Winexe / Bugs / #49 winexesvc.exe crash on xp/2003/vista/2008/2003

#49 winexesvc.exe crash on xp/2003/vista/2008/2003

Milestone: 1.1

Status: open

Owner: nobody

Labels: None

Priority: medium

Updated: 2015-11-06

Created: 2014-07-28

Creator: jason whipp

Private: No

I recently had to upgrade from winexe 1.0 to get the support fixes for windows 8.1 and 2012r2 service packs. I noticed that on recent versions (7 and up) it works fine, but all versions below that now fail.

I have debug output and the windows error reporting information pertaining to the winexesvc service crash.

For the time being I have both version installed and I'm switching depending on my target.

winexe --uninstall --user=* //*** "cmd /c hostname"
ERROR: StartService failed. NT code 0xc000041d.

winexe --debuglevel=9 --uninstall --user=* //*** "cmd /c hostname"
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
winexe version 1.1
This program may be freely redistributed under the terms of the GNU GPLv3
added interface eth1 ip=10.50.1.102 bcast=10.50.1.255 netmask=255.255.255.0
added interface eth1:1 ip=10.50.1.211 bcast=10.50.1.255 netmask=255.255.255.0
added interface eth1 ip=10.50.1.102 bcast=10.50.1.255 netmask=255.255.255.0
added interface eth1:1 ip=10.50.1.211 bcast=10.50.1.255 netmask=255.255.255.0
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
Could not test socket option SO_REUSEPORT.
SO_SNDBUF = 23720
SO_RCVBUF = 87380
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Cannot do GSSAPI to an IP address
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
IN: async_open(\ahexec, 2)
IN: async_open_recv
ERROR: smb_raw_open_recv - NT_STATUS_OBJECT_NAME_NOT_FOUND
ERROR: on_ctrl_pipe_error - NT_STATUS_OBJECT_NAME_NOT_FOUND
ERROR: Cannot open control pipe - NT_STATUS_OBJECT_NAME_NOT_FOUND, installing service
Installing service
Using binding ncacn_np:10.50.3.103[,print]
Mapped to DCERPC endpoint \pipe\svcctl
added interface eth1 ip=10.50.1.102 bcast=10.50.1.255 netmask=255.255.255.0
added interface eth1:1 ip=10.50.1.211 bcast=10.50.1.255 netmask=255.255.255.0
added interface eth1 ip=10.50.1.102 bcast=10.50.1.255 netmask=255.255.255.0
added interface eth1:1 ip=10.50.1.211 bcast=10.50.1.255 netmask=255.255.255.0
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
Could not test socket option SO_REUSEPORT.
SO_SNDBUF = 23720
SO_RCVBUF = 87380
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Cannot do GSSAPI to an IP address
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
svcctl_OpenSCManagerW: struct svcctl_OpenSCManagerW
in: struct svcctl_OpenSCManagerW
MachineName : *
MachineName : '10.50.3.103'
DatabaseName : NULL
access_mask : 0x02000000 (33554432)
0: SC_RIGHT_MGR_CONNECT
0: SC_RIGHT_MGR_CREATE_SERVICE
0: SC_RIGHT_MGR_ENUMERATE_SERVICE
0: SC_RIGHT_MGR_LOCK
0: SC_RIGHT_MGR_QUERY_LOCK_STATUS
0: SC_RIGHT_MGR_MODIFY_BOOT_CONFIG
svcctl_OpenSCManagerW: struct svcctl_OpenSCManagerW
out: struct svcctl_OpenSCManagerW
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 2716f87e-ab37-423a-92f5-68614e63c0b8
result : WERR_OK
svcctl_OpenServiceW: struct svcctl_OpenServiceW
in: struct svcctl_OpenServiceW
scmanager_handle : *
scmanager_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 2716f87e-ab37-423a-92f5-68614e63c0b8
ServiceName : 'winexesvc'
access_mask : 0x000f01ff (983551)
1: SC_RIGHT_SVC_QUERY_CONFIG
1: SC_RIGHT_SVC_CHANGE_CONFIG
1: SC_RIGHT_SVC_QUERY_STATUS
1: SC_RIGHT_SVC_ENUMERATE_DEPENDENTS
1: SC_RIGHT_SVC_START
1: SC_RIGHT_SVC_STOP
1: SC_RIGHT_SVC_PAUSE_CONTINUE
1: SC_RIGHT_SVC_INTERROGATE
1: SC_RIGHT_SVC_USER_DEFINED_CONTROL
svcctl_OpenServiceW: struct svcctl_OpenServiceW
out: struct svcctl_OpenServiceW
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000000-0000-0000-0000-000000000000
result : WERR_NO_SUCH_SERVICE
svcctl_CreateServiceW: struct svcctl_CreateServiceW
in: struct svcctl_CreateServiceW
scmanager_handle : *
scmanager_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 2716f87e-ab37-423a-92f5-68614e63c0b8
ServiceName : 'winexesvc'
DisplayName : NULL
desired_access : 0x000f01ff (983551)
type : 0x00000010 (16)
start_type : SVCCTL_DEMAND_START (3)
error_control : SVCCTL_SVC_ERROR_NORMAL (1)
binary_path : 'winexesvc.exe'
LoadOrderGroupKey : NULL
TagId : NULL
dependencies : NULL
dependencies_size : 0x00000000 (0)
service_start_name : NULL
password : NULL
password_size : 0x00000000 (0)
svcctl_CreateServiceW: struct svcctl_CreateServiceW
out: struct svcctl_CreateServiceW
TagId : NULL
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 4371683c-b403-4f98-93d1-f7f0cae59692
result : WERR_OK
svcctl_QueryServiceStatus: struct svcctl_QueryServiceStatus
in: struct svcctl_QueryServiceStatus
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 4371683c-b403-4f98-93d1-f7f0cae59692
svcctl_QueryServiceStatus: struct svcctl_QueryServiceStatus
out: struct svcctl_QueryServiceStatus
service_status : *
service_status: struct SERVICE_STATUS
type : 0x00000010 (16)
state : SVCCTL_STOPPED (1)
controls_accepted : 0x00000000 (0)
0: SVCCTL_ACCEPT_STOP
0: SVCCTL_ACCEPT_PAUSE_CONTINUE
0: SVCCTL_ACCEPT_SHUTDOWN
0: SVCCTL_ACCEPT_PARAMCHANGE
0: SVCCTL_ACCEPT_NETBINDCHANGE
0: SVCCTL_ACCEPT_HARDWAREPROFILECHANGE
0: SVCCTL_ACCEPT_POWEREVENT
win32_exit_code : WERR_SERVICE_NEVER_STARTED
service_exit_code : 0x00000000 (0)
check_point : 0x00000000 (0)
wait_hint : 0x00000000 (0)
result : WERR_OK
added interface eth1 ip=10.50.1.102 bcast=10.50.1.255 netmask=255.255.255.0
added interface eth1:1 ip=10.50.1.211 bcast=10.50.1.255 netmask=255.255.255.0
added interface eth1 ip=10.50.1.102 bcast=10.50.1.255 netmask=255.255.255.0
added interface eth1:1 ip=10.50.1.211 bcast=10.50.1.255 netmask=255.255.255.0
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
Could not test socket option SO_REUSEPORT.
SO_SNDBUF = 23720
SO_RCVBUF = 87380
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Cannot do GSSAPI to an IP address
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
svc_UploadService: Installing 64bit winexesvc.exe
svcctl_StartServiceW: struct svcctl_StartServiceW
in: struct svcctl_StartServiceW
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 4371683c-b403-4f98-93d1-f7f0cae59692
NumArgs : 0x00000000 (0)
Arguments : NULL
svcctl_StartServiceW: struct svcctl_StartServiceW
out: struct svcctl_StartServiceW
result : WERR_SERVICE_REQUEST_TIMEOUT
ERROR: StartService failed. NT code 0xc000041d.
Using binding ncacn_np:10.50.3.103[,print]
Mapped to DCERPC endpoint \pipe\svcctl
added interface eth1 ip=10.50.1.102 bcast=10.50.1.255 netmask=255.255.255.0
added interface eth1:1 ip=10.50.1.211 bcast=10.50.1.255 netmask=255.255.255.0
added interface eth1 ip=10.50.1.102 bcast=10.50.1.255 netmask=255.255.255.0
added interface eth1:1 ip=10.50.1.211 bcast=10.50.1.255 netmask=255.255.255.0
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
Could not test socket option SO_REUSEPORT.
SO_SNDBUF = 23720
SO_RCVBUF = 87380
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Cannot do GSSAPI to an IP address
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
svcctl_OpenSCManagerW: struct svcctl_OpenSCManagerW
in: struct svcctl_OpenSCManagerW
MachineName : *
MachineName : '10.50.3.103'
DatabaseName : NULL
access_mask : 0x02000000 (33554432)
0: SC_RIGHT_MGR_CONNECT
0: SC_RIGHT_MGR_CREATE_SERVICE
0: SC_RIGHT_MGR_ENUMERATE_SERVICE
0: SC_RIGHT_MGR_LOCK
0: SC_RIGHT_MGR_QUERY_LOCK_STATUS
0: SC_RIGHT_MGR_MODIFY_BOOT_CONFIG
svcctl_OpenSCManagerW: struct svcctl_OpenSCManagerW
out: struct svcctl_OpenSCManagerW
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : facd2817-7337-4246-b46d-f05eb808e0ae
result : WERR_OK
svcctl_OpenServiceW: struct svcctl_OpenServiceW
in: struct svcctl_OpenServiceW
scmanager_handle : *
scmanager_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : facd2817-7337-4246-b46d-f05eb808e0ae
ServiceName : 'winexesvc'
access_mask : 0x000f01ff (983551)
1: SC_RIGHT_SVC_QUERY_CONFIG
1: SC_RIGHT_SVC_CHANGE_CONFIG
1: SC_RIGHT_SVC_QUERY_STATUS
1: SC_RIGHT_SVC_ENUMERATE_DEPENDENTS
1: SC_RIGHT_SVC_START
1: SC_RIGHT_SVC_STOP
1: SC_RIGHT_SVC_PAUSE_CONTINUE
1: SC_RIGHT_SVC_INTERROGATE
1: SC_RIGHT_SVC_USER_DEFINED_CONTROL
svcctl_OpenServiceW: struct svcctl_OpenServiceW
out: struct svcctl_OpenServiceW
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : ab05e3b7-05c0-4097-a492-04bf151f5f99
result : WERR_OK
OpenService - NT_STATUS_OK
svcctl_ControlService: struct svcctl_ControlService
in: struct svcctl_ControlService
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : ab05e3b7-05c0-4097-a492-04bf151f5f99
control : SVCCTL_CONTROL_STOP (1)
svcctl_ControlService: struct svcctl_ControlService
out: struct svcctl_ControlService
service_status : *
service_status: struct SERVICE_STATUS
type : 0x00000010 (16)
state : SVCCTL_STOPPED (1)
controls_accepted : 0x00000000 (0)
0: SVCCTL_ACCEPT_STOP
0: SVCCTL_ACCEPT_PAUSE_CONTINUE
0: SVCCTL_ACCEPT_SHUTDOWN
0: SVCCTL_ACCEPT_PARAMCHANGE
0: SVCCTL_ACCEPT_NETBINDCHANGE
0: SVCCTL_ACCEPT_HARDWAREPROFILECHANGE
0: SVCCTL_ACCEPT_POWEREVENT
win32_exit_code : WERR_OK
service_exit_code : 0x00000000 (0)
check_point : 0x00000000 (0)
wait_hint : 0x00000000 (0)
result : WERR_SERVICE_NOT_ACTIVE
svcctl_QueryServiceStatus: struct svcctl_QueryServiceStatus
in: struct svcctl_QueryServiceStatus
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : ab05e3b7-05c0-4097-a492-04bf151f5f99
svcctl_QueryServiceStatus: struct svcctl_QueryServiceStatus
out: struct svcctl_QueryServiceStatus
service_status : *
service_status: struct SERVICE_STATUS
type : 0x00000010 (16)
state : SVCCTL_STOPPED (1)
controls_accepted : 0x00000000 (0)
0: SVCCTL_ACCEPT_STOP
0: SVCCTL_ACCEPT_PAUSE_CONTINUE
0: SVCCTL_ACCEPT_SHUTDOWN
0: SVCCTL_ACCEPT_PARAMCHANGE
0: SVCCTL_ACCEPT_NETBINDCHANGE
0: SVCCTL_ACCEPT_HARDWAREPROFILECHANGE
0: SVCCTL_ACCEPT_POWEREVENT
win32_exit_code : WERR_OK
service_exit_code : 0x00000000 (0)
check_point : 0x00000000 (0)
wait_hint : 0x00000000 (0)
result : WERR_OK
StopService - NT_STATUS_OK
svcctl_DeleteService: struct svcctl_DeleteService
in: struct svcctl_DeleteService
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : ab05e3b7-05c0-4097-a492-04bf151f5f99
svcctl_DeleteService: struct svcctl_DeleteService
out: struct svcctl_DeleteService
result : WERR_OK
DeleteService - NT_STATUS_OK
svcctl_CloseServiceHandle: struct svcctl_CloseServiceHandle
in: struct svcctl_CloseServiceHandle
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : ab05e3b7-05c0-4097-a492-04bf151f5f99
svcctl_CloseServiceHandle: struct svcctl_CloseServiceHandle
out: struct svcctl_CloseServiceHandle
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000000-0000-0000-0000-000000000000
result : WERR_OK
CloseServiceHandle - NT_STATUS_OK
svcctl_CloseServiceHandle: struct svcctl_CloseServiceHandle
in: struct svcctl_CloseServiceHandle
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : facd2817-7337-4246-b46d-f05eb808e0ae
svcctl_CloseServiceHandle: struct svcctl_CloseServiceHandle
out: struct svcctl_CloseServiceHandle
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000000-0000-0000-0000-000000000000
result : WERR_OK
CloseSCMHandle - NT_STATUS_OK
added interface eth1 ip=10.50.1.102 bcast=10.50.1.255 netmask=255.255.255.0
added interface eth1:1 ip=10.50.1.211 bcast=10.50.1.255 netmask=255.255.255.0
added interface eth1 ip=10.50.1.102 bcast=10.50.1.255 netmask=255.255.255.0
added interface eth1:1 ip=10.50.1.211 bcast=10.50.1.255 netmask=255.255.255.0
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
Could not test socket option SO_REUSEPORT.
SO_SNDBUF = 23720
SO_RCVBUF = 87380
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Cannot do GSSAPI to an IP address
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
Delete winexesvc.exe - NT_STATUS_OK
Closing ADMIN$ - NT_STATUS_OK

