/cc @alexbrainman

@cpowski I do not understand what your problem is.

Please, provide full small program that I could run here. And tell me what your program does wrong.

Thank you.

Alex

Hi @alexbrainman, the program I'm writing is a windows service that detects logon/off events. I've started with the windows service example in the golang docs. I've combined the 5 files from that project into one and shared it on play.golang.org. The example project does not handle SessionChange events so I've made the following additions:

• line 88: Added | svc.AcceptSessionChange
• line 99/100: Commented out the beep logs to keep the event log clean
• line 116-121: Added a case to handle the SessionChange event and log the details to the event log.

The rest of the file is unchanged from the sample project. Once built, the executable needs to be installed as as service and started with ./<executable> install and ./<executable> start. This process is successful and the start up message appears in the windows event log.

I log in/out of a test profile on my machine to trigger a session change event. In the logs I see this:

SessionChange cmd <14> type <0> data <3>

The cmd is correct (SessionChange) and the data contains the associated SessionID. All good. The problem is the EventType. This should represent the reason for the event, however it always reports as 0, which is not a valid status code.

I've tested on windows 10 and windows server 2008 r2 with the same result. I have a c++ service running on the same machines, with the same configuration/service account. It's doing the same thing and successfully receiving the event type.

Let me know if you need any more info.

shared it on play.golang.org

Thank you. I will try and run it here.

I have a c++ service running on the same machines, with the same configuration/service account. It's doing the same thing and successfully receiving the event type.

I will need the source code for that service too. I have never written code that does something similar. So C++ example would be helpful for me to debug Go code.

Thank you.

Alex

I have this same problem.
When I handle svc.SessionChange in service EventType should be one of WTS_CONSOLE_XXX values (from http://msdn.microsoft.com/en-us/library/aa383828(v=vs.85).aspx) and EventData should be a pointer to WTSSESSION_NOTIFICATION structure
But EventType is always 0 and EventData usually has values from 1 to 8.

What is important: when I build my sample service as 32 bit application everything works fine! EventType and EventData have valid values and I can for example read WTSSESSION_NOTIFICATION structure.

So parameters are passed incorrectly only in 64 bit code: EventType is 0, EventData have value from EventType and pointer to WTSSESSION_NOTIFICATION is missing.

I log in/out of a test profile on my machine to trigger a session change event. In the logs I see this:

SessionChange cmd <14> type <0> data <3>
The cmd is correct (SessionChange) and the data contains the associated SessionID. All good. The >problem is the EventType. This should represent the reason for the event, however it always reports as >0, which is not a valid status code.

I think you are wrong. Look at: https://msdn.microsoft.com/pl-pl/library/windows/desktop/ms683241%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 for SERVICE_CONTROL_SESSIONCHANGE EventType is one of WTS_CONSOLE_XXX values and EventData is a pointer to a WTSSESSION_NOTIFICATION structure.
So your EventData does not contain sessionID. SessionID should be readed from WTSSESSION_NOTIFICATION structure.

Any news ?

I also noted problems in 32 bit application. In some cases sessionID is invalid (in my tests has value 4784210).
It is go problem in C++ app everything works. I think that the problem is in sys_386.s, sys_amd64.s asm code so it is hard to fix for me....

I think I am having a similar issue and may have found a solution.

For a svc.SessionChange event the parameters passed from windows to the callback seem to be off by one. The handler defined in service.go:318 does receive the correct information just in the wrong parameters.
ctlHandler := func(ctl uint32, evtype uint32, evdata uintptr, context uintptr) uintptr

The evtype value is always zero, the evdata value contains what should be stored in evtype and the context value stores the value which should be in evdata.
I tested this by changing the handler so that it puts context into the eventdata field like so:
e := ctlEvent{cmd: Cmd(ctl), eventType: evtype, eventData: context}
Note: I have no idea if making this change will break other notification types as I have only test with the Session Change notification.

After doing this, I can cast the returned value to a pointer to a WTSSESSION_NOTIFICATION structure and read the session ID from there.

type WTSSESSION_NOTIFICATION struct {
	Size      uint32
	SessionId uint32
}
...
case svc.SessionChange:
	elog.Info(1, fmt.Sprintf("Session change: 0x%08x : %+v", c.EventData, c))
	sd := (*WTSSESSION_NOTIFICATION)(unsafe.Pointer(c.EventData))
	elog.Info(1, fmt.Sprintf("Session change: %d", sd.SessionId))

I'm guessing this issue is specifically related to the Go assembly files since the parameters seem to have been shifted but unfortunately I am not familiar enough with it to spot the error.

For reference I am using Go 1.10.7 amd64 on a fully updated Windows 10 machine.

The handler defined in service.go:318 does receive the correct information just in the wrong parameters.
ctlHandler := func(ctl uint32, evtype uint32, evdata uintptr, context uintptr) uintptr

The evtype value is always zero, the evdata value contains what should be stored in evtype and the context value stores the value which should be in evdata.

Maybe you are correct, and there is a bug here. Maybe Windows passes ctl and evtype parameters as 4 byte each, but Go function reserves 8 bytes for each argument.

If that was broken forever, how would other services work? If someone can provide me with some reproducible example of this problem, that would make my investigation quicker.

Thank you very much.

Alex

Thanks for the quick response! I have created a gist which contains two files.

The first is a modified version of svc\example\service.go which has been changed to write two messages to the Application event log when a session change event occurs. The first log entry is a dump of the contents of the ChangeRequest structure and the second is the Session ID.

The second file is a modified version of svc\service.go which is changed only to pass the context parameter through to the service example program. This is to show that it does have a value and appears to be pointing to a valid WTSSESSION_NOTIFICATION structure.

After installing and starting the example service, to test I have been locking my session and then unlocking, this creates log entries similar to the following:
{Cmd:14 EventType:0 EventData:8 CurrentStatus:{State:4 Accepts:135 CheckPoint:0 WaitHint:0} Context:824256}
Session ID: 2

As for why this has not been brought up before, I would imagine that not a lot of people are using the SessionChange notification in their services. But I could of course be wrong on that not having any real statistics to look at.

I hope this helps, if you need anything more I am happy to try and assist as best I can.

I can confirm that niallnsec sample shows problem.
But when is compiled as 32 bit the problem does not exist, EvenType and EventData are ok.

I have created a gist which contains two files.

Thank you very much. I will see what I can do with that, when I have free time.

Alex

Change https://golang.org/cl/158698 mentions this issue: windows/svc: align ctlHandler parameters

Change https://golang.org/cl/158697 mentions this issue: windows/svc: add Context to ChangeRequest

@cpowski, @Green7 and @niallnsec please test my change

https://go-review.googlesource.com/c/sys/+/158698

Thank you.

Alex

It works for me.

Thanks for the fix @alexbrainman
I have tested it on 64 and 32 bit Windows 10 and 64 bit Windows 7 and it seems to be working perfectly!

Thanks for checking. Now we need to wait for review.

Alex