Failed to start service process: 0x80131500

[salty4n6]

Hi, I'm hoping somebody has insight where I can look to see what's going on or has seen this error/issue before.

I'm attempting to mount an E01 image via Arsenal Image Mounter v3.9.223 and I get an error message of: "Failed to start service process: 0x80131500"

I can't find anything in any log or Process Monitor that provided any help.

Below is the ArsenalImageMounter.log file.

---

2022-08-12 11:14:52 Starting up: Application 'C:\Software\Arsenal-Image-Mounter-v3.9.223\ArsenalImageMounter.dll' version 3.9.223, licensed mode = False. OS = 'Microsoft Windows 10.0.19044 X64'. Framework = .NET 6.0.7

2022-08-12 11:15:02 Image file 'C:\Images\TestCase.E01', detected BiosPartitionTable, 1 partitions. 0x2E0 - 0x7807FF (IFS (NTFS or HPFS)), detected 'Microsoft NTFS' (healthy).

---

2022-08-12 11:15:04 Error mounting disk image.

Failed to start service process: 0x80131500

---

2022-08-12 11:15:22 Exit: Application 'C:\Software\Arsenal-Image-Mounter-v3.9.223\ArsenalImageMounter.dll' version 3.9.223, licensed mode = False. OS = 'Microsoft Windows 10.0.19044 X64'. Framework = .NET 6.0.7

Any help would be appreciated.

-Salty

[LTRData]

That looks strange. I would have expected more information in that error message, but there could be cases where it cannot start aim_cli.dll at all. Could you try at command line in the directory with your AIM files and run: dotnet aim_cli.dll --filename=C:\Images\TestCase.E01 --provider=libewf --readonly --trace and see if you get any more messages that could give us more clues!

[salty4n6]

Thanks for the command.

The account I'm logged into the machine is not a local admin but the account (same for both, app and cli command) I'm using to launch Arsenal Image Mounter and run the cli command is a local admin.

I'm pretty sure that I've used Arsenal Image Mounter in the same way before, but when I have an opportunity I'm going to login with the account that has local admin permissions and see if Windows is getting in the way some how.

This is from an administrator Terminal/PowerShell v7.2.5 session.

PS C:\Software\Arsenal-Image-Mounter-v3.9.223> dotnet aim_cli.dll --filename=C:\Images\TestCase.E01 --provider=libewf --readonly --trace --mount Opening image file 'C:\Images\TestCase.E01' with format provider 'libewf'... Registering DiscUtils assembly 'DiscUtils.Vmdk, Version=1.0.0.0, Culture=neutral, PublicKeyToken=5fa5b410cc9c6289'... Registering DiscUtils assembly 'DiscUtils.Vhdx, Version=1.0.0.0, Culture=neutral, PublicKeyToken=5fa5b410cc9c6289'... Registering DiscUtils assembly 'DiscUtils.Vhd, Version=1.0.0.0, Culture=neutral, PublicKeyToken=5fa5b410cc9c6289'... Registering DiscUtils assembly 'DiscUtils.Vdi, Version=1.0.0.0, Culture=neutral, PublicKeyToken=5fa5b410cc9c6289'... Registering DiscUtils assembly 'DiscUtils.Dmg, Version=1.0.0.0, Culture=neutral, PublicKeyToken=5fa5b410cc9c6289'... Registering DiscUtils assembly 'DiscUtils.Xva, Version=1.0.0.0, Culture=neutral, PublicKeyToken=5fa5b410cc9c6289'... Registering DiscUtils assembly 'DiscUtils.OpticalDisk, Version=1.0.0.0, Culture=neutral, PublicKeyToken=5fa5b410cc9c6289'... Registering DiscUtils assembly 'DiscUtils.Core, Version=1.0.0.0, Culture=neutral, PublicKeyToken=5fa5b410cc9c6289'... Image virtual size is 3.809 GB Mounting as virtual disk... Successfully opened SCSI adapter 'ROOT\SCSIADAPTER\0000'. Creating objects for shared memory communication 'devio-df2ceadc-9802-17e5-6f45-1d4ba0863374'. Service thread initialization failed: System.Exception: This operation requires administrative privileges. ---> System.UnauthorizedAccessException: Access to the path is denied. at System.IO.MemoryMappedFiles.MemoryMappedFile.CreateCore(FileStream fileStream, String mapName, HandleInheritability inheritability, MemoryMappedFileAccess access, MemoryMappedFileOptions options, Int64 capacity) at System.IO.MemoryMappedFiles.MemoryMappedFile.CreateNew(String mapName, Int64 capacity, MemoryMappedFileAccess access, MemoryMappedFileOptions options, HandleInheritability inheritability) at Arsenal.ImageMounter.Devio.Server.Services.DevioShmService.RunService() --- End of inner exception stack trace ---. System.Exception: Service initialization failed ---> System.Exception: This operation requires administrative privileges. ---> System.UnauthorizedAccessException: Access to the path is denied. at System.IO.MemoryMappedFiles.MemoryMappedFile.CreateCore(FileStream fileStream, String mapName, HandleInheritability inheritability, MemoryMappedFileAccess access, MemoryMappedFileOptions options, Int64 capacity) at System.IO.MemoryMappedFiles.MemoryMappedFile.CreateNew(String mapName, Int64 capacity, MemoryMappedFileAccess access, MemoryMappedFileOptions options, HandleInheritability inheritability) at Arsenal.ImageMounter.Devio.Server.Services.DevioShmService.RunService() --- End of inner exception stack trace --- --- End of inner exception stack trace --- at Arsenal.ImageMounter.Devio.Server.Services.DevioServiceBase.StartServiceThreadAndMount(ScsiAdapter ScsiAdapter, DeviceFlags Flags) at Arsenal.ImageMounter.ServerModule.UnsafeMain(IDictionary`2 commands) at Arsenal.ImageMounter.ServerModule.Main(String[] args) Service initialization failed

This operation requires administrative privileges.

Access to the path is denied. PS C:\Software\Arsenal-Image-Mounter-v3.9.223>

Clearly something doesn't have the necessary permissions or there is a flag that isn't getting set with how I'm launching/running the application. Wonder if this could be related to UAC settings?

-Salty

[LTRData]

Sorry, forgot to mention that. Yes, you need to run the command with administrative privileges. Command prompt with normal user privileges will not work.

[salty4n6]

I did some additional testing with my accounts and on another machine. This appears to be a me issue (our build/group policy). I'm going to keep digging to see if I can narrow down the setting that is preventing AIM from working. I'll report back if I do find it just in case somebody else runs into the same issue.

Thanks for your help today.

-Salty