Does anyone know if there’s a way to discover if a service / driver has
started as part of the boot process or manually?
At the moment I’m looking at the tick count to see if the OS has been
running for a certain period, but it seems very hackish.
I’d really like to implement a more correct method but I haven’t figured one
out.
Thanks.
From the kernel or user mode? If the latter, depending on how granular your
needs are, you could just query the the SCM configuration information and
check the start type.
Or am I missing something?
mm
On Wed, Sep 22, 2010 at 1:39 PM, Ged wrote:
> Does anyone know if there’s a way to discover if a service / driver has
> started as part of the boot process or manually?
> At the moment I’m looking at the tick count to see if the OS has been
> running for a certain period, but it seems very hackish.
> I’d really like to implement a more correct method but I haven’t figured
> one
> out.
>
> Thanks.
>
>
>
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
Looking at system uptime will be unreliable. If booted from iSCSI or even
FC, it could take many seconds (I believe up to 120 seconds for iSCSI) for
the disk to come online.
In your DriverEntry, you could try to access some registry hive that will
NOT be loaded at boot time, and if it is, you are not starting during boot.
There also is no such thing as a user mode service boot starting. Boot
starting only applies to drivers, and causes them to be loaded by the OS
loader, not after the system disk is mounted.
Jan
Does anyone know if there’s a way to discover if a service / driver has
started
as part of the boot process or manually?
At the moment I’m looking at the tick count to see if the OS has been
running
for a certain period, but it seems very hackish.
I’d really like to implement a more correct method but I haven’t figured
one
out.
I like the reg key idea for the driver but I’d ideally like to do this from
the service.
I wanted to avoid adding IOCTLs to the driver if possible.
If all else fails I’ll succumb add it to the driver as the tick count method
is truly horrible.
There also is no such thing as a user mode service boot starting.
I was referring to autostart for services.
Thanks.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jan Bottorff
Sent: 22 September 2010 18:57
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] discover if a service has started at boot
Looking at system uptime will be unreliable. If booted from iSCSI or even
FC, it could take many seconds (I believe up to 120 seconds for iSCSI) for
the disk to come online.
In your DriverEntry, you could try to access some registry hive that will
NOT be loaded at boot time, and if it is, you are not starting during boot.
There also is no such thing as a user mode service boot starting. Boot
starting only applies to drivers, and causes them to be loaded by the OS
loader, not after the system disk is mounted.
Jan
Does anyone know if there’s a way to discover if a service / driver has
started
as part of the boot process or manually?
At the moment I’m looking at the tick count to see if the OS has been
running
for a certain period, but it seems very hackish.
I’d really like to implement a more correct method but I haven’t figured
one
out.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Why?
I can stop and start either service or driver most any time I want. If the
driver is set as boot start and you reboot chances are yeah it started, but
unless you know when the boot took place and the other history of the driver
or service how do you know it has not been stopped and then restarted? Or
does that even matter? In PowerShell, you can use the Get-Service cmdlet to
give you the current state of the driver/service, Running/Stopped. You can
also log events in either driver or service that indicate the events of stop
and running.
Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ged
Sent: Wednesday, September 2, 2010 12:40 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] discover if a service has started at boo
Does anyone know if there’s a way to discover if a service / driver has
started as part of the boot process or manually?
At the moment I’m looking at the tick count to see if the OS has been
running for a certain period, but it seems very hackish.
I’d really like to implement a more correct method but I haven’t figured one
out.
Thanks.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
> Why?
It’s totally unrelated to the driver or service itself.
It’s related to the spec/function of the driver and the code path it takes
dependant on whether it started at boot or whether a user started/restarted
it.
I’m going to go down the reg key and IOCTL route.
Thanks.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: 22 September 2010 19:25
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] discover if a service has started at boot
Why?
I can stop and start either service or driver most any time I want. If the
driver is set as boot start and you reboot chances are yeah it started, but
unless you know when the boot took place and the other history of the driver
or service how do you know it has not been stopped and then restarted? Or
does that even matter? In PowerShell, you can use the Get-Service cmdlet to
give you the current state of the driver/service, Running/Stopped. You can
also log events in either driver or service that indicate the events of stop
and running.
Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ged
Sent: Wednesday, September 2, 2010 12:40 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] discover if a service has started at boo
Does anyone know if there’s a way to discover if a service / driver has
started as part of the boot process or manually?
At the moment I’m looking at the tick count to see if the OS has been
running for a certain period, but it seems very hackish.
I’d really like to implement a more correct method but I haven’t figured one
out.
