projects / reactos.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[SERVICES]
[reactos.git] / reactos / base / system / services / database.c
diff --git a/reactos/base/system/services/database.c b/reactos/base/system/services/database.c
index 1c2cc7e..4ae8473 100644 (file)
--- a/reactos/base/system/services/database.c
+++ b/reactos/base/system/services/database.c
@@ -14,14 +14,23 @@
 
 #include "services.h"
 
+#include <winuser.h>
+
 #define NDEBUG
 #include <debug.h>
 
 /*
  * Uncomment the line below to start services
- *  using the SERVICE_START_PENDING state
+ * using the SERVICE_START_PENDING state.
+ */
+#define USE_SERVICE_START_PENDING
+
+/*
+ * Uncomment the line below to use asynchronous IO operations
+ * on the service control pipes.
  */
-// #define USE_SERVICE_START_PENDING
+#define USE_ASYNCHRONOUS_IO
+
 
 /* GLOBALS *******************************************************************/
 
@@ -29,9 +38,12 @@ LIST_ENTRY ImageListHead;
 LIST_ENTRY ServiceListHead;
 
 static RTL_RESOURCE DatabaseLock;
-static DWORD dwResumeCount = 1;
+static DWORD ResumeCount = 1;
 
+/* The critical section synchronizes service control requests */
 static CRITICAL_SECTION ControlServiceCriticalSection;
+static DWORD PipeTimeout = 30000; /* 30 Seconds */
+
 
 /* FUNCTIONS *****************************************************************/
 
@@ -87,17 +99,21 @@ ScmCreateNewControlPipe(PSERVICE_IMAGE pServiceImage)
     }
 
     /* Create '\\.\pipe\net\NtControlPipeXXX' instance */
-    swprintf(szControlPipeName, L"\\\\.\\pipe\\net\\NtControlPipe%u", ServiceCurrent);
+    swprintf(szControlPipeName, L"\\\\.\\pipe\\net\\NtControlPipe%lu", ServiceCurrent);
 
     DPRINT("PipeName: %S\n", szControlPipeName);
 
     pServiceImage->hControlPipe = CreateNamedPipeW(szControlPipeName,
+#ifdef USE_ASYNCHRONOUS_IO
+                                                   PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED,
+#else
                                                    PIPE_ACCESS_DUPLEX,
+#endif
                                                    PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT,
                                                    100,
                                                    8000,
                                                    4,
-                                                   30000,
+                                                   PipeTimeout,
                                                    NULL);
     DPRINT("CreateNamedPipeW(%S) done\n", szControlPipeName);
     if (pServiceImage->hControlPipe == INVALID_HANDLE_VALUE)
@@ -133,7 +149,7 @@ ScmGetServiceImageByImagePath(LPWSTR lpImagePath)
         ImageEntry = ImageEntry->Flink;
     }
 
-    DPRINT1("Couldn't find a matching image\n");
+    DPRINT("Couldn't find a matching image\n");
 
     return NULL;
 
@@ -178,9 +194,9 @@ ScmCreateOrReferenceServiceImage(PSERVICE pService)
     if (pServiceImage == NULL)
     {
         /* Create a new service image */
-        pServiceImage = (PSERVICE_IMAGE)HeapAlloc(GetProcessHeap(),
-                                                  HEAP_ZERO_MEMORY,
-                                                  sizeof(SERVICE_IMAGE) + ((wcslen(ImagePath.Buffer) + 1) * sizeof(WCHAR)));
+        pServiceImage = HeapAlloc(GetProcessHeap(),
+                                  HEAP_ZERO_MEMORY,
+                                  FIELD_OFFSET(SERVICE_IMAGE, szImagePath[ImagePath.Length / sizeof(WCHAR) + 1]));
         if (pServiceImage == NULL)
         {
             dwError = ERROR_NOT_ENOUGH_MEMORY;
@@ -189,7 +205,6 @@ ScmCreateOrReferenceServiceImage(PSERVICE pService)
 
         pServiceImage->dwImageRunCount = 1;
         pServiceImage->hControlPipe = INVALID_HANDLE_VALUE;
-        pServiceImage->hProcess = INVALID_HANDLE_VALUE;
 
         /* Set the image path */
         wcscpy(pServiceImage->szImagePath,
@@ -252,10 +267,6 @@ ScmDereferenceServiceImage(PSERVICE_IMAGE pServiceImage)
         if (pServiceImage->hControlPipe != INVALID_HANDLE_VALUE)
             CloseHandle(pServiceImage->hControlPipe);
 
-        /* Close the process handle */
-        if (pServiceImage->hProcess != INVALID_HANDLE_VALUE)
-            CloseHandle(pServiceImage->hProcess);
-
         /* Release the service image */
         HeapFree(GetProcessHeap(), 0, pServiceImage);
     }
@@ -351,16 +362,16 @@ ScmGetServiceEntryByResumeCount(DWORD dwResumeCount)
 
 DWORD
 ScmCreateNewServiceRecord(LPCWSTR lpServiceName,
-                          PSERVICE *lpServiceRecord)
+                          PSERVICElpServiceRecord)
 {
     PSERVICE lpService = NULL;
 
     DPRINT("Service: '%S'\n", lpServiceName);
 
     /* Allocate service entry */
-    lpService = (SERVICE*)HeapAlloc(GetProcessHeap(),
+    lpService = HeapAlloc(GetProcessHeap(),
                           HEAP_ZERO_MEMORY,
-                          sizeof(SERVICE) + ((wcslen(lpServiceName) + 1) * sizeof(WCHAR)));
+                          FIELD_OFFSET(SERVICE, szServiceName[wcslen(lpServiceName) + 1]));
     if (lpService == NULL)
         return ERROR_NOT_ENOUGH_MEMORY;
 
@@ -372,7 +383,7 @@ ScmCreateNewServiceRecord(LPCWSTR lpServiceName,
     lpService->lpDisplayName = lpService->lpServiceName;
 
