BOOL StartStopService(LPCSTR lpServiceName, BOOL bStop) {
HANDLE hSCManager;
HANDLE hService;
SERVICE_STATUS ssStatus;
BOOL ret = FALSE;
hSCManager = OpenSCManagerA (NULL, NULL, SC_MANAGER_CREATE_SERVICE);
if (hSCManager) {
hService = OpenServiceA (hSCManager, lpServiceName, SERVICE_START | DELETE | SERVICE_STOP);
if (hService) {
if (!bStop) {
if (StartServiceA (hService, 0, NULL)) {
eprintf ("Service started [OK]\n");
ret = TRUE;
} else {
eprintf ("Service started [FAIL]\n");
}
} else {
if (ControlService (hService, SERVICE_CONTROL_STOP, &ssStatus)) {
eprintf ("Service Stopped [OK]\n");
ret = TRUE;
} else {
eprintf ("Service Stopped [FAIL]\n");
}
}
CloseServiceHandle (hService);
DeleteService (hService);
}
CloseServiceHandle (hSCManager);
}
return ret;
}
bool analysis::start_service()
{
if(!manager)
manager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if(!manager)
return false;
if(!service)
service = OpenServiceA( manager, "hookrevealer", SERVICE_ALL_ACCESS);
if (!service)
return false;
if(!StartServiceA(service, 0, NULL))
return false;
return true;
}
bool start_service()
{
if(!manager)
manager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if(!manager)
return false;
if(!service)
service = OpenServiceA( manager, "conixsamdump", SERVICE_ALL_ACCESS);
if (!service)
return false;
if(!StartServiceA(service, 0, NULL))
return false;
return true;
}
static void test_service(void)
{
SC_HANDLE service_handle = register_service("simple_service");
SERVICE_STATUS status;
BOOL res;
if(!service_handle)
return;
trace("starting...\n");
res = StartServiceA(service_handle, 0, NULL);
ok(res, "StartService failed: %u\n", GetLastError());
if(!res) {
DeleteService(service_handle);
CloseServiceHandle(service_handle);
return;
}
expect_event("RUNNING");
res = QueryServiceStatus(service_handle, &status);
ok(res, "QueryServiceStatus failed: %d\n", GetLastError());
todo_wine ok(status.dwServiceType == SERVICE_WIN32_OWN_PROCESS, "status.dwServiceType = %x\n", status.dwServiceType);
ok(status.dwCurrentState == SERVICE_RUNNING, "status.dwCurrentState = %x\n", status.dwCurrentState);
ok(status.dwControlsAccepted == (SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN),
"status.dwControlsAccepted = %x\n", status.dwControlsAccepted);
ok(status.dwWin32ExitCode == 0, "status.dwExitCode = %d\n", status.dwWin32ExitCode);
ok(status.dwServiceSpecificExitCode == 0, "status.dwServiceSpecificExitCode = %d\n",
status.dwServiceSpecificExitCode);
ok(status.dwCheckPoint == 0, "status.dwCheckPoint = %d\n", status.dwCheckPoint);
todo_wine ok(status.dwWaitHint == 0, "status.dwWaitHint = %d\n", status.dwWaitHint);
res = ControlService(service_handle, SERVICE_CONTROL_STOP, &status);
ok(res, "ControlService failed: %u\n", GetLastError());
expect_event("STOP");
res = DeleteService(service_handle);
ok(res, "DeleteService failed: %u\n", GetLastError());
CloseServiceHandle(service_handle);
}
BOOL doStartService(SC_HANDLE Service, const char* szName, std::vector<std::string> &args)
{
BOOL res;
if (args.size() == 0)
{
res = StartService(Service, 0, nullptr);
}
else
{
const char** a = new const char*[args.size()+1];
a[0] = szName;
for (size_t x=0; x<args.size(); x++)
a[x+1] = args[x].c_str();
res = StartServiceA(Service, args.size()+1, a);
delete [] a;
}
return res;
}
void InstallService()
// this function is executed, if someone starts our service exe manually
// if our service is installed, we uninstall it and vice versa
{
CHAR arrCh [MAX_PATH + 1];
SC_HANDLE c1, c2;
DWORD c3;
SERVICE_STATUS ss;
LPQUERY_SERVICE_CONFIG qsc;
int i1;
bool b1;
GetModuleFileName(GetModuleHandle(NULL), arrCh, MAX_PATH);
// first we contact the service control manager
c1 = OpenSCManagerA(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (!c1)
// didn't work, maybe we asked for too many access rights?
