DPAPI and services.exe

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

h

Using DPAPI with .net using pinvoke. we have observing memory leaks with services.exe

anyone experienced this before.
 
Are you sure it's a leak and not caching? If it's caching, you can grow the
memory used until it hits some fairly obvious ceiling. If it's a leak, no
ceiling.

What's running under services.exe?

Are you sure that DPAPI is related to the alleged leak?

What are you calling and how?
 
Thanks for the reply Drew
To answer about the leak. It is not memory leaks.
we ran the perf counters and found that the handle count spurs. For every pinvoke call the no.of handles with services.exe shoots up(starts at 1500 goes up to 100s and thousand). The no.of handles are not cleared once the app is exited.
We need to reboot the server to clear the handles
 
Interesting! I have a few more questions:

1. What's running under services.exe?
2. What (APIs) are you calling and how (what parameters)?
3. What version of the .NET framework are you using?
4. Is this Win2k with the latest service pack?

Might as well toss this one in, too:
5. Do you know what the handles are to? You can check with Process Explorer
or handle.exe from sysinternals.com.

With answers 1-4 I can let a DPAPI tester know what the scenario is. I
don't really need the answer to #5, but it would probably let me know
whether it's a DPAPI problem or not.
--
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.


Venkat said:
Thanks for the reply Drew C
To answer about the leak. It is not memory leaks.
we ran the perf counters and found that the handle count spurs. For every
Click to expand...
pinvoke call the no.of handles with services.exe shoots up(starts at 1500
goes up to 100s and thousand). The no.of handles are not cleared once the
app is exited.
 
Dre

1) Services are running a domain account with roaming profiles as per microsoft recommendation. This calls a enterprise services complus component which also runs with the same domain roaming profile account. The complus is calling the pinvoke

2) Standard Crypt method given by microsoft with dpapi. let me know if you need any specific info. I can send the cod

3) .net framework 1.1 with latest service pack

4) Win 2k has SP4 and all the latest hot fixes release

5) I am just now looking into the process explorer. I will come back if I find something interesting

We will be calling microsoft for support probably tomorrow morning. My another colleague is looking that right now.

Do you know why services.exe is creating so many handles.
If you want me to check couple of registry settings just let me know

Thanks for your help.
 
1. services.exe is a service host. It is running one or more services. You
can use tlist.exe from the resource kit to list the services running in a
service host. Unfortunately the task manager doesn't have that
functionality.

2. Exactly which function(s)? There's not a standard Crypt method. There
is CryptEncrypt() and CryptDecrypt().
What parameters are you passing?
I'm only interested in those few details - not in reading your source
code. Our lawyers don't like it when we read other people's sources.

If you can give me enough information for a tester to reproduce the problem,
I can try to convince someone to spend time investigating.
Microsoft product support will want to know the answers to those questions,
too.



I don't know why services.exe is creating so many handles. If I did, I
wouldn't be asking questions like these. Knowing what services are actually
running in services.exe and especially knowing what the handles are to would
be really good clues, though.

I know of no registry settings that would help in the case, though I accept
as a strange kind of joke that helpful registry settings almost always
exist. ;-)
--
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.


Venkat said:
Drew

1) Services are running a domain account with roaming profiles as per
Click to expand...
microsoft recommendation. This calls a enterprise services complus
component which also runs with the same domain roaming profile account. The
complus is calling the pinvokes
2) Standard Crypt method given by microsoft with dpapi. let me know if
Click to expand...
you need any specific info. I can send the code
3) .net framework 1.1 with latest service packs

4) Win 2k has SP4 and all the latest hot fixes released

5) I am just now looking into the process explorer. I will come back if I find something interesting.

We will be calling microsoft for support probably tomorrow morning. My
Click to expand...
another colleague is looking that right now.
 
Dre
I have identified one thing running process explorer. There are lot security Tokens(handles) created by the service.exe and it is not getting recycled or cleared. I am not sure whether .net enterprise service is requesting the domain controller for a valid security token for each and each call.
with nt domain controller we are not having problem ( not too many handles and it creates only 3 handles and my guess is reused or cached locally). The problem is only with the win2k domain controller. Do you think of something.

We are already in touch with PSS and dpapi guys in microsoft I believe.

Thanks
 
Back
Top