BOOL StartStopService(LPCSTR lpServiceName, BOOL bStop) { HANDLE hSCManager; HANDLE hService; SERVICE_STATUS ssStatus; BOOL ret = FALSE; hSCManager = OpenSCManagerA (NULL, NULL, SC_MANAGER_CREATE_SERVICE); if (hSCManager) { hService = OpenServiceA (hSCManager, lpServiceName, SERVICE_START | DELETE | SERVICE_STOP); if (hService) { if (!bStop) { if (StartServiceA (hService, 0, NULL)) { eprintf ("Service started [OK]\n"); ret = TRUE; } else { eprintf ("Service started [FAIL]\n"); } } else { if (ControlService (hService, SERVICE_CONTROL_STOP, &ssStatus)) { eprintf ("Service Stopped [OK]\n"); ret = TRUE; } else { eprintf ("Service Stopped [FAIL]\n"); } } CloseServiceHandle (hService); DeleteService (hService); } CloseServiceHandle (hSCManager); } return ret; }
bool analysis::start_service() { if(!manager) manager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if(!manager) return false; if(!service) service = OpenServiceA( manager, "hookrevealer", SERVICE_ALL_ACCESS); if (!service) return false; if(!StartServiceA(service, 0, NULL)) return false; return true; }
bool start_service() { if(!manager) manager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if(!manager) return false; if(!service) service = OpenServiceA( manager, "conixsamdump", SERVICE_ALL_ACCESS); if (!service) return false; if(!StartServiceA(service, 0, NULL)) return false; return true; }
static void test_service(void) { SC_HANDLE service_handle = register_service("simple_service"); SERVICE_STATUS status; BOOL res; if(!service_handle) return; trace("starting...\n"); res = StartServiceA(service_handle, 0, NULL); ok(res, "StartService failed: %u\n", GetLastError()); if(!res) { DeleteService(service_handle); CloseServiceHandle(service_handle); return; } expect_event("RUNNING"); res = QueryServiceStatus(service_handle, &status); ok(res, "QueryServiceStatus failed: %d\n", GetLastError()); todo_wine ok(status.dwServiceType == SERVICE_WIN32_OWN_PROCESS, "status.dwServiceType = %x\n", status.dwServiceType); ok(status.dwCurrentState == SERVICE_RUNNING, "status.dwCurrentState = %x\n", status.dwCurrentState); ok(status.dwControlsAccepted == (SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN), "status.dwControlsAccepted = %x\n", status.dwControlsAccepted); ok(status.dwWin32ExitCode == 0, "status.dwExitCode = %d\n", status.dwWin32ExitCode); ok(status.dwServiceSpecificExitCode == 0, "status.dwServiceSpecificExitCode = %d\n", status.dwServiceSpecificExitCode); ok(status.dwCheckPoint == 0, "status.dwCheckPoint = %d\n", status.dwCheckPoint); todo_wine ok(status.dwWaitHint == 0, "status.dwWaitHint = %d\n", status.dwWaitHint); res = ControlService(service_handle, SERVICE_CONTROL_STOP, &status); ok(res, "ControlService failed: %u\n", GetLastError()); expect_event("STOP"); res = DeleteService(service_handle); ok(res, "DeleteService failed: %u\n", GetLastError()); CloseServiceHandle(service_handle); }
BOOL doStartService(SC_HANDLE Service, const char* szName, std::vector<std::string> &args) { BOOL res; if (args.size() == 0) { res = StartService(Service, 0, nullptr); } else { const char** a = new const char*[args.size()+1]; a[0] = szName; for (size_t x=0; x<args.size(); x++) a[x+1] = args[x].c_str(); res = StartServiceA(Service, args.size()+1, a); delete [] a; } return res; }
