OCS Inventory: Windows Agent

OCSInventory.exe crashes when executing vbs plugin

Bug #742372 reported by Gerold Gruber on 2011-03-25

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OCS Inventory: Windows Agent	Status tracked in 2.x
	2.x	Fix Released	Medium	Didier Liroulet

Bug Description

I tried to implement the Linux example plugin which lists the open ports on Windows.

The output looks fine to me when run manually, even if I run it under the "Local System" account, as the service runs.
(tested with psexec from sysinternals : "psexec -s cmd" and then "cscript /nologo openport.vbs")

But when the plugin is executed from OCSinventory.exe it failes.
The problem occurs on Win7SP1 X64 German, it does not occur on Win2003 x86 (32bit) or with Agent V1

Related branches

lp:ocsinventory-windows-agent

Revision history for this message

Gerold Gruber (gruber-citkomm) wrote on 2011-03-25:

Logfile, eventvwr and vbs Program to reproduce the problem Edit (3.8 KiB, application/zip)

Revision history for this message

Gerold Gruber (gruber-citkomm) wrote on 2011-03-25:

the crash apparently occurs when the line
Set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
is executed

Revision history for this message

Gerold Gruber (gruber-citkomm) wrote on 2011-03-28:

updated: Logfile, eventvwr and vbs Program to reproduce the problem Edit (3.5 KiB, application/zip)

Didier Liroulet (dliroulet) on 2011-03-31

Changed in ocsinventory-windows-agent:
assignee:	nobody → Didier Liroulet (dliroulet)
importance:	Undecided → Medium

Didier Liroulet (dliroulet) on 2011-04-08

Changed in ocsinventory-windows-agent:
status:	New → Confirmed

Revision history for this message

Didier Liroulet (dliroulet) wrote on 2011-04-08:

Fix commited, see revision 228

Will be included in 2.0.0.16

Revision history for this message

Didier Liroulet (dliroulet) wrote on 2011-04-12:

Hi,

Agent release 2.0.0.16 is available to test at address http://launchpad.net/ocsinventory-windows-agent/2.0/2.0rc3/+download/OCSNG-Windows-Agent-2.0.0.16.zip.

Is it working for you ?

Cheers

Revision history for this message

Gerold Gruber (gruber-citkomm) wrote on 2011-04-13: Re: [Bug 742372] Re: OCSInventory.exe crashes when executing vbs plugin

virustotal_2_0_0_16.png Edit (53.1 KiB, image/png; name="virustotal_2_0_0_16.png")

Am 12.04.2011 17:27, schrieb Didier Liroulet:
> Hi,
Bonjour Didier,

>
> Agent release 2.0.0.16 is available to test at address
> http://launchpad.net/ocsinventory-windows-agent/2.0/2.0rc3/+download
> /OCSNG-Windows-Agent-2.0.0.16.zip.
>
> Is it working for you ?
yes, it works.

I still will have to find out, why the web interface now reports
(null), where empty strings should occur, but this is probably
a problem of the inventory server (which could be worked around
with ocsreports hacking ;-) )

We will have more testing during the next days on different
platforms, I will let you know the results.

A little problem I had with the download: our proxy's
virus scanner first prevented the download of the archive.
I append you the result of a virustotal.com checking.
Just to inform you, that others might experience such problems, too.
>
> Cheers
>
Best regards

Gerold
--
Abteilung Systembetrieb
Telefon: +49 2371 787 117
Fax: +49 2371 787 61117
E-Mail: <email address hidden>
Internet: http://www.citkomm.de

Citkomm services GmbH*
KDVZ Citkomm (Kommunaler Zweckverband)
Griesenbraucker Str. 4
58640 Iserlohn
Telefon: +49 2371 787 0
Fax: +49 2371 787 279
E-Mail: <email address hidden>
* Sitz der Gesellschaft: Iserlohn
   Handelsregister: AG Iserlohn, HRB 26 86
   Geschäftsführer: Dr. Michael Neubauer,
   Hans Jürgen Friebe, Kerstin Pliquett

Revision history for this message

Didier Liroulet (dliroulet) wrote on 2011-04-13:

Hello Gerold,

Sometimes, virus scanner consider NSIS code as malware :( We encounter many false positive with McAfee, BitDefender and other virus scanner.

concerning the (null) string, could you please attach a screen cap ?

I can check that to see if it is not an agent bug...

Cheers

Revision history for this message

Gerold Gruber (gruber-citkomm) wrote on 2011-04-18:

nullInOCSListing.PNG Edit (141.3 KiB, image/png; name="nullInOCSListing.PNG")

Am 13.04.2011 23:47, schrieb Didier Liroulet:
> Hello Gerold,
Bonjour Didier,
>
sorry for the delay in my answer, but I was out of office during the
last days.

> Sometimes, virus scanner consider NSIS code as malware :( We encounter
> many false positive with McAfee, BitDefender and other virus scanner.
yes, no problem, I just wanted to inform you.
>
> concerning the (null) string, could you please attach a screen cap ?
find it appended.

>
>
> I can check that to see if it is not an agent bug...
But I suspect this to be a server problem

>
> Cheers
>
Best regards

Gerold
--
Abteilung Systembetrieb
Telefon: +49 2371 787 117
Fax: +49 2371 787 61117
E-Mail: <email address hidden>
Internet: http://www.citkomm.de

Revision history for this message

Gerold Gruber (gruber-citkomm) wrote on 2011-05-05:

Bonjour Didier,

I investigated the (null) problem again and now I assume it is really related with the client.
My openport.vbs gives:
</NETSTAT>
<NETSTAT>
<PROTO>udp6</PROTO>
<LOCALADDRESS>[fe80::dc67:10cb:3e1e:ab3%16]:61506</LOCALADDRESS>
<STATE></STATE>
<PID>1528/C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation</PID>
</NETSTAT>

so you see the <STATE></STATE> line with just no content

But if I run the ocsinventory.exe with /xml switch I get in the resulting XML file
        </NETSTAT>
        <NETSTAT>
            <PROTO>udp6</PROTO>
            <LOCALADDRESS>[fe80::dc67:10cb:3e1e:ab3%16]:61506</LOCALADDRESS>
            <STATE>(null)</STATE>
            <PID>1528/C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation</PID>
        </NETSTAT>

that is: there is the (null) string already included.

On the other hand the empty string in LISTEN is imported and reported in the server's GUI correctly when it comes
from a Linux client.

Should wo reopen this bug or create a new one?

Best regards

Gerold

Revision history for this message

Didier Liroulet (dliroulet) wrote on 2011-05-05:

#10

Hello Gerold,

This is not the same as crashing agent with VBS. Could you please open a new one ?

Thanks by advance

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.