c1 = OpenSCManagerA(NULL, NULL, 0);
if (c1) {
// okay, that worked, now we try to open our service
c2 = OpenServiceA(c1, CServiceName, SERVICE_ALL_ACCESS | DELETE);
if (c2) {
// our service is already installed, let's check the parameters
b1 = false;
c3 = 0;
QueryServiceConfigA(c2, NULL, 0, &c3);
if (c3) {
qsc = (LPQUERY_SERVICE_CONFIG) LocalAlloc(LPTR, c3 * 2);
b1 = (QueryServiceConfigA(c2, qsc, c3 * 2, &c3)) &&
( (qsc->dwServiceType != CServiceType ) ||
(qsc->dwStartType != CServiceStart) ||
(lstrcmpiA(qsc->lpDisplayName, CServiceDescr)) );
LocalFree(qsc);
}
if (!ControlService(c2, SERVICE_CONTROL_INTERROGATE, &ss))
ss.dwCurrentState = SERVICE_STOPPED;
if ((!b1) && (ss.dwCurrentState == SERVICE_RUNNING)) {
// the parameters are correct, so we try to stop and remove it
if (ControlService(c2, SERVICE_CONTROL_STOP, &ss)) {
if (DeleteService(c2))
MessageBox(0, "the service is removed again", "information...", MB_ICONINFORMATION);
else MessageBox(0, "the service is stopped, but removing failed", "warning...", MB_ICONWARNING);
} else
MessageBox(0, "stopping failed", "warning...", MB_ICONWARNING);
} else {
if (b1)
// not all parameters are correct, so we try to correct them
if (ChangeServiceConfigA(c2, CServiceType, CServiceStart, SERVICE_ERROR_NORMAL,
arrCh, NULL, NULL, NULL, NULL, NULL, CServiceDescr))
MessageBox(0, "correction of service parameters succeeded", "information...", MB_ICONINFORMATION);
else MessageBox(0, "correction of service parameters failed", "warning...", MB_ICONWARNING);
if (ss.dwCurrentState != SERVICE_RUNNING)
// our service was installed, but not running, so we start it
if (StartServiceA(c2, 0, NULL))
MessageBox(0, "the service was restarted", "information...", MB_ICONINFORMATION);
else MessageBox(0, "restarting failed", "warning...", MB_ICONWARNING);
}
CloseServiceHandle(c2);
} else {
// probably our service is not installed yet, so we do that now
c2 = CreateServiceA(c1, CServiceName, CServiceDescr,
SERVICE_ALL_ACCESS | STANDARD_RIGHTS_ALL,
CServiceType, CServiceStart,
SERVICE_ERROR_NORMAL, arrCh, NULL, NULL, NULL, NULL, NULL);
if (c2) {
// installation went smooth
// we want to give everyone full access to our service
if (!AddAccessForEveryone(c2, SERVICE_ALL_ACCESS | DELETE))
MessageBox(0, "access manipulation didn't work", "warning...", MB_ICONWARNING);
// now let's start the service
if (StartServiceA(c2, 0, NULL)) {
// starting succeeded, but does the service run through?
