I am trying to use ClrMD to dump the stacktrace of all threads running within a specific process. The code works fine in my devlopment enviornment but not on the production server.
The server is running: Windows Server 2012 R2 Standard
The error I recieve is:
Could not attach to process. Error 0.
This post asks how to attach ClrMD to another users process, which was what I was trying to do. I terminated the process (which is running as a windows service) and started it as the same user that I am trying to execute ClrMD with. I still get the error.
Tried giving the user debugging privlidges but that didnt help either.
I bet the problem has something to do with how to production server is configured. I have administrator rights.
Any suggestions on what to do next?
Code:
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using Microsoft.Diagnostics.Runtime;
namespace ConsoleApplication4
{
class Program
{
static void Main(string[] args)
{
int pid = 0;
var result = new Dictionary<int, string[]>();
var targetProcessName = "Dist.TingbogScraper.Business.TingbogScraperService.vshost";
// Change this to the process you are looking for
var outputPath = "C:\\temp\\ClrMDresult.txt";
var exceptionOutput = "C:\\temp\\ClrMDdump.txt";
var processes = Process.GetProcesses();
foreach (var process in processes)
{
if (process.ProcessName.Contains(targetProcessName))
{
pid = process.Id;
}
}
try
{
using (var dataTarget = DataTarget.AttachToProcess(pid, 5000, AttachFlag.Passive))
{
ClrRuntime runtime = dataTarget.ClrVersions.First().CreateRuntime();
foreach (var t in runtime.Threads)
{
try
{
if (t.StackTrace != null)
{
result.Add(
t.ManagedThreadId,
t.StackTrace.Select(f =>
{
if (f.Method != null)
{
return f.Method.Type.Name + "." + f.Method.Name;
}
return null;
}).ToArray()
);
}
}
catch (Exception ex)
{
}
}
}
foreach (var kvp in result)
{
var value = kvp.Value;
foreach (var stacktrace in value)
{
System.IO.File.AppendAllText(outputPath,
string.Format("{0} {1} {2}", kvp.Key, stacktrace, Environment.NewLine));
}
}
}
catch (ClrDiagnosticsException ex)
{
System.IO.File.AppendAllText(outputPath,
string.Format("{0} {1} {2}", ex.Message, ex.StackTrace, ex.Source));
}
}
}
}
Found out that the name of the process was different on my development environment compared to production.
Correcting the name of the process fixed the error.
Related
Is there a way to get the path of the system files like "wininit.exe" from processId? Below code doesn't work. Process.GetProcesses() also doesn't return anything logical. Please help me.
P.S. I'm trying to code my own task manager designed based on my needs.
private static string GetMainModuleFilepath(int processId)
{
string wmiQueryString = "SELECT ProcessId, ExecutablePath FROM Win32_Process WHERE ProcessId = " + processId;
using (var searcher = new ManagementObjectSearcher(wmiQueryString))
{
using (var results = searcher.Get())
{
ManagementObject mo = results.Cast<ManagementObject>().FirstOrDefault();
if (mo != null)
{
return (string)mo["ExecutablePath"];
}
}
}
return null;
}
You can use the Process.GetProcessById method and pass in the ProcessId.
Then you can use the MainModule.FileName property on the ProcessModule.
My full code can be seen below: (I have done this in a Console App for quicker writing)
static void Main(string[] args)
{
while (true)
{
Console.WriteLine("Enter Process ID:");
var processIdString = Console.ReadLine();
var parsed = int.TryParse(processIdString, out var procId);
if (parsed)
{
var path = GetMainModuleFilepath(procId);
Console.WriteLine($"Found Path: {path}");
}
else
{
Console.WriteLine("Process Id must be a number!");
}
}
}
private static string GetMainModuleFilepath(int processId)
{
var process = Process.GetProcessById(processId);
if (process == null)
{
return string.Empty;
}
return process.MainModule?.FileName;
}
Which results in the following:
Note:
If you are running this code in 32 bit application, you'll not be able to access 64-bit application paths, so you'd have to compile and run you app as 64-bit application (Project Properties → Build → Platform Target → x64).
