STATUS_INTERNAL_ERROR: Unable to start service

Aug 18, 2009 at 10:32 PM
Edited Aug 18, 2009 at 11:13 PM

Hello everybody,

just downloaded EasyHook v2.6 and gave the binary demo applications a short try. Seems that both ProcessMonitor and FileMon are not working properly (at least on my machine) when being run on Vista 32bit with full admin privileges and UAC turned off (and yes, "Run as administrator" doesn't make a difference either).

For example, ProcessMonitor.exe gives me:

STATUS_INTERNAL_ERROR: Unable to start service. (Code: 193)

The corresponding stack trace for that error:

EasyHook.dll!EasyHook.NativeAPI.Force(int InErrorCode) + 0x270 bytes    
EasyHook.dll!EasyHook.NativeAPI.RtlInstallService(string InServiceName, string InExePath, string InChannelName) + 0x13 bytes    
EasyHook.dll!EasyHook.ServiceMgmt.Install() + 0xd0 bytes    
EasyHook.dll!EasyHook.ServiceMgmt.ExecuteAsService<ProcessMonitor.Form1>(string InMethodName = "EnumProcesses", object[] InParams = {object[0]}) + 0x10 bytes    
EasyHook.dll!EasyHook.RemoteHooking.ExecuteAsService<System.__Canon>(string InMethodName, object[] InParams) + 0x30 bytes    
ProcessMonitor.exe!ProcessMonitor.Form1.OnProcessUpdate(object InCallback) + 0x51 bytes    
mscorlib.dll!System.Threading._TimerCallback.TimerCallback_Context(object state) + 0x2f bytes    
mscorlib.dll!System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext executionContext, System.Threading.ContextCallback callback, object state) + 0x6f bytes    
mscorlib.dll!System.Threading._TimerCallback.PerformTimerCallback(object state) + 0x6b bytes 

At the same time, the following error message shows up in the "system" category of the Windows event viewer:

The EasyHook32Svc service failed to start due to the following error:
EasyHook32Svc is not a valid Win32 application.

I'll try to see if I can find the time and track down the problem myself this weekend. Perhaps someone else has an idea where to start looking?

Thanks & Cheers,

Chris

Aug 18, 2009 at 11:22 PM
Edited Aug 19, 2009 at 1:56 PM

Interesting: Running the same executable from

C:\EasyHook 2.6 Binaries

instead of

C:\Users\<username>\Desktop\EasyHook 2.6 Binaries

make that issue go away. That is, ProcessMonitor.exe starts-up nicely with no further glitches.

I'm thus guessing that this is simply yet another issue of the Windows file path length restriction stabbing me in the back. Still, a more comprehensive error message would have been helpful, though :).

Keep up the good work!

Chris