     /* Set the resume count */
-    lpService->dwResumeCount = dwResumeCount++;
+    lpService->dwResumeCount = ResumeCount++;
 
     /* Append service record */
     InsertTailList(&ServiceListHead,
@@ -576,15 +587,17 @@ ScmDeleteRegKey(HKEY hKey, LPCWSTR lpszSubKey)
     {
         /* Find the maximum subkey length so that we can allocate a buffer */
         dwRet = RegQueryInfoKeyW(hSubKey, NULL, NULL, NULL, NULL,
-                                                         &dwMaxSubkeyLen, NULL, NULL, NULL, NULL, NULL, NULL);
+                                 &dwMaxSubkeyLen, NULL, NULL, NULL, NULL, NULL, NULL);
         if (!dwRet)
         {
             dwMaxSubkeyLen++;
-            if (dwMaxSubkeyLen > sizeof(szNameBuf)/sizeof(WCHAR))
+            if (dwMaxSubkeyLen > sizeof(szNameBuf) / sizeof(WCHAR))
+            {
                 /* Name too big: alloc a buffer for it */
-                lpszName = HeapAlloc(GetProcessHeap(), 0, dwMaxSubkeyLen*sizeof(WCHAR));
+                lpszName = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwMaxSubkeyLen * sizeof(WCHAR));
+            }
 
-            if(!lpszName)
+            if (!lpszName)
                 dwRet = ERROR_NOT_ENOUGH_MEMORY;
             else
             {
@@ -643,7 +656,7 @@ ScmDeleteMarkedServices(VOID)
                     HeapFree(GetProcessHeap(), 0, CurrentService);
                 }
             }
-            
+
             if (dwError != ERROR_SUCCESS)
                 DPRINT1("Delete service failed: %S\n", CurrentService->lpServiceName);
         }
@@ -651,46 +664,6 @@ ScmDeleteMarkedServices(VOID)
 }
 
 
-VOID
-WaitForLSA(VOID)
-{
-    HANDLE hEvent;
-    DWORD dwError;
-
-    DPRINT("WaitForLSA() called\n");
-
-    hEvent = CreateEventW(NULL,
-                          TRUE,
-                          FALSE,
-                          L"LSA_RPC_SERVER_ACTIVE");
-    if (hEvent == NULL)
-    {
-        dwError = GetLastError();
-        DPRINT1("Failed to create the notication event (Error %lu)\n", dwError);
-
-        if (dwError == ERROR_ALREADY_EXISTS)
-        {
-            hEvent = OpenEventW(SYNCHRONIZE,
-                                FALSE,
-                                L"LSA_RPC_SERVER_ACTIVE");
-            if (hEvent != NULL)
-            {
-               DPRINT1("Could not open the notification event!\n");
-               return;
-            }
-        }
-    }
-
-    DPRINT("Wait for LSA!\n");
-    WaitForSingleObject(hEvent, INFINITE);
-    DPRINT("LSA is available!\n");
-
-    CloseHandle(hEvent);
-
-    DPRINT("WaitForLSA() done\n");
-}
-
-
 DWORD
 ScmCreateServiceDatabase(VOID)
 {
@@ -762,8 +735,8 @@ ScmCreateServiceDatabase(VOID)
 
     RegCloseKey(hServicesKey);
 
-    /* Wait for LSA */
-    WaitForLSA();
+    /* Wait for the LSA server */
+    ScmWaitForLsa();
 
     /* Delete services that are marked for delete */
     ScmDeleteMarkedServices();
@@ -802,13 +775,12 @@ ScmCheckDriver(PSERVICE Service)
 
     if (Service->Status.dwServiceType == SERVICE_KERNEL_DRIVER)
     {
-        RtlInitUnicodeString(&DirName,
-                             L"\\Driver");
+        RtlInitUnicodeString(&DirName, L"\\Driver");
     }
-    else
+    else // if (Service->Status.dwServiceType == SERVICE_FILE_SYSTEM_DRIVER)
     {
-        RtlInitUnicodeString(&DirName,
-                             L"\\FileSystem");
+        ASSERT(Service->Status.dwServiceType == SERVICE_FILE_SYSTEM_DRIVER);
+        RtlInitUnicodeString(&DirName, L"\\FileSystem");
     }
 
     InitializeObjectAttributes(&ObjectAttributes,
@@ -826,8 +798,8 @@ ScmCheckDriver(PSERVICE Service)
     }
 
     BufferLength = sizeof(OBJECT_DIRECTORY_INFORMATION) +
-                   2 * MAX_PATH * sizeof(WCHAR);
-    DirInfo = (OBJECT_DIRECTORY_INFORMATION*) HeapAlloc(GetProcessHeap(),
+                       2 * MAX_PATH * sizeof(WCHAR);
+    DirInfo = HeapAlloc(GetProcessHeap(),
                         HEAP_ZERO_MEMORY,
                         BufferLength);
 
@@ -918,43 +890,188 @@ ScmControlService(PSERVICE Service,
 
     DWORD dwWriteCount = 0;
     DWORD dwReadCount = 0;
-    DWORD TotalLength;
+    DWORD PacketSize;
+    PWSTR Ptr;
     DWORD dwError = ERROR_SUCCESS;
+    BOOL bResult;
+#ifdef USE_ASYNCHRONOUS_IO
+    OVERLAPPED Overlapped = {0};
+#endif
 
     DPRINT("ScmControlService() called\n");
 
+    /* Acquire the service control critical section, to synchronize requests */
     EnterCriticalSection(&ControlServiceCriticalSection);
 
-    TotalLength = wcslen(Service->lpServiceName) + 1;
+    /* Calculate the total length of the start command line */
+    PacketSize = sizeof(SCM_CONTROL_PACKET);
+    PacketSize += (DWORD)((wcslen(Service->lpServiceName) + 1) * sizeof(WCHAR));
 
