3

I have a Windows Service written in a managed language (.NET Framework v4.0) that is currently running.

For some reason, I am able to rename the service main executable while the service is running. I would suspect the file to be locked by Windows while the service is running, but this does not appear the case. More interestingly, it's still present in the task manager after renaming.

I'm not complaining that this is possible, but I'm wondering why. Anyone have an explanation for this?

Cee McSharpface
  • 8,493
  • 3
  • 36
  • 77
brz
  • 1,846
  • 21
  • 21
  • 2
    There's nothing special about windows services, specifically. See [this SuperUser question](https://superuser.com/q/488127/59978) – Damien_The_Unbeliever Mar 17 '17 at 07:57
  • 1
    Feature, not a bug. The OS puts a lock on the file data, not the directory entry. It is the basic way you can install an update for a program while it is running. – Hans Passant Mar 17 '17 at 08:16
  • 1
    It would not pick up the new executable image until the service is restarted. Update procedures that rely on this mechanism are prone to inconsistencies, if they fail to execute the service control commands (for example due to a lack of permissions) - and systems end up in a state where the file is new but the service is running on an old image unnoticed. then suddenly, when the server is rebooted, functionality changes or bugs in the update become apparent. seen not just once in productive environments, avoiding ever since. – Cee McSharpface Mar 17 '17 at 08:28
  • there is nothing C#/.net specific in this question. tried to answer it, but would not be surprised to see it closed as off-topic although duplicates on other SE sites [are not necessarily off-topic](https://meta.stackoverflow.com/q/287400/1132334) – Cee McSharpface Mar 17 '17 at 11:39
  • @CeeMcSharpface that's exactly what happened to me: successfully installed new version of the Windows service but installer was not able to stop currently running service (btw that's another Windows feature), ended up running old version for a while – Nikolay Klimchuk Apr 08 '21 at 13:37

1 Answers1

4

Taken from this answer on superuser, and How can we overwrite EXE files while users are running them?,

executables that are not exclusively locked, can be renamed. The windows service manager obtains a file handle on the service executable, which it keeps open as long as the service runs, and is totally unaffected by a rename. It does not lock the directory entry itself. So the executable can be read by other processes, and the directory entry of the file can be renamed.

Implications:

  • After the rename, a different version of the file can be placed.
  • If you, or an automated update process, fail to place the new version, any service that points to that executable will fail to start next time (on restart/reboot)
  • If the new version has issues, like bugs or missing dependencies, the service may fail to start next time (on restart/reboot)
  • When you place the new version, but fail to restart the service immediately, then it will become active at any time in the future which is not something admins (and users) like in a production environment.

Recommendations:

  • Do not rely on this mechanism. Have your update process stop the service. Fail the update when your update process has insufficient permissions to do so. Then replace the executable and all dependencies, and restart the service.
Community
  • 1
  • 1
Cee McSharpface
  • 8,493
  • 3
  • 36
  • 77