// the service tries to create an ipc queue
// if that fails, it stops and removes itself
for (i1 = 1; (i1 < 50); i1++) {
if (!ControlService(c2, SERVICE_CONTROL_INTERROGATE, &ss))
ss.dwCurrentState = SERVICE_STOPPED;
if ((ss.dwCurrentState == SERVICE_RUNNING) || (ss.dwCurrentState == SERVICE_STOPPED))
break;
Sleep(50);
}
if (ss.dwCurrentState == SERVICE_RUNNING)
MessageBox(0, "the service is installed now", "information...", MB_ICONINFORMATION);
else MessageBox(0, "installation failed (ipc failure)", "warning...", MB_ICONWARNING);
} else
MessageBox(0, "installation succeeded, but starting failed", "warning...", MB_ICONWARNING);
CloseServiceHandle(c2);
} else
MessageBox(0, "you don't have enough privileges", "sorry...", MB_ICONWARNING);
}
CloseServiceHandle(c1);
} else
MessageBox(0, "you don't have enough privileges", "sorry...", MB_ICONWARNING);
}
static inline void test_no_stop(void)
{
SC_HANDLE service_handle = register_service("no_stop");
SERVICE_STATUS status;
BOOL res;
if(!service_handle)
return;
trace("starting...\n");
res = StartServiceA(service_handle, 0, NULL);
ok(res, "StartService failed: %u\n", GetLastError());
if(!res) {
DeleteService(service_handle);
return;
}
expect_event("RUNNING");
/* Let service thread terminate */
Sleep(1000);
res = QueryServiceStatus(service_handle, &status);
ok(res, "QueryServiceStatus failed: %d\n", GetLastError());
todo_wine ok(status.dwServiceType == SERVICE_WIN32_OWN_PROCESS, "status.dwServiceType = %x\n", status.dwServiceType);
ok(status.dwCurrentState == SERVICE_RUNNING, "status.dwCurrentState = %x\n", status.dwCurrentState);
ok(status.dwControlsAccepted == (SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN),
"status.dwControlsAccepted = %x\n", status.dwControlsAccepted);
ok(status.dwWin32ExitCode == 0, "status.dwExitCode = %d\n", status.dwWin32ExitCode);
ok(status.dwServiceSpecificExitCode == 0, "status.dwServiceSpecificExitCode = %d\n",
status.dwServiceSpecificExitCode);
ok(status.dwCheckPoint == 0, "status.dwCheckPoint = %d\n", status.dwCheckPoint);
todo_wine ok(status.dwWaitHint == 0, "status.dwWaitHint = %d\n", status.dwWaitHint);
res = ControlService(service_handle, SERVICE_CONTROL_STOP, &status);
ok(res, "ControlService failed: %u\n", GetLastError());
expect_event("STOP");
res = QueryServiceStatus(service_handle, &status);
ok(res, "QueryServiceStatus failed: %d\n", GetLastError());
todo_wine ok(status.dwServiceType == SERVICE_WIN32_OWN_PROCESS, "status.dwServiceType = %x\n", status.dwServiceType);
ok(status.dwCurrentState==SERVICE_STOPPED || status.dwCurrentState==SERVICE_STOP_PENDING,
"status.dwCurrentState = %x\n", status.dwCurrentState);
ok(status.dwControlsAccepted == 0, "status.dwControlsAccepted = %x\n", status.dwControlsAccepted);
ok(status.dwWin32ExitCode == 0, "status.dwExitCode = %d\n", status.dwWin32ExitCode);
ok(status.dwServiceSpecificExitCode == 0, "status.dwServiceSpecificExitCode = %d\n",
status.dwServiceSpecificExitCode);
ok(status.dwCheckPoint == 0, "status.dwCheckPoint = %d\n", status.dwCheckPoint);
ok(status.dwWaitHint == 0, "status.dwWaitHint = %d\n", status.dwWaitHint);
res = DeleteService(service_handle);
ok(res, "DeleteService failed: %u\n", GetLastError());
res = QueryServiceStatus(service_handle, &status);
ok(res, "QueryServiceStatus failed: %d\n", GetLastError());