-    ControlPacket = (SCM_CONTROL_PACKET*)HeapAlloc(GetProcessHeap(),
-                                                   HEAP_ZERO_MEMORY,
-                                                   sizeof(SCM_CONTROL_PACKET) + (TotalLength * sizeof(WCHAR)));
+    ControlPacket = HeapAlloc(GetProcessHeap(),
+                              HEAP_ZERO_MEMORY,
+                              PacketSize);
     if (ControlPacket == NULL)
     {
         LeaveCriticalSection(&ControlServiceCriticalSection);
         return ERROR_NOT_ENOUGH_MEMORY;
     }
 
+    ControlPacket->dwSize = PacketSize;
     ControlPacket->dwControl = dwControl;
-    ControlPacket->dwSize = TotalLength;
     ControlPacket->hServiceStatus = (SERVICE_STATUS_HANDLE)Service;
-    wcscpy(&ControlPacket->szArguments[0], Service->lpServiceName);
 
+    ControlPacket->dwServiceNameOffset = sizeof(SCM_CONTROL_PACKET);
+
+    Ptr = (PWSTR)((PBYTE)ControlPacket + ControlPacket->dwServiceNameOffset);
+    wcscpy(Ptr, Service->lpServiceName);
+
+    ControlPacket->dwArgumentsCount = 0;
+    ControlPacket->dwArgumentsOffset = 0;
+
+#ifdef USE_ASYNCHRONOUS_IO
+    bResult = WriteFile(Service->lpImage->hControlPipe,
+                        ControlPacket,
+                        PacketSize,
+                        &dwWriteCount,
+                        &Overlapped);
+    if (bResult == FALSE)
+    {
+        DPRINT("WriteFile() returned FALSE\n");
+
+        dwError = GetLastError();
+        if (dwError == ERROR_IO_PENDING)
+        {
+            DPRINT("dwError: ERROR_IO_PENDING\n");
+
+            dwError = WaitForSingleObject(Service->lpImage->hControlPipe,
+                                          PipeTimeout);
+            DPRINT("WaitForSingleObject() returned %lu\n", dwError);
+
+            if (dwError == WAIT_TIMEOUT)
+            {
+                bResult = CancelIo(Service->lpImage->hControlPipe);
+                if (bResult == FALSE)
+                {
+                    DPRINT1("CancelIo() failed (Error: %lu)\n", GetLastError());
+                }
+
+                dwError = ERROR_SERVICE_REQUEST_TIMEOUT;
+                goto Done;
+            }
+            else if (dwError == WAIT_OBJECT_0)
+            {
+                bResult = GetOverlappedResult(Service->lpImage->hControlPipe,
+                                              &Overlapped,
+                                              &dwWriteCount,
+                                              TRUE);
+                if (bResult == FALSE)
+                {
+                    dwError = GetLastError();
+                    DPRINT1("GetOverlappedResult() failed (Error %lu)\n", dwError);
+
+                    goto Done;
+                }
+            }
+        }
+        else
+        {
+            DPRINT1("WriteFile() failed (Error %lu)\n", dwError);
+            goto Done;
+        }
+    }
+
+    /* Read the reply */
+    Overlapped.hEvent = (HANDLE) NULL;
+
+    bResult = ReadFile(Service->lpImage->hControlPipe,
+                       &ReplyPacket,
+                       sizeof(SCM_REPLY_PACKET),
+                       &dwReadCount,
+                       &Overlapped);
+    if (bResult == FALSE)
+    {
+        DPRINT("ReadFile() returned FALSE\n");
+
+        dwError = GetLastError();
+        if (dwError == ERROR_IO_PENDING)
+        {
+            DPRINT("dwError: ERROR_IO_PENDING\n");
+
+            dwError = WaitForSingleObject(Service->lpImage->hControlPipe,
+                                          PipeTimeout);
+            DPRINT("WaitForSingleObject() returned %lu\n", dwError);
+
+            if (dwError == WAIT_TIMEOUT)
+            {
+                bResult = CancelIo(Service->lpImage->hControlPipe);
+                if (bResult == FALSE)
+                {
+                    DPRINT1("CancelIo() failed (Error: %lu)\n", GetLastError());
+                }
+
+                dwError = ERROR_SERVICE_REQUEST_TIMEOUT;
+                goto Done;
+            }
+            else if (dwError == WAIT_OBJECT_0)
+            {
+                bResult = GetOverlappedResult(Service->lpImage->hControlPipe,
+                                              &Overlapped,
+                                              &dwReadCount,
+                                              TRUE);
+                if (bResult == FALSE)
+                {
+                    dwError = GetLastError();
+                    DPRINT1("GetOverlappedResult() failed (Error %lu)\n", dwError);
+
+                    goto Done;
+                }
+            }
+        }
+        else
+        {
+            DPRINT1("ReadFile() failed (Error %lu)\n", dwError);
+            goto Done;
+        }
+    }
+
+#else
     /* Send the control packet */
-    WriteFile(Service->lpImage->hControlPipe,
-              ControlPacket,
-              sizeof(SCM_CONTROL_PACKET) + (TotalLength * sizeof(WCHAR)),
-              &dwWriteCount,
-              NULL);
+    bResult = WriteFile(Service->lpImage->hControlPipe,
+                        ControlPacket,
+                        PacketSize,
+                        &dwWriteCount,
+                        NULL);
+    if (bResult == FALSE)
+    {
+        dwError = GetLastError();
+        DPRINT("WriteFile() failed (Error %lu)\n", dwError);
+
+        if ((dwError == ERROR_GEN_FAILURE) &&
+            (dwControl == SERVICE_CONTROL_STOP))
+        {
+            /* Service is already terminated */
+            Service->Status.dwCurrentState = SERVICE_STOPPED;
+            Service->Status.dwControlsAccepted = 0;
+            Service->Status.dwWin32ExitCode = ERROR_SERVICE_NOT_ACTIVE;
+            dwError = ERROR_SUCCESS;
+        }
+        goto Done;
+    }
 