I tried to delete a test key through a C# script. The following code is my script, I also added admin value in manifest file for this project UAC. But it still doesn't work. Even restarted Visual Studio 2017 with Admin mode.
The error message said Cannot write to the registry key.
Not sure what's wrong in the script.
using System;
using System.Collections.Generic;
using System.Text;
using Microsoft.Win32;
using System.Security;
using System.Security.AccessControl;
using System.Security.Principal;
namespace temp_code_tester
{
class Program
{
static void Main(string[] args)
{
//Get current login account info from another Class
//string userName = WindowsIdentity.GetCurrent().Name;
//var SecCheck = new SecutriyProcesser();
//SecCheck.AddRule(userName);
var RunCheck = new AccessRegistry();
RunCheck.ACL("Test");
}
}
class AccessRegistry
{
public void ACL(string name)
{
Console.WriteLine("Getting the registry keys.....");
Console.WriteLine("---------------------------------------------\n");
//Open the SOFTWARE keys and input those keys into array
RegistryKey SoftKey = Registry.LocalMachine.OpenSubKey(#"SOFTWARE");
string[] lists = SoftKey.GetSubKeyNames();
foreach (string KeyName in lists)
{
Console.WriteLine(KeyName);
}
foreach (string value in lists)
{
if (value.Contains(name)) // if we find the key, then lists all subkeys
{
//Registry.LocalMachine.DeleteSubKeyTree(value);
Console.WriteLine("\nMatch one: {0}", value);
var RightKey = Registry.LocalMachine.OpenSubKey(#"SOFTWARE\" + value);
string[] SubList = RightKey.GetSubKeyNames();
foreach (string SubValue in SubList)
{
Console.WriteLine("Folder: {0} is under this key", SubValue);
}
if (SubList.Length > 1)
{
try
{
SoftKey.DeleteSubKeyTree(value);
Console.WriteLine("\nThe folder {0} has been removed", value);
}
catch (Exception er)
{
Console.WriteLine("Error: {0}", er.Message);
}
}
else
{
try
{
SoftKey.DeleteSubKey(value);
}
catch (Exception)
{
throw;
}
}
}
}
SoftKey.Close();
}
}
class SecutriyProcesser
{
// A method about add enough roles for current window account
public void AddRule(string userName)
{
RegistrySecurity rs = new RegistrySecurity();
rs.AddAccessRule(new RegistryAccessRule(userName,
RegistryRights.FullControl,
InheritanceFlags.ObjectInherit,
PropagationFlags.InheritOnly,
AccessControlType.Allow));
}
// Try to list the security level
public void ShowSecurity(RegistrySecurity security)
{
Console.WriteLine("\r\nCurrent access rules:\r\n");
foreach (RegistryAccessRule ar in security.GetAccessRules(true, true, typeof(NTAccount)))
{
Console.WriteLine(" User: {0}", ar.IdentityReference);
Console.WriteLine(" Type: {0}", ar.AccessControlType);
Console.WriteLine(" Rights: {0}", ar.RegistryRights);
Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags);
Console.WriteLine(" Propagation: {0}", ar.PropagationFlags);
Console.WriteLine(" Inherited? {0}", ar.IsInherited);
Console.WriteLine();
}
}
}
}
You forgot the 'writable' parameter of the 'OpenSubkey' method.
Try this :
RegistryKey SoftKey = Registry.LocalMachine.OpenSubKey(#"SOFTWARE", true);
It should work like this.
EDIT : This method will probably fail if you don't run Visual Studio as Administrator while debugging.
I developed a command line app in C# that runs some macros in MS ACCESS but I am getting the following error in the production environment:
System.Runtime.InteropServices.COMException (0x800A09B6): You can´t carry out this action at the present time.
at Microsoft.Office.Interop.Access.DoCmd.RunMacro(Object MacroName, Object RepeatCount, Object RepeatExpression)
When I run the application again it works fine.
This is the code:
public void RunMacros()
{
Application access = null;
_runningMacros = true;
CloseMessageBox("Microsoft Access"); // Thread to close MsgBoxes
try
{
access = new Application();
access.AutomationSecurity = Microsoft.Office.Core.MsoAutomationSecurity.msoAutomationSecurityLow;
var databases = MdbSettings.Config.Databases;
for (var mdbIndex = 0; mdbIndex < databases.Count; mdbIndex++)
{
if (databases[mdbIndex].Type == ReportType)
{
var mdbFile = databases[mdbIndex].File;
if (mdbFile.StartsWith("OcnTs*", StringComparison.InvariantCultureIgnoreCase))
{
mdbFile = mdbFile.Replace("*", Settings.DateReplaceName);
}
var mdbFullPath = GetFileFullPath(mdbFile, MdbPath);
access.OpenCurrentDatabase(mdbFullPath, Settings.IsDbExclusive);
for (var macrosIndex = 0; macrosIndex < databases[mdbIndex].Macros.Count; macrosIndex++)
{
var macro = databases[mdbIndex].Macros[macrosIndex].Name;
var message = string.Format("{0}, macro: {1}", Path.GetFileName(mdbFullPath), macro);
Log.Write(message);
access.DoCmd.RunMacro(macro);
}
access.CloseCurrentDatabase();
}
}
_runningMacros = false;
access.Quit(Microsoft.Office.Interop.Access.AcQuitOption.acQuitSaveNone);
Marshal.ReleaseComObject(access);
access = null;
}
catch (Exception ex)
{
Log.Write(ex.ToString());
try
{
Marshal.ReleaseComObject(access);
}
catch (Exception e)
{
Log.Write("Error realeasing Access application: " + e.ToString(), Log.Severity.Warning);
}
throw;
}
}
Can someone help me to fix the error?
EDITED:
- The error only occurs in production environment
- The production environment has installed MS Access 2010
- The development environment has installed MS Access 2016
- Every macro run between 6 and 20 queries
- The error does not always occur in the same macro
I am using System.Management.Automation.Runspaces.Pipleline to create a powershell pipeline instance and execute my powershell scripts in c# console application, the problem is that if the script end up with an error, then i don't know how to print that error on the console screen.
This is my code,
System.Management.Automation.Runspaces.Runspace PowershellRunspace = System.Management.Automation.Runspaces.RunspaceFactory.CreateRunspace();
PowershellRunspace.Open();
System.Management.Automation.RunspacesPipeline PowershellPipeline = PowershellRunspace.CreatePipeline();
PowershellPipeline.Commands.AddScript(PowershellScript);
PowershellPipeline.Commands.AddScript("Out-String");
foreach (string IpAddress in ActiveSystemIPAddresses)
{
PowershellPipeline.Commands.AddScript("Stop-Computer -ComputerName \"" + IpAddress + "\" -Credential $Credentials");
}
try
{
Collection<PSObject> output = PowershellPipeline.Invoke();
if (PowershellPipeline.HadErrors)
{
Console.WriteLine("Cannot shutdown this server IP");
}
PowershellPipeline.Stop();
StringBuilder results = new StringBuilder();
foreach (PSObject obj in output)
{
results.AppendLine(obj.ToString());
}
Console.WriteLine(results);
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
PowershellRunspace.Close();
I can see the property Pipeline.HadErrors but it only rake me to the loop if there are errors detected, its doing anyhting to get the error message. My problem is how to get the actual error on the console screen?
Something like this should get you the errors.
var rs = RunspaceFactory.CreateRunspace();
rs.Open();
var ps = rs.CreatePipeline();
ps.Commands.AddScript("Get-Member");
ps.Commands.AddScript("ps");
try
{
var result = ps.Invoke();
if (ps.HadErrors)
{
var errors = ps.Error.ReadToEnd();
foreach (var error in errors)
{
Console.WriteLine(error);
}
}
foreach (var r in result)
{
Console.WriteLine(r);
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
finally
{
ps.Stop();
}
With the recent changes, following works with Microsoft.powershell.5.referenceAssemblies in C#
var result = ps.Invoke();
if (ps.HadErrors)
{
foreach (ErrorRecord error in ps.Streams.Error.ReadAll())
{
Console.WriteLine(error.ToString());
// You can access error.FullyQualifiedErrorId or error.Exception if you needed to
// be specific in what you were looking for when it failed.
}
}
To see the errors you can look at the collection PowerShell.Streams.Error.
If you wanted to do this natively in a PowerShell script and return the error you could wrap it in a try/catch and return the $error variable.
$error is a PowerShell variable where all errors are automatically added in an array. The first item in the array is always the newest error.
I built a console application in Visual Studio with C#. I have a configuration file (app.config) with a lot of keys in order to identify the email I want to delete.
My issue is that even if the delete works if I have 10 unread emails to Delete, I need to run the application a few times in order to be able to do that. I am not getting any error.
It looks like there is a kind of timeout, so the application deletes the first 3 emails, leaving untouched the rest, then I run the application again and it removes the next 3 or 4 emails and then over and over until I get everything deleted.
Am I doing something wrong? Following my code, it connects to Outlook and our mail server is Microsoft Exchange.
using System;
using System.Collections.Generic;
using System.Configuration;
using System.Linq;
using Microsoft.Office.Interop.Outlook;
using Exception = System.Exception;
namespace OutlookReader
{
class Program
{
static void Main()
{
try
{
var outlookApplication = new ApplicationClass();
var mapiNameSpace = outlookApplication.GetNamespace("MAPI");
//Inbox
var inbox = mapiNameSpace.GetDefaultFolder(OlDefaultFolders.olFolderInbox);
//Unread emails
var unreadItems = inbox.Items.Restrict("[Unread]=true");
var splitter = char.Parse(ConfigurationManager.AppSettings["splitter"]);
var excludeBySenderName = ConfigurationManager.AppSettings["ExcludeBySenderName"].Split(splitter).ToList();
var excludeByEmail = ConfigurationManager.AppSettings["ExcludeByEmail"].Split(splitter).ToList();
var excludeByDomain = ConfigurationManager.AppSettings["ExcludeByDomain"].Split(splitter).ToList();
var excludeByTo = ConfigurationManager.AppSettings["ExcludeByTo"].Split(splitter).ToList();
var excludeBySubject = ConfigurationManager.AppSettings["ExcludeBySubject"].Split(splitter).ToList();
foreach (MailItem item in unreadItems)
{
Console.WriteLine("Sender: " + item.SenderName + " - To: " + item.To + " - Subject: " + item.Subject);
if (stringExists(item.SenderName, excludeBySenderName)
|| stringExists(item.SenderEmailAddress, excludeByEmail)
|| stringExists(item.SenderEmailAddress, excludeByDomain)
|| stringExists(item.To, excludeByTo)
|| stringExistsFullSearch(item.Body, excludeByDomain)
|| stringExistsFullSearch(item.HTMLBody, excludeByDomain)
|| stringExistsFullSearch(item.Subject, excludeBySubject))
{
//item.UnRead = false;
item.Delete();
}
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
Console.ReadKey();
}
private static bool stringExists(string pattern, List<string> list)
{
var result = list.Find(item => item.ToLower().Contains(pattern.ToLower()));
if (string.IsNullOrWhiteSpace(result))
{
return false;
}
return true;
}
private static bool stringExistsFullSearch(string pattern, List<string> list)
{
var result = false;
foreach (var item in list)
{
if (pattern.ToLower().Contains(item.ToLower()))
{
result = true;
}
}
return result;
}
}
}
You are modifying the collection while you are iterating through its elements. Loop through the restricted items colelction and store the entry ids (MailItem.EntryID) in a list. You can then loop through the stings in that list, open each item using Namespace.GetItemFromID, then delete the message using MailItem.Delete.