Thanks.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
What you actually want to know? Do you want to know if the service was started automatically by SCM on manually? Do you want to know if it is a first start of the service since boot?
The solution depends on whether it is a kernel mode driver or user mode service.
I think there was a global variable of “InitializationPhase” in the kernel.
Or you can check for some device interface presence (physical disk, for instance) to determine the boot phase from the “fully booted” phase.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
“Ged” wrote in message news:xxxxx@ntdev…
> Does anyone know if there’s a way to discover if a service / driver has
> started as part of the boot process or manually?
> At the moment I’m looking at the tick count to see if the OS has been
> running for a certain period, but it seems very hackish.
> I’d really like to implement a more correct method but I haven’t figured one
> out.
>
> Thanks.
>
>
>
>
>
I want to know if the service was started automatically by the SCM
I have both a user mode service and a driver so either solution is workable,
it would be preferable to do it in the service though.
Thanks
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@broadcom.com
Sent: 22 September 2010 19:57
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] discover if a service has started at boot
What you actually want to know? Do you want to know if the service was
started automatically by SCM on manually? Do you want to know if it is a
first start of the service since boot?
The solution depends on whether it is a kernel mode driver or user mode
service.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
In this scenario, the service could have stated automatically, then been
stopped by the user and restarted.
The SCM configuration would still display auto startup even though it was
manually started by the user.
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of MARTIN OBRIEN
Sent: 22 September 2010 18:57
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] discover if a service has started at boot
From the kernel or user mode? If the latter, depending on how granular your
needs are, you could just query the the SCM configuration information and
check the start type.
Or am I missing something?
mm
On Wed, Sep 22, 2010 at 1:39 PM, Ged wrote:
Does anyone know if there’s a way to discover if a service / driver has
started as part of the boot process or manually?
At the moment I’m looking at the tick count to see if the OS has been
running for a certain period, but it seems very hackish.
I’d really like to implement a more correct method but I haven’t figured one
out.
Thanks.
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the
List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Given the Start value of the service is a 2, then yes it is automatically
started by the SCM, unless things go bump in the night and it crashes. In
that case of course no it won’t, but there should be an entry in the event
log to give you some indication of that, and of course you have the option
of writing why to the event log. The service and driver can both write
events to the event log.
Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ged
Sent: Thursday, September 23, 2010 5:13 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] discover if a service has started at boot
I want to know if the service was started automatically by the SCM I have
both a user mode service and a driver so either solution is workable, it
would be preferable to do it in the service though.
Thanks
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@broadcom.com
Sent: 22 September 2010 19:57
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] discover if a service has started at boot
What you actually want to know? Do you want to know if the service was
started automatically by SCM on manually? Do you want to know if it is a
first start of the service since boot?
The solution depends on whether it is a kernel mode driver or user mode
service.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
But, if you log events in both OnStart and OnStop, you should be able to
discriminate as to the current state of the running service/driver.
Gary G. Little
H (952) 223-1349
C (952) 454-4629
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ged
Sent: Thursday, September 23, 2010 5:43 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] discover if a service has started at boot
In this scenario, the service could have stated automatically, then been
stopped by the user and restarted.
The SCM configuration would still display auto startup even though it was
manually started by the user.
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of MARTIN OBRIEN
Sent: 22 September 2010 18:57
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] discover if a service has started at boot
From the kernel or user mode? If the latter, depending on how granular your
needs are, you could just query the the SCM configuration information and
check the start type.
Or am I missing something?
mm
On Wed, Sep 22, 2010 at 1:39 PM, Ged wrote:
Does anyone know if there’s a way to discover if a service / driver has
started as part of the boot process or manually?
At the moment I’m looking at the tick count to see if the OS has been
running for a certain period, but it seems very hackish.
I’d really like to implement a more correct method but I haven’t figured one
out.
Thanks.
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the
List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
What’s the ultimate problem you’re trying to solve by having that information?
It looks like you’re not telling enough. You think you need that information. But your (bigger) problem may actually be better solved by other means.
I’ve solved it now.
I’m creating a permanent named event in the kernel on first load.
I then check this event’s existance on subsequent loads to decide whether
this is the first load (auto start) or not (manual load).
Thanks to everyone who replied.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@broadcom.com
Sent: 23 September 2010 18:21
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] discover if a service has started at boot
What’s the ultimate problem you’re trying to solve by having that
information?
It looks like you’re not telling enough. You think you need that
information. But your (bigger) problem may actually be better solved by
other means.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer