Execution tracing for a service child process

This tutorial describes how to collect an execution trace for a child process of a service (or any descendant process of the service).

This tutorial covers the following:

1. 1. Modifying an application to use the NT Service API
   2. How to use the Bug Validator user interface to collect an execution trace for the service’s child process.

Related tutorials:

Execution tracing in a child process.
Execution tracing in a service.
Execution tracing in an IIS ISAPI DLL.
Execution tracing for a child process from the command line.

Native applications and mixed-mode applications

This tutorial applies to all native applications and to mixed-mode applications where the startup code is native.

.Net services

If your application is written entirely in .Net or .Net Core, or your application is mixed-mode with the startup code written in .Net or .Net core you can skip the part of this tutorial relating to the NT Service API and go straight to the collecting an execution trace from a service child process section.

Example Service and Child Process Application

Bug Validator ships with an example service and an example child process launched by the service. These can be found in the  following directories in the Bug Validator installation directory:

• examples\serviceWithAChildProcess\serviceWithAChildProcess 
• examples\serviceWithAChildProcess\childProcess 

Installing the example service

1. Open an administrator mode cmd prompt
2. Type serviceWithAChildProcess.exe -install

Starting the example service

1. Open an administrator mode cmd prompt
2. Type serviceWithAChildProcess.exe -start

or

1. Start the services control panel (type services in the Windows 10 search bar, then choose the Services app).
2. Find the service in the list of services, right-click to display the context menu, then choose Start.

Stopping the example service

1. Open an administrator mode cmd prompt
2. Type serviceWithAChildProcess.exe -stop

or

1. Start the services control panel (type services in the Windows 10 search bar, then choose the Services app).
2. Find the service in the list of services, right-click to display the context menu, then choose Stop.

Uninstalling the example service

1. Open an administrator mode cmd prompt
2. Type serviceWithAChildProcess.exe -remove

The childProcess has already been modified to use the NT Service API. In this tutorial, we’ll describe the modifications you would make to the child process to make it work correctly with Bug Validator.

What is the NT Service API?

The NT Service API is a simple API that allows you to load the Bug Validator profiling DLL and start the process of collecting execution trace data.

The API also includes some debugging functions to help provide debugging information via log files (the only way to get data out of a service without a connection to the Bug Validator user interface).

Modifying your application to use the NT Service API

1. Identify your application’s main() function, and at the start of that function add a call to attachToBugValidator().
2. Just before the definition of main() add the code for the attachToBugValidator() function.

   static void attachToBugValidator()
   {
   	if (bLogging)
   	{
   		// Set the log file name. 
   		// When anything goes wrong the API will write error information to this file.
   		// You can also write to this log file any status errors you need (you'll see examples in this source file)
   
   		svlBVStub_setLogFileName(SZLOGFILENAME);
   		svlBVStub_deleteLogFile();
   	}
   
   	if (bLogging)
   	{
   		svlBVStub_writeToLogFileW(L"About to load Bug Validator\r\n");
   	}
   
   	SVL_SERVICE_ERROR	errCode;
   #ifdef IS6432
   	// x86 with x64 GUI
   	errCode = svlBVStub_LoadBugValidator6432();
   #else	//#ifdef IS6432
   	// x86 with x86 GUI
   	// x64 with x64 GUI
   	errCode = svlBVStub_LoadBugValidator();
   #endif	//#ifdef IS6432
   	if (bLogging)
   	{
   		if (errCode != SVL_OK)
   		{
   			DWORD	lastError;
   
   			lastError = GetLastError();
   			svlBVStub_writeToLogFileW(L"Bug Validator load failed. \r\n");
   			svlBVStub_writeToLogFileLastError(lastError);
   			svlBVStub_writeToLogFile(errCode);
   
   			svlBVStub_dumpPathToLogFile();
   		}
   		else
   		{
   			svlBVStub_writeToLogFileW(L"Bug Validator load success. \r\n");
   		}
   	}
   
   	// DO NOT setup a service callback because this is a child application of a service, not a service
   
   	// start Bug Validator
   
   	errCode = svlBVStub_StartBugValidator();
   	if (bLogging)
   	{
   		if (errCode != SVL_OK)
   		{
   			DWORD	lastError;
   
   			lastError = GetLastError();
   			svlBVStub_writeToLogFileW(L"Starting Bug Validator failed. \r\n");
   			svlBVStub_writeToLogFileLastError(lastError);
   			svlBVStub_writeToLogFile(errCode);
   		}
   
   		svlBVStub_writeToLogFileW(L"Finished loading Bug Validator\r\n");
   	}
   }
   

Collecting an execution trace from the service child process

Now that the NT Service API has been implemented in your application, we can start collecting execution trace data from the service child process.

1. Choose the Launch > Services > Monitor a service… option.

   

2. The Monitor a service dialog is displayed.

   

   Select the application executable (the service’s child process) you are going to monitor. For this example the application is examples\serviceWithAChildProcess\serviceWithAChildProcess\Release\childProcess.exe.

3. When you click OK, Bug Validator will set up everything needed to interact with the NT Service API and then present you with a dialog box. Note that although you are monitoring an application launched from a service the messages will still relate to the service.

   

4. Start your service. Then do the activities (if any) that cause the service to launch the child process.
5. Close the dialog box.
6. Bug Validator will instrument your service’s child process and start collecting execution traces.
7. Execution traces will be collected until the child process finishes executing. For best results, we recommend closing the child process normally (do not kill it with TaskManager or TerminateProcess). You may need to stop the parent service to make the child process close.

I’m not getting any execution trace data. What can I do?

There are a few things to check.

1. Have you correctly added the NT Service API to the application that will be the service’s child process? 
2. Check the log file for any errors. You specified the log file in step 2 with the call

   svlBVStub_setLogFileName(SZLOGFILENAME);

3. Check the diagnostics tab. If the NT Service API is working correctly Bug Validator will have some data. Information on instrumentation failures will be on the diagnostic tab.
4. Check the debug information dialog. You can access this from the Tools > DLL Debug Information… menu. This dialog will tell you which DLLs have debug information and which do not. Any DLLs that don’t have debug information you’ll need to ensure that debug information is built for these DLLs and is findable.

Conclusion

You have learned how to add the NT Service API to a native application that is going to be launched from a service, how to use Bug Validator to monitor a service’s child process, and what to look at to diagnose errors if things don’t work first time.