Fault bucket 43814610, type 20
Event Name: APPCRASH
Response: None
Cab Id: 0

Problem signature:
P1: winexesvc.exe
P2: 0.0.0.0
P3: 53ae9931
P4: KERNEL32.dll!OpenThreadToken
P5: 6.0.6002.18881
P6: 51da3d16
P7: c0000139
P8: 00000000000b6fc8
P9:
P10:

Attached files:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report2d28e6a1\WERDABF.tmp.version.txt
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report2d28e6a1\WERDAC0.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report2d28e6a1\WERDAD1.tmp.hdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report2d28e6a1\WERE694.tmp.mdmp

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report0b5ac3db

Discussion

aipetri - 2015-01-21

There seemed to be a problem in the samba repo that caused this behavior.
There were two issues which are fixed now:
1) OS Autodetection code in WinExe didn't work. So in this example, if you put ostype=0 it would work but you only will be able to run 32-bit executables
2) winexesvc that was built for 64-bit Windows cannot load on Windows 2003 64-bit due to attempt to import function OpenThreadToken from the wrong library

If you get latest right now (Jan 21 2015) of both samba and git, revert samba to this revision: a6bda1f2bc85779feb9680bc74821da5ccd401c5 you should be able to build winexe that works across the board. It worked for me on CentOS 6.4 64-bit.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Tom Dexter - 2015-11-05

I've been running into failures as described in the original ticket mostly on some Windows 2003 machines. Unfortunately I don't have any debugging details as the moment. Yesterday I tried recompiling a version on Cent OS 6.7 64 bit as you described, with that version of Samba and the curent waf. Here's specifically what I did:

git clone git://git.code.sf.net/p/winexe/winexe-waf winexe-waf
cd winexe-waf
git clone git://git.samba.org/samba.git samba
cd samba
git reset --hard a6bda1f2bc85779feb9680bc74821da5ccd401c5

Then I built as per the static build instructions and it built with no issues, however it doesn't seem to have corrected the issue with the problem Windows 2003 server. Is the above procedure correct? It seems like it should be. Is there any more known about this issue? Thanks!

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

aipetri - 2015-11-05

Not sure how it works in this forum, but I would start by getting you my binary that I compiled and use pretty extensively on the daily basis on all OS from 2k3 up and see if this resolve the issue that you are experiencing - not sure if this would work right away on 6.7. let me know

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Tom Dexter - 2015-11-06

Good news actually. The re-compiled version did in fact work, but we first had to jump through some hoops to get an old stuck version of the winexesvc to uninstall on the Windows side. Thanks for this work-around!

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

winexesvc.exe crash on xp/2003/vista/2008/2003

Remote Windows®-command executor

Group

Searches

Help

#49 winexesvc.exe crash on xp/2003/vista/2008/2003

Discussion