|
V1.2.1 Using paexec from program to run remote commands. Seems to work, however it leaves Windows Services behind it after execution. Going to the Control Panel/Services after running for a little while, I see that on each target, I have a large number of services named PAExec-<pid>-<client> left behind. Is this a known issue? Is this new? How can I get rid of this behaviour? Thanks, Dominique |
|
Further trials/exploration seem to show that this happens when process gets killed.. [I did process.WaitForExit(someTimeout); if (! process.HasExited()) process.Kill(); ] This leaves a service definition behind... |
|
Any resolution for this? Are you using v1.22 or newer? v1.22 made additional attempts to clean up the service.
(07 Jan '15, 17:00)
Doug ♦♦
This is actually kind of funny but we have a program that copies itself in a remarkably similar method to yours. I actually spent a good portion of December rewriting the code to resolve this issue. Now we're not even handling the stop event or spawning a process. Now we just register the ctl handler, set running, run the program(less than 10 seconds) and tell the service manager that we stopped and then bail. In fact I was noticing with the remote debugger that if you're deleting yourself, sometimes that doesn't complete before the process bails. Now we're deleting from outside
(07 Jan '15, 17:06)
bluebaron
and checking to make sure that process is deleted, but we're getting many failures. We're at our wits end with this issue so I finally typed into The Googles, "psexec source code" and that brought me here. Until now I had no idea that someone else had tackled this issue.
(07 Jan '15, 17:08)
bluebaron
I actually noticed your comment: //for some reason (probably because the service didn't or couldn't stop when requested, and then couldn't be deleted), we're seeing cases where the service definition //still hangs around (ie a long list of PAExec-xx-yy in services.msc), so here we'll take an additional step and try to delete ourself
(07 Jan '15, 17:18)
bluebaron
Also I noticed that you're opening the service manager with too many permissions. Not that it will matter in most cases but some users might have selective permissions for service management. Also, how are you authenticating? We're using user impersonation. Also, I see that you're using a single method for checking all bad handles, but the api documentation defines each failure condition separately(though I believe they're all the same) ... maybe not .. but if the definition changes in later versions you might be in trouble.
(07 Jan '15, 17:24)
bluebaron
|