     /* Read the reply */
-    ReadFile(Service->lpImage->hControlPipe,
-             &ReplyPacket,
-             sizeof(SCM_REPLY_PACKET),
-             &dwReadCount,
-             NULL);
+    bResult = ReadFile(Service->lpImage->hControlPipe,
+                       &ReplyPacket,
+                       sizeof(SCM_REPLY_PACKET),
+                       &dwReadCount,
+                       NULL);
+    if (bResult == FALSE)
+    {
+        dwError = GetLastError();
+        DPRINT("ReadFile() failed (Error %lu)\n", dwError);
+    }
+#endif
 
+Done:
     /* Release the contol packet */
     HeapFree(GetProcessHeap(),
              0,
@@ -982,78 +1099,220 @@ ScmControlService(PSERVICE Service,
 static DWORD
 ScmSendStartCommand(PSERVICE Service,
                     DWORD argc,
-                    LPWSTR *argv)
+                    LPWSTRargv)
 {
     PSCM_CONTROL_PACKET ControlPacket;
     SCM_REPLY_PACKET ReplyPacket;
-    DWORD TotalLength;
-    DWORD ArgsLength = 0;
-    DWORD Length;
+    DWORD PacketSize;
     PWSTR Ptr;
     DWORD dwWriteCount = 0;
     DWORD dwReadCount = 0;
     DWORD dwError = ERROR_SUCCESS;
     DWORD i;
+    PWSTR *pOffPtr;
+    PWSTR pArgPtr;
+    BOOL bResult;
+#ifdef USE_ASYNCHRONOUS_IO
+    OVERLAPPED Overlapped = {0};
+#endif
 
     DPRINT("ScmSendStartCommand() called\n");
 
     /* Calculate the total length of the start command line */
-    TotalLength = wcslen(Service->lpServiceName) + 1;
-    if (argc > 0)
+    PacketSize = sizeof(SCM_CONTROL_PACKET) +
+                 (DWORD)((wcslen(Service->lpServiceName) + 1) * sizeof(WCHAR));
+
+    /* Calculate the required packet size for the start arguments */
+    if (argc > 0 && argv != NULL)
     {
+        PacketSize = ALIGN_UP(PacketSize, LPWSTR);
+
+        DPRINT("Argc: %lu\n", argc);
         for (i = 0; i < argc; i++)
         {
-            DPRINT("Arg: %S\n", argv[i]);
-            Length = wcslen(argv[i]) + 1;
-            TotalLength += Length;
-            ArgsLength += Length;
+            DPRINT("Argv[%lu]: %S\n", i, argv[i]);
+            PacketSize += (DWORD)((wcslen(argv[i]) + 1) * sizeof(WCHAR) + sizeof(PWSTR));
         }
     }
-    TotalLength++;
-    DPRINT("ArgsLength: %ld TotalLength: %ld\n", ArgsLength, TotalLength);
 
     /* Allocate a control packet */
-    ControlPacket = (SCM_CONTROL_PACKET*)HeapAlloc(GetProcessHeap(),
-                                                   HEAP_ZERO_MEMORY,
-                                                   sizeof(SCM_CONTROL_PACKET) + (TotalLength - 1) * sizeof(WCHAR));
+    ControlPacket = HeapAlloc(GetProcessHeap(),
+                              HEAP_ZERO_MEMORY,
+                              PacketSize);
     if (ControlPacket == NULL)
         return ERROR_NOT_ENOUGH_MEMORY;
 
-    ControlPacket->dwControl = SERVICE_CONTROL_START;
+    ControlPacket->dwSize = PacketSize;
+    ControlPacket->dwControl = (Service->Status.dwServiceType & SERVICE_WIN32_OWN_PROCESS)
+                               ? SERVICE_CONTROL_START_OWN
+                               : SERVICE_CONTROL_START_SHARE;
     ControlPacket->hServiceStatus = (SERVICE_STATUS_HANDLE)Service;
-    ControlPacket->dwSize = TotalLength;
-    Ptr = &ControlPacket->szArguments[0];
+    ControlPacket->dwServiceNameOffset = sizeof(SCM_CONTROL_PACKET);
+
+    Ptr = (PWSTR)((PBYTE)ControlPacket + ControlPacket->dwServiceNameOffset);
     wcscpy(Ptr, Service->lpServiceName);
-    Ptr += (wcslen(Service->lpServiceName) + 1);
+
+    ControlPacket->dwArgumentsCount = 0;
+    ControlPacket->dwArgumentsOffset = 0;
 
     /* Copy argument list */
-    if (argc > 0)
+    if (argc > 0 && argv != NULL)
     {
-        UNIMPLEMENTED;
-        DPRINT1("Arguments sent to service ignored!\n");
-#if 0
-        memcpy(Ptr, Arguments, ArgsLength);
-        Ptr += ArgsLength;
-#endif
+        Ptr += wcslen(Service->lpServiceName) + 1;
+        pOffPtr = (PWSTR*)ALIGN_UP_POINTER(Ptr, PWSTR);
+        pArgPtr = (PWSTR)((ULONG_PTR)pOffPtr + argc * sizeof(PWSTR));
+
+        ControlPacket->dwArgumentsCount = argc;
+        ControlPacket->dwArgumentsOffset = (DWORD)((ULONG_PTR)pOffPtr - (ULONG_PTR)ControlPacket);
+
+        DPRINT("dwArgumentsCount: %lu\n", ControlPacket->dwArgumentsCount);
+        DPRINT("dwArgumentsOffset: %lu\n", ControlPacket->dwArgumentsOffset);
+
+        for (i = 0; i < argc; i++)
+        {
+             wcscpy(pArgPtr, argv[i]);
+             *pOffPtr = (PWSTR)((ULONG_PTR)pArgPtr - (ULONG_PTR)pOffPtr);
+             DPRINT("offset: %p\n", *pOffPtr);
+
+             pArgPtr += wcslen(argv[i]) + 1;
+             pOffPtr++;
+        }
     }
 
