none
Event Tracing for Windows help needed RRS feed

  • Question

  • With Win7, we're attempting to use ETW in classic mode from a windows service.  From that service we do not have the permissions or privileges to call the ETW control functions.  The service is running as "Local System".  (Accounts "Network Services" and "Local Service" have also been tried.)

    The service is C#/.NET 4.0 and uses an assembly/dll also built with C#/.NET 4.0.

    The ETW code resides in the dll.  The dll pinvokes the ETW functions.  A non-service test app has been used to test the DLL and when run with elevated privileges it works.

    When run in the service GetTokenInformation() returns that the process has a TOKEN_ELEVATION_TYPE of TokenElevationTypeDefault.

    The user account the test app is running under is an administrator.  When GetTokenInformation() is called from the test app with elevated privileges it returns that the TOKEN_ELEVATION_TYPE is TokenElevationTypeFull.  When run without escalation the test app returns TOKEN_ELEVATION_TYPE is TokenElevationTypeLimited.

    The specific functions we need full permission to execute are ControlTrace, StartTrace, and StopTrace.  How do we get our windows service to have privileges to call the ETW functions?

    Wednesday, June 20, 2012 3:06 PM

Answers

  • We actually resolved this ourselves.

    It turns out that we were interpreting the TOKEN_ELEVATION_TYPE incorrectly.  With a TOKEN_ELEVATION_TYPE of TokenElevationTypeDefault the service has the privileges we need.  We did not need to get a TOKEN_ELEVATION_TYPE of TokenElevationTypeFull.

    Thank you for all the help.

    Thursday, June 28, 2012 12:32 PM

All replies

  • Did you try elevating the privilege of your module using C# OnDemand elevation. Here's an example with code for the same http://www.codeproject.com/Articles/105506/Getting-Elevated-Privileges-on-Demand-using-C

    Hope it helped.

    Thursday, June 21, 2012 5:18 AM
  • Hi Cramer,

    Welcome to the MSND Forum.

    How about Sezhiyan's suggestion? Is it helpful to you?

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Friday, June 22, 2012 10:35 AM
    Moderator
  • We actually resolved this ourselves.

    It turns out that we were interpreting the TOKEN_ELEVATION_TYPE incorrectly.  With a TOKEN_ELEVATION_TYPE of TokenElevationTypeDefault the service has the privileges we need.  We did not need to get a TOKEN_ELEVATION_TYPE of TokenElevationTypeFull.

    Thank you for all the help.

    Thursday, June 28, 2012 12:32 PM
  • Hi Cramer,

    Thank you for sharing this solution here.

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Friday, June 29, 2012 5:38 AM
    Moderator