todo_wine ok(status.dwServiceType == SERVICE_WIN32_OWN_PROCESS, "status.dwServiceType = %x\n", status.dwServiceType);
ok(status.dwCurrentState==SERVICE_STOPPED || status.dwCurrentState==SERVICE_STOP_PENDING,
"status.dwCurrentState = %x\n", status.dwCurrentState);
ok(status.dwControlsAccepted == 0, "status.dwControlsAccepted = %x\n", status.dwControlsAccepted);
ok(status.dwWin32ExitCode == 0, "status.dwExitCode = %d\n", status.dwWin32ExitCode);
ok(status.dwServiceSpecificExitCode == 0, "status.dwServiceSpecificExitCode = %d\n",
status.dwServiceSpecificExitCode);
ok(status.dwCheckPoint == 0, "status.dwCheckPoint = %d\n", status.dwCheckPoint);
ok(status.dwWaitHint == 0, "status.dwWaitHint = %d\n", status.dwWaitHint);
CloseServiceHandle(service_handle);
res = QueryServiceStatus(service_handle, &status);
ok(!res, "QueryServiceStatus should have failed\n");
ok(GetLastError() == ERROR_INVALID_HANDLE, "GetLastError = %d\n", GetLastError());
}
BOOL LoadNTDriver(char* lpszDriverName,char* lpszDriverPath)
{
char szDriverImagePath[256];
//得到完整的驱动路径
GetFullPathNameA(lpszDriverPath, 256, szDriverImagePath, NULL);
BOOL bRet = FALSE;
SC_HANDLE hServiceMgr=NULL;//SCM管理器的句柄
SC_HANDLE hServiceDDK=NULL;//NT驱动程序的服务句柄
//打开服务控制管理器
hServiceMgr = OpenSCManagerA( NULL, NULL, SC_MANAGER_ALL_ACCESS );
if( hServiceMgr == NULL )
{
//OpenSCManager失败
printf( "OpenSCManager() Faild %d ! \n", GetLastError() );
bRet = FALSE;
goto BeforeLeave;
}
else
{
////OpenSCManager成功
printf( "OpenSCManager() ok ! \n" );
}
//创建驱动所对应的服务
hServiceDDK = CreateServiceA( hServiceMgr,
lpszDriverName, //驱动程序的在注册表中的名字
lpszDriverName, // 注册表驱动程序的 DisplayName 值
SERVICE_ALL_ACCESS, // 加载驱动程序的访问权限
SERVICE_KERNEL_DRIVER,// 表示加载的服务是驱动程序
SERVICE_DEMAND_START, // 注册表驱动程序的 Start 值
SERVICE_ERROR_IGNORE, // 注册表驱动程序的 ErrorControl 值
szDriverImagePath, // 注册表驱动程序的 ImagePath 值
NULL,
NULL,
NULL,
NULL,
NULL);
DWORD dwRtn;
//判断服务是否失败
if( hServiceDDK == NULL )
{
dwRtn = GetLastError();
if( dwRtn != ERROR_IO_PENDING && dwRtn != ERROR_SERVICE_EXISTS )
{
//由于其他原因创建服务失败
printf( "CrateService() Faild %d ! \n", dwRtn );
bRet = FALSE;
goto BeforeLeave;
}
else
{
//服务创建失败,是由于服务已经创立过
printf( "CrateService() Faild Service is ERROR_IO_PENDING or ERROR_SERVICE_EXISTS! \n" );
}
// 驱动程序已经加载,只需要打开
hServiceDDK = OpenServiceA( hServiceMgr, lpszDriverName, SERVICE_ALL_ACCESS );
if( hServiceDDK == NULL )
{
//如果打开服务也失败,则意味错误
dwRtn = GetLastError();
printf( "OpenService() Faild %d ! \n", dwRtn );
bRet = FALSE;
goto BeforeLeave;
}
else
{
printf( "OpenService() ok ! \n" );
}
}
else
{
printf( "CrateService() ok ! \n" );
}
//开启此项服务
bRet= StartServiceA( hServiceDDK, NULL, NULL );
if( !bRet )
{
DWORD dwRtn = GetLastError();
if( dwRtn != ERROR_IO_PENDING && dwRtn != ERROR_SERVICE_ALREADY_RUNNING )
{
printf( "StartService() Faild %d ! \n", dwRtn );
bRet = FALSE;
goto BeforeLeave;
}
else
{
if( dwRtn == ERROR_IO_PENDING )
{
//设备被挂住
printf( "StartService() Faild ERROR_IO_PENDING ! \n");
bRet = FALSE;
goto BeforeLeave;
}
else
{
//服务已经开启
printf( "StartService() Faild ERROR_SERVICE_ALREADY_RUNNING ! \n");
bRet = TRUE;
goto BeforeLeave;
}
}
}
bRet = TRUE;
//离开前关闭句柄
BeforeLeave:
if(hServiceDDK)
{
CloseServiceHandle(hServiceDDK);
}
if(hServiceMgr)
{
CloseServiceHandle(hServiceMgr);
}
//删除注册表键值
char lpszSrvices[256] = {0};
sprintf(lpszSrvices,"SYSTEM\\CurrentControlSet\\Services\\%s",lpszDriverName);
SHDeleteKeyA(HKEY_LOCAL_MACHINE,lpszSrvices);
return bRet;
}