-    /* Terminate the argument list */
-    *Ptr = 0;
+#ifdef USE_ASYNCHRONOUS_IO
+    bResult = WriteFile(Service->lpImage->hControlPipe,
+                        ControlPacket,
+                        PacketSize,
+                        &dwWriteCount,
+                        &Overlapped);
+    if (bResult == FALSE)
+    {
+        DPRINT("WriteFile() returned FALSE\n");
+
+        dwError = GetLastError();
+        if (dwError == ERROR_IO_PENDING)
+        {
+            DPRINT("dwError: ERROR_IO_PENDING\n");
+
+            dwError = WaitForSingleObject(Service->lpImage->hControlPipe,
+                                          PipeTimeout);
+            DPRINT("WaitForSingleObject() returned %lu\n", dwError);
+
+            if (dwError == WAIT_TIMEOUT)
+            {
+                bResult = CancelIo(Service->lpImage->hControlPipe);
+                if (bResult == FALSE)
+                {
+                    DPRINT1("CancelIo() failed (Error: %lu)\n", GetLastError());
+                }
+
+                dwError = ERROR_SERVICE_REQUEST_TIMEOUT;
+                goto Done;
+            }
+            else if (dwError == WAIT_OBJECT_0)
+            {
+                bResult = GetOverlappedResult(Service->lpImage->hControlPipe,
+                                              &Overlapped,
+                                              &dwWriteCount,
+                                              TRUE);
+                if (bResult == FALSE)
+                {
+                    dwError = GetLastError();
+                    DPRINT1("GetOverlappedResult() failed (Error %lu)\n", dwError);
 
+                    goto Done;
+                }
+            }
+        }
+        else
+        {
+            DPRINT1("WriteFile() failed (Error %lu)\n", dwError);
+            goto Done;
+        }
+    }
+
+    /* Read the reply */
+    Overlapped.hEvent = (HANDLE) NULL;
+
+    bResult = ReadFile(Service->lpImage->hControlPipe,
+                       &ReplyPacket,
+                       sizeof(SCM_REPLY_PACKET),
+                       &dwReadCount,
+                       &Overlapped);
+    if (bResult == FALSE)
+    {
+        DPRINT("ReadFile() returned FALSE\n");
+
+        dwError = GetLastError();
+        if (dwError == ERROR_IO_PENDING)
+        {
+            DPRINT("dwError: ERROR_IO_PENDING\n");
+
+            dwError = WaitForSingleObject(Service->lpImage->hControlPipe,
+                                          PipeTimeout);
+            DPRINT("WaitForSingleObject() returned %lu\n", dwError);
+
+            if (dwError == WAIT_TIMEOUT)
+            {
+                bResult = CancelIo(Service->lpImage->hControlPipe);
+                if (bResult == FALSE)
+                {
+                    DPRINT1("CancelIo() failed (Error: %lu)\n", GetLastError());
+                }
+
+                dwError = ERROR_SERVICE_REQUEST_TIMEOUT;
+                goto Done;
+            }
+            else if (dwError == WAIT_OBJECT_0)
+            {
+                bResult = GetOverlappedResult(Service->lpImage->hControlPipe,
+                                              &Overlapped,
+                                              &dwReadCount,
+                                              TRUE);
+                if (bResult == FALSE)
+                {
+                    dwError = GetLastError();
+                    DPRINT1("GetOverlappedResult() failed (Error %lu)\n", dwError);
+
+                    goto Done;
+                }
+            }
+        }
+        else
+        {
+            DPRINT1("ReadFile() failed (Error %lu)\n", dwError);
+            goto Done;
+        }
+    }
+
+#else
     /* Send the start command */
-    WriteFile(Service->lpImage->hControlPipe,
-              ControlPacket,
-              sizeof(SCM_CONTROL_PACKET) + (TotalLength - 1) * sizeof(WCHAR),
-              &dwWriteCount,
-              NULL);
+    bResult = WriteFile(Service->lpImage->hControlPipe,
+                        ControlPacket,
+                        PacketSize,
+                        &dwWriteCount,
+                        NULL);
+    if (bResult == FALSE)
+    {
+        dwError = GetLastError();
+        DPRINT("WriteFile() failed (Error %lu)\n", dwError);
+        goto Done;
+    }
 
     /* Read the reply */
-    ReadFile(Service->lpImage->hControlPipe,
-             &ReplyPacket,
-             sizeof(SCM_REPLY_PACKET),
-             &dwReadCount,
-             NULL);
+    bResult = ReadFile(Service->lpImage->hControlPipe,
+                       &ReplyPacket,
+                       sizeof(SCM_REPLY_PACKET),
+                       &dwReadCount,
+                       NULL);
+    if (bResult == FALSE)
+    {
+        dwError = GetLastError();
+        DPRINT("ReadFile() failed (Error %lu)\n", dwError);
+    }
+#endif
 
+Done:
     /* Release the contol packet */
     HeapFree(GetProcessHeap(),
              0,
@@ -1070,16 +1329,195 @@ ScmSendStartCommand(PSERVICE Service,
 }
 
