

2 Answers

Damien_The_Unbeliever

AgentFire

Related questions

Recent Activity

Donate For Us