Hi,
I am trying to generate user-mode crash dump using the MiniDumpWriteDump
() API. It works fine on user applications.
But when I try to get the user-mode crash dump for a Service Application
it returns “Access Denied”.
I think this is because the Services run in the LocalSystem context and my
Debug Application is running in the user context. It is possible for me
get around “Access Denied” problem by converting my application to a
service, but I would like to avoid it.
I have two queries -
- How do I get a successful dump for services app without getting “Access
Denied”
- How does the Microsoft supplied utility userdump.exe generate the
user-mode crash dumps for both services and applications though it is not
a service itself.
Thanks
Amit
> -----Original Message-----
From: xxxxx@hotmail.com [mailto:xxxxx@hotmail.com]
…
I have two queries -
- How do I get a successful dump for services app without
getting “Access
Denied”
Administrators should have no problems, because they have the “Debug
programs”
privilege per default which allows opening a process with all permissions.
- How does the Microsoft supplied utility userdump.exe generate the
user-mode crash dumps for both services and applications
though it is not a service itself.
Userdump.exe comes with an installation program which installs a kernel-mode
driver (userdump.sys), so it probably uses that driver to get the dump.
BTW, is there any need for your service to run with LocalSystem, which has
even more permissions and privileges as an administrator on that system?
Martin
>> I have two queries -
> 1. How do I get a successful dump for services app without
> getting “Access
> Denied”
Administrators should have no problems, because they have the “Debug
programs”
privilege per default which allows opening a process with all
permissions.
When I called OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwOwnerPID);
the call returned me “Access Denied”. I was running my program as
Administrator. Am I missing something here ?
> 2. How does the Microsoft supplied utility userdump.exe generate the
> user-mode crash dumps for both services and applications
> though it is not a service itself.
Userdump.exe comes with an installation program which installs a
kernel->mode
driver (userdump.sys), so it probably uses that driver to get the dump.
BTW, is there any need for your service to run with LocalSystem, which
has
even more permissions and privileges as an administrator on that system?
Martin
Actually what I am trying to do is write a program that will help me
generate a user-mode crash dump of any process given the process name.
Something similar to Microsoft’s userdump.exe utility.
Given a choice I would prefer having it as a simple program and not
service app.
But because I keep getting “Access Denied” if the process name is running
as service apps, I thought I require to write my own program as a service
to get the necessary permissions and priviliges.
But any new ideas are welcome. 
Thanks a lot Martin
Amit
> When I called OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwOwnerPID);
the call returned me “Access Denied”. I was running my program as
Administrator. Am I missing something here ?
A user’s privileges are part of his token but are disabled per default.
You have to enable them explicitely. Enable SE_DEBUG_NAME via
AdjustTokenPrivilege
and if it succeeds, proceed with OpenProcess. Mail me privately, if you need
some
sample code.
Martin
Martin,
I was able to resolve the problem.
Thanks a lot.