 
+static DWORD
+ScmWaitForServiceConnect(PSERVICE Service)
+{
+    DWORD dwRead = 0;
+    DWORD dwProcessId = 0;
+    DWORD dwError = ERROR_SUCCESS;
+    BOOL bResult;
+#ifdef USE_ASYNCHRONOUS_IO
+    OVERLAPPED Overlapped = {0};
+#endif
+
+    DPRINT("ScmWaitForServiceConnect()\n");
+
+#ifdef USE_ASYNCHRONOUS_IO
+    Overlapped.hEvent = (HANDLE)NULL;
+
+    bResult = ConnectNamedPipe(Service->lpImage->hControlPipe,
+                               &Overlapped);
+    if (bResult == FALSE)
+    {
+        DPRINT("ConnectNamedPipe() returned FALSE\n");
+
+        dwError = GetLastError();
+        if (dwError == ERROR_IO_PENDING)
+        {
+            DPRINT("dwError: ERROR_IO_PENDING\n");
+
+            dwError = WaitForSingleObject(Service->lpImage->hControlPipe,
+                                          PipeTimeout);
+            DPRINT("WaitForSingleObject() returned %lu\n", dwError);
+
+            if (dwError == WAIT_TIMEOUT)
+            {
+                DPRINT("WaitForSingleObject() returned WAIT_TIMEOUT\n");
+
+                bResult = CancelIo(Service->lpImage->hControlPipe);
+                if (bResult == FALSE)
+                {
+                    DPRINT1("CancelIo() failed (Error: %lu)\n", GetLastError());
+                }
+
+                return ERROR_SERVICE_REQUEST_TIMEOUT;
+            }
+            else if (dwError == WAIT_OBJECT_0)
+            {
+                bResult = GetOverlappedResult(Service->lpImage->hControlPipe,
+                                              &Overlapped,
+                                              &dwRead,
+                                              TRUE);
+                if (bResult == FALSE)
+                {
+                    dwError = GetLastError();
+                    DPRINT1("GetOverlappedResult failed (Error %lu)\n", dwError);
+
+                    return dwError;
+                }
+            }
+        }
+        else if (dwError != ERROR_PIPE_CONNECTED)
+        {
+            DPRINT1("ConnectNamedPipe failed (Error %lu)\n", dwError);
+            return dwError;
+        }
+    }
+
+    DPRINT("Control pipe connected!\n");
+
+    Overlapped.hEvent = (HANDLE) NULL;
+
+    /* Read the process id from pipe */
+    bResult = ReadFile(Service->lpImage->hControlPipe,
+                       (LPVOID)&dwProcessId,
+                       sizeof(DWORD),
+                       &dwRead,
+                       &Overlapped);
+    if (bResult == FALSE)
+    {
+        DPRINT("ReadFile() returned FALSE\n");
+
+        dwError = GetLastError();
+        if (dwError == ERROR_IO_PENDING)
+        {
+            DPRINT("dwError: ERROR_IO_PENDING\n");
+
+            dwError = WaitForSingleObject(Service->lpImage->hControlPipe,
+                                          PipeTimeout);
+            if (dwError == WAIT_TIMEOUT)
+            {
+                DPRINT("WaitForSingleObject() returned WAIT_TIMEOUT\n");
+
+                bResult = CancelIo(Service->lpImage->hControlPipe);
+                if (bResult == FALSE)
+                {
+                    DPRINT1("CancelIo() failed (Error: %lu)\n", GetLastError());
+                }
+
+                return ERROR_SERVICE_REQUEST_TIMEOUT;
+            }
+            else if (dwError == WAIT_OBJECT_0)
+            {
+                DPRINT("WaitForSingleObject() returned WAIT_OBJECT_0\n");
+
+                DPRINT("Process Id: %lu\n", dwProcessId);
+
+                bResult = GetOverlappedResult(Service->lpImage->hControlPipe,
+                                              &Overlapped,
+                                              &dwRead,
+                                              TRUE);
+                if (bResult == FALSE)
+                {
+                    dwError = GetLastError();
+                    DPRINT1("GetOverlappedResult() failed (Error %lu)\n", dwError);
+
+                    return dwError;
+                }
+            }
+            else
+            {
+                DPRINT1("WaitForSingleObject() returned %lu\n", dwError);
+            }
+        }
+        else
+        {
+            DPRINT1("ReadFile() failed (Error %lu)\n", dwError);
+            return dwError;
+        }
+    }
+    else
+    {
+        if (dwProcessId != Service->lpImage->dwProcessId)
+        {
+/*
+            LPWSTR Strings[3]
+
+            ScmLogError(EVENT_SERVICE_DIFFERENT_PID_CONNECTED,
+                        3,
+                        lpStrings);
+*/
+        }
+    }
+
+    DPRINT("ScmWaitForServiceConnect() done\n");
+
+    return ERROR_SUCCESS;
+#else
+
+    /* Connect control pipe */
+    if (ConnectNamedPipe(Service->lpImage->hControlPipe, NULL) ?
+        TRUE : (dwError = GetLastError()) == ERROR_PIPE_CONNECTED)
+    {
+        DPRINT("Control pipe connected!\n");
+
+        /* Read SERVICE_STATUS_HANDLE from pipe */
+        bResult = ReadFile(Service->lpImage->hControlPipe,
+                           (LPVOID)&dwProcessId,
+                           sizeof(DWORD),
+                           &dwRead,
+                           NULL);
+        if (bResult == FALSE)
+        {
+            dwError = GetLastError();
+            DPRINT1("Reading the service control pipe failed (Error %lu)\n",
+                    dwError);
+        }
+        else
+        {
+            dwError = ERROR_SUCCESS;
+            DPRINT("Read control pipe successfully\n");
+        }
+    }
+    else
+    {
+        DPRINT1("Connecting control pipe failed! (Error %lu)\n", dwError);
+    }
+
+    return dwError;
+#endif
+}
+
+
 static DWORD
 ScmStartUserModeService(PSERVICE Service,
                         DWORD argc,
-                        LPWSTR *argv)
+                        LPWSTRargv)
 {
     PROCESS_INFORMATION ProcessInformation;
     STARTUPINFOW StartupInfo;
     BOOL Result;
     DWORD dwError = ERROR_SUCCESS;
-    DWORD dwProcessId;
 
     DPRINT("ScmStartUserModeService(%p)\n", Service);
 
