Running Win32 program ASAP after Nt boot
 Radim Picha (EliCZ) <apihooks com seznamcz> |
Tuesday, February 19 2008 05:29.16 CST |
Our Win32 (service) process was starting too late, sometimes even after explorer.exe. We had to find a way to start the process sooner. Winlogon notifies are no longer supported and AppInit_DLLs is not a good solution. Here is the result.
Comments
 omeg |
Posted: Tuesday, February 19 2008 06:44.23 CST |
| Nice trick with custom subsystem ;) | |
 aeppert |
Posted: Tuesday, February 19 2008 09:21.50 CST |
|
Just as a curiosity - did you look at some form of MS GINA pass-through module? One that would not necessarily authenticate, but would be certain to run? Very interesting solution nonetheless. |
|
 EliCZ |
Posted: Thursday, February 21 2008 03:33.33 CST |
|
aeppert, MSDN: GINA DLLs are ignored in Windows Vista + KB925519 + no winwlx.h in WDK + no winlogon.exe in session 0 since NT6. This all was meant by "Winlogon notifies are no longer supported". |
|
|
aeppert |
Posted: Thursday, February 21 2008 08:07.23 CST |
|
Ah, amazing what happens when one's reading comprehension fetches the proverbial clue. Thanks for the clarification. I have not looked at Vista at all to be quite honest, so that little tidbit will certainly help me when I get around to it! |
|
|
GynvaelColdwind |
Posted: Sunday, February 24 2008 23:41.42 CST |
| Verrry intersting solution. Thanks for sharing! ;> | |
 Aram |
Posted: Monday, February 25 2008 11:37.38 CST |
|
Interesting... But have you try to establish a dependency with a common service? (for example add a dependendy to RPC service with your ASAP service). I don't try it perhaps it's not a clean solution because a update can disable the dependency. |
|
 mcimpoesu |
Posted: Monday, February 25 2008 14:57.50 CST |
|
Interesting article.....but But o solution based on a native application would run much earlier that this because such a native application starts before the windows session manager process (smss.exe). Because smss.exe starts every subsystem process you will run a lot earlier from such a native application. cheers! |
|
|
EliCZ |
Posted: Tuesday, February 26 2008 04:32.42 CST |
|
Aram, you are absolutely right, all you can do (I think) is just wait (seems you can't even use eventlog apis that early) and maybe you will miss something from service mechanism (notifies?). mcimpoesu, yes, if you are able to rewrite the whole thing to Nt native you win. If you have (old) big (more programmers) project and it's written for Win32 you will not rewrite it + not whole registry is initialized in bootexecute time(!). Native application doesn't start before smss.exe - it's run from smss.exe but before (~ not "much earlier") required subsystems. My first attempt was a small Nt app that waits for Win32 server and then spawns Win32 app but that was too complicated. I wanted to know how is winlogon/winit.exe (= InitialCommand) spawned when it is Win32 app && it's parent is smss.exe - in other words I was trying to find a way to run/register win32 process from native process (there is SmpExecPgm function in smss). The blog entry was about running _Win32_ app ASAP not about running user-mode code ASAP. |
|
|
mcimpoesu |
Posted: Wednesday, February 27 2008 12:22.03 CST |
|
ok, I got it now, you need a big application and is not possible to run it on native mode :) As for the registry you can initialize them by hand using NtInitializeRegistry (if I can remember right) doing the same job as smss.exe does |
|