We have a service application that launches CMD.exe with Stdin/Stdout/Stderr
redirected to a named pipe. The Service is running as an administrator account
(It is NOT running as LocalSystem). The development environment is Windows 8.1 Pro.
When we launch CMD.exe using CreateProcessWithLogonW(), it starts and
immediate ends with exit code 0xc0000142. If instead, we launch CMD using
CreateProcess(), it works fine, which leads me to believe we are tripping over
some sort of security model in windows. Note -- the credentials we pass are definitely valid.
This security model theory I believe is further confirmed by the fact that our
unittest framework has no problem running CreateProcessWithLogonW() from user
space -- but when we move this infrastructure into a windows service it fails. Note -- when we run the unittest, we run using the same administrator account we are using to run the service.
A number of Internet threads discuss exception code 0xC0000142 on google and SO,
but they seem to focus on the possibility of a virus outbreak of some sort. We
have run the appropriate sfc/scannow to confirm we have a fresh & healthy
windows environment. And again I do not believe this is a virus due to the fact
that our unittest framework works flawlessly from user space -- it only
generates the exception code from within a service:
There are a total a four log entries that are recorded when we encounter the
exception code; two for CONHOST.exe and two for CMD.exe. I have reproduced the relevant entries below.
CONHOST.exe entries:
Faulting application name: conhost.exe, version: 6.3.9600.17415, time stamp: 0x5450410b
Faulting module name: USER32.dll, version: 6.3.9600.18202, time stamp: 0x569e7d02
Exception code: 0xc0000142
Fault offset: 0x00000000000ecdd0
Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: conhost.exe
P2: 6.3.9600.17415
P3: 5450410b
P4: USER32.dll
P5: 6.3.9600.18202
P6: 569e7d02
P7: c0000142
P8: 00000000000ecdd0
P9:
P10:
CMD.exe entries
Faulting application name: cmd.exe, version: 6.3.9600.17415, time stamp: 0x545042b1
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18202, time stamp: 0x569e7d02
Exception code: 0xc0000142
Fault offset: 0x00000000000ecdd0
Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: cmd.exe
P2: 6.3.9600.17415
P3: 545042b1
P4: KERNELBASE.dll
P5: 6.3.9600.18202
P6: 569e7d02
P7: c0000142
P8: 00000000000ecdd0
P9:
P10:
I'd be happy to share code -- but due to the fact this is windows service, even a minimally reproducible example is going to be quite long. I was hoping someone might recognize the issue and point us to some sort of RTFM/security docs from MSDN that might lead us down the right path?