@@ -1090,13 +1528,10 @@ ScmStartUserModeService(PSERVICE Service,
         return ScmSendStartCommand(Service, argc, argv);
     }
 
+    /* Otherwise start its process */
+    ZeroMemory(&StartupInfo, sizeof(StartupInfo));
     StartupInfo.cb = sizeof(StartupInfo);
-    StartupInfo.lpReserved = NULL;
-    StartupInfo.lpDesktop = NULL;
-    StartupInfo.lpTitle = NULL;
-    StartupInfo.dwFlags = 0;
-    StartupInfo.cbReserved2 = 0;
-    StartupInfo.lpReserved2 = 0;
+    ZeroMemory(&ProcessInformation, sizeof(ProcessInformation));
 
     Result = CreateProcessW(NULL,
                             Service->lpImage->szImagePath,
@@ -1115,76 +1550,56 @@ ScmStartUserModeService(PSERVICE Service,
         return dwError;
     }
 
-    DPRINT("Process Id: %lu  Handle %lx\n",
+    DPRINT("Process Id: %lu  Handle %p\n",
            ProcessInformation.dwProcessId,
            ProcessInformation.hProcess);
-    DPRINT("Thread Id: %lu  Handle %lx\n",
+    DPRINT("Thread Id: %lu  Handle %p\n",
            ProcessInformation.dwThreadId,
            ProcessInformation.hThread);
 
     /* Get process handle and id */
     Service->lpImage->dwProcessId = ProcessInformation.dwProcessId;
-    Service->lpImage->hProcess = ProcessInformation.hProcess;
 
     /* Resume Thread */
     ResumeThread(ProcessInformation.hThread);
 
     /* Connect control pipe */
-    if (ConnectNamedPipe(Service->lpImage->hControlPipe, NULL) ?
-        TRUE : (dwError = GetLastError()) == ERROR_PIPE_CONNECTED)
+    dwError = ScmWaitForServiceConnect(Service);
+    if (dwError == ERROR_SUCCESS)
     {
-        DWORD dwRead = 0;
-
-        DPRINT("Control pipe connected!\n");
-
-        /* Read SERVICE_STATUS_HANDLE from pipe */
-        if (!ReadFile(Service->lpImage->hControlPipe,
-                      (LPVOID)&dwProcessId,
-                      sizeof(DWORD),
-                      &dwRead,
-                      NULL))
-        {
-            dwError = GetLastError();
-            DPRINT1("Reading the service control pipe failed (Error %lu)\n",
-                    dwError);
-        }
-        else
-        {
-            DPRINT("Received service process ID %lu\n", dwProcessId);
-
-            /* Send start command */
-            dwError = ScmSendStartCommand(Service, argc, argv);
-        }
+        /* Send start command */
+        dwError = ScmSendStartCommand(Service, argc, argv);
     }
     else
     {
         DPRINT1("Connecting control pipe failed! (Error %lu)\n", dwError);
+        Service->lpImage->dwProcessId = 0;
     }
 
-    /* Close thread handle */
+    /* Close thread and process handle */
     CloseHandle(ProcessInformation.hThread);
+    CloseHandle(ProcessInformation.hProcess);
 
     return dwError;
 }
 
 
-DWORD
-ScmStartService(PSERVICE Service, DWORD argc, LPWSTR *argv)
+static DWORD
+ScmLoadService(PSERVICE Service,
+               DWORD argc,
+               LPWSTR* argv)
 {
     PSERVICE_GROUP Group = Service->lpGroup;
     DWORD dwError = ERROR_SUCCESS;
-    LPCWSTR ErrorLogStrings[2];
-
-    DPRINT("ScmStartService() called\n");
+    LPCWSTR lpErrorStrings[2];
+    WCHAR szErrorBuffer[32];
 
+    DPRINT("ScmLoadService() called\n");
     DPRINT("Start Service %p (%S)\n", Service, Service->lpServiceName);
 
-    EnterCriticalSection(&ControlServiceCriticalSection);
-
     if (Service->Status.dwCurrentState != SERVICE_STOPPED)
     {
         DPRINT("Service %S is already running!\n", Service->lpServiceName);
-        LeaveCriticalSection(&ControlServiceCriticalSection);
         return ERROR_SERVICE_ALREADY_RUNNING;
     }
 
@@ -1200,7 +1615,7 @@ ScmStartService(PSERVICE Service, DWORD argc, LPWSTR *argv)
             Service->Status.dwCurrentState = SERVICE_RUNNING;
         }
     }
-    else
+    else // if (Service->Status.dwServiceType & (SERVICE_WIN32 | SERVICE_INTERACTIVE_PROCESS))
     {
         /* Start user-mode service */
         dwError = ScmCreateOrReferenceServiceImage(Service);
@@ -1223,9 +1638,7 @@ ScmStartService(PSERVICE Service, DWORD argc, LPWSTR *argv)
         }
     }
 
-    LeaveCriticalSection(&ControlServiceCriticalSection);
-
-    DPRINT("ScmStartService() done (Error %lu)\n", dwError);
+    DPRINT("ScmLoadService() done (Error %lu)\n", dwError);
 
     if (dwError == ERROR_SUCCESS)
     {
@@ -1233,16 +1646,27 @@ ScmStartService(PSERVICE Service, DWORD argc, LPWSTR *argv)
         {
             Group->ServicesRunning = TRUE;
         }
+
+        /* Log a successful service start */
+        lpErrorStrings[0] = Service->lpDisplayName;
+        lpErrorStrings[1] = L"start";
+        ScmLogEvent(EVENT_SERVICE_CONTROL_SUCCESS,
+                    EVENTLOG_INFORMATION_TYPE,
+                    2,
+                    lpErrorStrings);
     }
     else
     {
         if (Service->dwErrorControl != SERVICE_ERROR_IGNORE)
         {
-            ErrorLogStrings[0] = Service->lpServiceName;
-            ErrorLogStrings[1] = L"Test";
-            ScmLogError(EVENT_SERVICE_START_FAILED,
+            /* Log a failed service start */
+            swprintf(szErrorBuffer, L"%lu", dwError);
+            lpErrorStrings[0] = Service->lpServiceName;
+            lpErrorStrings[1] = szErrorBuffer;
+            ScmLogEvent(EVENT_SERVICE_START_FAILED,
+                        EVENTLOG_ERROR_TYPE,
                         2,
-                        ErrorLogStrings);
+                        lpErrorStrings);
         }
 
