Launching CMD from windows service results in exception code 0xC0000142

0

We have a service application that launches CMD.exe with Stdin/Stdout/Stderr redirected to a named pipe. The Service is running as an administrator account (It is NOT running as LocalSystem). The development environment is Windows 8.1 Pro.

When we launch CMD.exe using CreateProcessWithLogonW(), it starts and immediate ends with exit code 0xc0000142. If instead, we launch CMD using CreateProcess(), it works fine, which leads me to believe we are tripping over some sort of security model in windows. Note -- the credentials we pass are definitely valid.

This security model theory I believe is further confirmed by the fact that our unittest framework has no problem running CreateProcessWithLogonW() from user space -- but when we move this infrastructure into a windows service it fails. Note -- when we run the unittest, we run using the same administrator account we are using to run the service.

A number of Internet threads discuss exception code 0xC0000142 on google and SO, but they seem to focus on the possibility of a virus outbreak of some sort. We have run the appropriate sfc/scannow to confirm we have a fresh & healthy windows environment. And again I do not believe this is a virus due to the fact that our unittest framework works flawlessly from user space -- it only generates the exception code from within a service:

There are a total a four log entries that are recorded when we encounter the exception code; two for CONHOST.exe and two for CMD.exe. I have reproduced the relevant entries below.

CONHOST.exe entries:

Faulting application name: conhost.exe, version: 6.3.9600.17415, time stamp: 0x5450410b
Faulting module name: USER32.dll, version: 6.3.9600.18202, time stamp: 0x569e7d02
Exception code: 0xc0000142
Fault offset: 0x00000000000ecdd0

Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: conhost.exe
P2: 6.3.9600.17415
P3: 5450410b
P4: USER32.dll
P5: 6.3.9600.18202
P6: 569e7d02
P7: c0000142
P8: 00000000000ecdd0
P9: 
P10: 

CMD.exe entries

Faulting application name: cmd.exe, version: 6.3.9600.17415, time stamp: 0x545042b1
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18202, time stamp: 0x569e7d02
Exception code: 0xc0000142
Fault offset: 0x00000000000ecdd0

Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: cmd.exe
P2: 6.3.9600.17415
P3: 545042b1
P4: KERNELBASE.dll
P5: 6.3.9600.18202
P6: 569e7d02
P7: c0000142
P8: 00000000000ecdd0
P9: 
P10: 

I'd be happy to share code -- but due to the fact this is windows service, even a minimally reproducible example is going to be quite long. I was hoping someone might recognize the issue and point us to some sort of RTFM/security docs from MSDN that might lead us down the right path?

windows
service
createprocess
createprocesswithlogonw
asked on Stack Overflow Mar 22, 2016 by user590028

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0