KazhOo

Hello

I took the ownership of a project

The project is a VB6 Service

The Service need to be in the system account because it needs to install MSI software (rights story)

2 or 3 applications launched as a different user can send commands to the service.

The communication with the application and the service is simple and horrible

The service sets in the registry the handle of a window

The applications reads this registry and does a SetMessage(WM_SETTEXT) to the handle

...

Now with Vista the application cannot communicate with the service any more

Because of the security changes (which is good)

So the job is for me to MODIFY (and not redo in C# or C++) the project

So the application can send commands again to the service

At this moment I should have pulled the trigger

I tried several methods, all of them failed in Vista:

  • Set the service as an ActiveX, Add a Com class of communication, and put an instance of it in the ROT
  • Named pipes between two different users

The fact that the Service is in VB and the fact I don't know a lot about inter-application communication are a part of the problem Stick out tongue

And this is why I come here.

Is this Communication between an application and a service still possible in Vista

If Yes what do you suggest to do Remember that it must be done in VB6L

please, help meeeee...



Re: Security for Applications in Windows Vista An application need to send a command to a service...

Eric Perlin - MSFT

This is probaly not related to Vista per se. That same application probably failed in some configurations on XP (Fast User Switching) or server SKUs using remote desktop.

Named pipes should work, as should any IPC mechanism that works cross-sessions (windows messages not being one of them).

I don't know how many VB6 experts you'll find on this forum... I'm clearly not one.

I suggest you re-post to a VB forum.






Re: Security for Applications in Windows Vista An application need to send a command to a service...

hasley


I recommend you the usage of name pipes. I am reprogrammig a 'legacy' service who uses the same way to comunicate between the 'core' and the other process (SendMessage...).

It's easy to make a library to migrate in a couple of days, with the usage of name pipes (who are like a files). And til now, I had no problem with services&name pipes on my test (Vista&XP).





Re: Security for Applications in Windows Vista An application need to send a command to a service...

BrentB

I have a C++ application that uses a service that communicates with a user-level application using named pipes. I developed it from the sample in the SDK. The service sets up the server side of the pipe and the user apps open up client connections to the server. This works with fast-user-switching. I ran into one problem - the clients couldn't open the pipe for writing on Vista due to security. There may be ways to work around this, but since my clients didn't need to write to the server, I never tried to resolve that. When the client opens it's end of the pipe the server does detect it. If you can't resolve how to get the client to open the pipe for writing you could just use it as a trigger to get the service to look at a file that has the client informaton written in it. I don't know if the clipboard is accessable by a service, but that might work as a substitute for a file. It might also be possible to pass the information in a global atom instead of a file if the data is just a string.

If the communications requirement isn't frequent you could skip the named-pipe and set up a thread on a timer in the service that wakes up occassionally and looks for one or more files in a known folder locaton. When the application needs to communicate to the service it could write the data it needs to pass into the file. When the service thread wakes up it will discover the message and act on it.

Using the registry presents a problem because the applications will only be able to write to HKCU and the service won't be able to access the application's HKCU unless it does impersonation. Similarly, you will not be able to write to a folder in the user's document area because the service won't know where to look. The file needs to be in a generic location where the user-level app has write privileges.

Vista security really works. Unfortunately, it creates a lot of hurdles for the developer.





Re: Security for Applications in Windows Vista An application need to send a command to a service...

hasley


Problem writing pipes I have to try!
I dont know if the clipboard is a globar resource (I think that are session limited), but anyway, it's use to comunicate can cause serious problems about security and/or user 'interferences'. In that case, I prefeer to use sockets






Re: Security for Applications in Windows Vista An application need to send a command to a service...

Eric Perlin - MSFT

Clipboard & atoms won't work for IPC between a service and a user application. These are per-session objects.

Named pipes work cross-session (as does RPC and probably COM, as well as shared memory).

Were the clients hosted within Protected Mode Internet Explorer by any chance

That would explain the failure to write.

The registry and the file system can be used too but it's not the purpose of these technologies...






Re: Security for Applications in Windows Vista An application need to send a command to a service...

AndyCadley

You can also experience problems writing to named pipes if your service has a SID type of SERVICE_SID_TYPE_RESTRICTED and you fail to correctly ACL the pipe when you create it.



Re: Security for Applications in Windows Vista An application need to send a command to a service...

lfutrell

I have found that just using the ControlService() API with a user defined control code (after giving the service a DACL with SERVICE_USER_DEFINED_CONTROL set for the appropriate user or users) will suffice for very simple communications from an application to a service under Windows Vista. Is this not a recommended method for such communications






Re: Security for Applications in Windows Vista An application need to send a command to a service...

Eric Perlin - MSFT

It's so limited that I never put it in a recommended IPC mechanisms list.

But it should work cross-session.






Re: Security for Applications in Windows Vista An application need to send a command to a service...

KazhOo

Hello everybody and thanks for all your answers

I decide to use MailSlot communication
and this is working fine

Service in VB6 --------> Dll in C++ <-------- Client (VB6 or C++)

I also found a kb which Microsoft should update
http://support.microsoft.com/kb/q95900/

Thanks all, bye