 #if 0
@@ -1273,18 +1697,67 @@ ScmStartService(PSERVICE Service, DWORD argc, LPWSTR *argv)
 }
 
 
+DWORD
+ScmStartService(PSERVICE Service,
+                DWORD argc,
+                LPWSTR* argv)
+{
+    DWORD dwError = ERROR_SUCCESS;
+    SC_RPC_LOCK Lock = NULL;
+
+    DPRINT("ScmStartService() called\n");
+    DPRINT("Start Service %p (%S)\n", Service, Service->lpServiceName);
+
+    /* Acquire the service control critical section, to synchronize starts */
+    EnterCriticalSection(&ControlServiceCriticalSection);
+
+    /*
+     * Acquire the user service start lock while the service is starting, if
+     * needed (i.e. if we are not starting it during the initialization phase).
+     * If we don't success, bail out.
+     */
+    if (!ScmInitialize)
+    {
+        dwError = ScmAcquireServiceStartLock(TRUE, &Lock);
+        if (dwError != ERROR_SUCCESS) goto done;
+    }
+
+    /* Really start the service */
+    dwError = ScmLoadService(Service, argc, argv);
+
+    /* Release the service start lock, if needed, and the critical section */
+    if (Lock) ScmReleaseServiceStartLock(&Lock);
+
+done:
+    LeaveCriticalSection(&ControlServiceCriticalSection);
+
+    DPRINT("ScmStartService() done (Error %lu)\n", dwError);
+
+    return dwError;
+}
+
+
 VOID
 ScmAutoStartServices(VOID)
 {
+    DWORD dwError = ERROR_SUCCESS;
     PLIST_ENTRY GroupEntry;
     PLIST_ENTRY ServiceEntry;
     PSERVICE_GROUP CurrentGroup;
     PSERVICE CurrentService;
     WCHAR szSafeBootServicePath[MAX_PATH];
-    DWORD dwError;
     HKEY hKey;
     ULONG i;
 
+    /*
+     * This function MUST be called ONLY at initialization time.
+     * Therefore, no need to acquire the user service start lock.
+     */
+    ASSERT(ScmInitialize);
+
+    /* Acquire the service control critical section, to synchronize starts */
+    EnterCriticalSection(&ControlServiceCriticalSection);
+
     /* Clear 'ServiceVisited' flag (or set if not to start in Safe Mode) */
     ServiceEntry = ServiceListHead.Flink;
     while (ServiceEntry != &ServiceListHead)
@@ -1375,7 +1848,7 @@ ScmAutoStartServices(VOID)
                     (CurrentService->dwTag == CurrentGroup->TagArray[i]))
                 {
                     CurrentService->ServiceVisited = TRUE;
-                    ScmStartService(CurrentService, 0, NULL);
+                    ScmLoadService(CurrentService, 0, NULL);
                 }
 
                 ServiceEntry = ServiceEntry->Flink;
@@ -1393,7 +1866,7 @@ ScmAutoStartServices(VOID)
                 (CurrentService->ServiceVisited == FALSE))
             {
                 CurrentService->ServiceVisited = TRUE;
-                ScmStartService(CurrentService, 0, NULL);
+                ScmLoadService(CurrentService, 0, NULL);
             }
 
             ServiceEntry = ServiceEntry->Flink;
@@ -1413,7 +1886,7 @@ ScmAutoStartServices(VOID)
             (CurrentService->ServiceVisited == FALSE))
         {
             CurrentService->ServiceVisited = TRUE;
-            ScmStartService(CurrentService, 0, NULL);
+            ScmLoadService(CurrentService, 0, NULL);
         }
 
         ServiceEntry = ServiceEntry->Flink;
@@ -1430,7 +1903,7 @@ ScmAutoStartServices(VOID)
             (CurrentService->ServiceVisited == FALSE))
         {
             CurrentService->ServiceVisited = TRUE;
-            ScmStartService(CurrentService, 0, NULL);
+            ScmLoadService(CurrentService, 0, NULL);
         }
 
         ServiceEntry = ServiceEntry->Flink;
@@ -1444,6 +1917,9 @@ ScmAutoStartServices(VOID)
         CurrentService->ServiceVisited = FALSE;
         ServiceEntry = ServiceEntry->Flink;
     }
+
+    /* Release the critical section */
+    LeaveCriticalSection(&ControlServiceCriticalSection);
 }
 
 
@@ -1505,7 +1981,29 @@ ScmUnlockDatabase(VOID)
 VOID
 ScmInitNamedPipeCriticalSection(VOID)
 {
+    HKEY hKey;
+    DWORD dwKeySize;
+    DWORD dwError;
+
     InitializeCriticalSection(&ControlServiceCriticalSection);
+
+    dwError = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
+                            L"SYSTEM\\CurrentControlSet\\Control",
+                            0,
+                            KEY_READ,
+                            &hKey);
+   if (dwError == ERROR_SUCCESS)
+   {
+        dwKeySize = sizeof(DWORD);
+        RegQueryValueExW(hKey,
+                         L"ServicesPipeTimeout",
+                         0,
+                         NULL,
+                         (LPBYTE)&PipeTimeout,
+                         &dwKeySize);
+
+       RegCloseKey(hKey);
+   }
 }
 
 
A free Windows-compatible Operating System