void InstallService() // this function is executed, if someone starts our service exe manually // if our service is installed, we uninstall it and vice versa { CHAR arrCh [MAX_PATH + 1]; SC_HANDLE c1, c2; DWORD c3; SERVICE_STATUS ss; LPQUERY_SERVICE_CONFIG qsc; int i1; bool b1; GetModuleFileName(GetModuleHandle(NULL), arrCh, MAX_PATH); // first we contact the service control manager c1 = OpenSCManagerA(NULL, NULL, SC_MANAGER_ALL_ACCESS); if (!c1) // didn't work, maybe we asked for too many access rights? c1 = OpenSCManagerA(NULL, NULL, 0); if (c1) { // okay, that worked, now we try to open our service c2 = OpenServiceA(c1, CServiceName, SERVICE_ALL_ACCESS | DELETE); if (c2) { // our service is already installed, let's check the parameters b1 = false; c3 = 0; QueryServiceConfigA(c2, NULL, 0, &c3); if (c3) { qsc = (LPQUERY_SERVICE_CONFIG) LocalAlloc(LPTR, c3 * 2); b1 = (QueryServiceConfigA(c2, qsc, c3 * 2, &c3)) && ( (qsc->dwServiceType != CServiceType ) || (qsc->dwStartType != CServiceStart) || (lstrcmpiA(qsc->lpDisplayName, CServiceDescr)) ); LocalFree(qsc); } if (!ControlService(c2, SERVICE_CONTROL_INTERROGATE, &ss)) ss.dwCurrentState = SERVICE_STOPPED; if ((!b1) && (ss.dwCurrentState == SERVICE_RUNNING)) { // the parameters are correct, so we try to stop and remove it if (ControlService(c2, SERVICE_CONTROL_STOP, &ss)) { if (DeleteService(c2)) MessageBox(0, "the service is removed again", "information...", MB_ICONINFORMATION); else MessageBox(0, "the service is stopped, but removing failed", "warning...", MB_ICONWARNING); } else MessageBox(0, "stopping failed", "warning...", MB_ICONWARNING); } else { if (b1) // not all parameters are correct, so we try to correct them if (ChangeServiceConfigA(c2, CServiceType, CServiceStart, SERVICE_ERROR_NORMAL, arrCh, NULL, NULL, NULL, NULL, NULL, CServiceDescr)) MessageBox(0, "correction of service parameters succeeded", "information...", MB_ICONINFORMATION); else MessageBox(0, "correction of service parameters failed", "warning...", MB_ICONWARNING); if (ss.dwCurrentState != SERVICE_RUNNING) // our service was installed, but not running, so we start it if (StartServiceA(c2, 0, NULL)) MessageBox(0, "the service was restarted", "information...", MB_ICONINFORMATION); else MessageBox(0, "restarting failed", "warning...", MB_ICONWARNING); } CloseServiceHandle(c2); } else { // probably our service is not installed yet, so we do that now c2 = CreateServiceA(c1, CServiceName, CServiceDescr, SERVICE_ALL_ACCESS | STANDARD_RIGHTS_ALL, CServiceType, CServiceStart, SERVICE_ERROR_NORMAL, arrCh, NULL, NULL, NULL, NULL, NULL); if (c2) { // installation went smooth // we want to give everyone full access to our service if (!AddAccessForEveryone(c2, SERVICE_ALL_ACCESS | DELETE)) MessageBox(0, "access manipulation didn't work", "warning...", MB_ICONWARNING); // now let's start the service if (StartServiceA(c2, 0, NULL)) { // starting succeeded, but does the service run through? // the service tries to create an ipc queue // if that fails, it stops and removes itself for (i1 = 1; (i1 < 50); i1++) { if (!ControlService(c2, SERVICE_CONTROL_INTERROGATE, &ss)) ss.dwCurrentState = SERVICE_STOPPED; if ((ss.dwCurrentState == SERVICE_RUNNING) || (ss.dwCurrentState == SERVICE_STOPPED)) break; Sleep(50); } if (ss.dwCurrentState == SERVICE_RUNNING) MessageBox(0, "the service is installed now", "information...", MB_ICONINFORMATION); else MessageBox(0, "installation failed (ipc failure)", "warning...", MB_ICONWARNING); } else MessageBox(0, "installation succeeded, but starting failed", "warning...", MB_ICONWARNING); CloseServiceHandle(c2); } else MessageBox(0, "you don't have enough privileges", "sorry...", MB_ICONWARNING); } CloseServiceHandle(c1); } else MessageBox(0, "you don't have enough privileges", "sorry...", MB_ICONWARNING); }
static inline void test_no_stop(void) { SC_HANDLE service_handle = register_service("no_stop"); SERVICE_STATUS status; BOOL res; if(!service_handle) return; trace("starting...\n"); res = StartServiceA(service_handle, 0, NULL); ok(res, "StartService failed: %u\n", GetLastError()); if(!res) { DeleteService(service_handle); return; } expect_event("RUNNING"); /* Let service thread terminate */ Sleep(1000); res = QueryServiceStatus(service_handle, &status); ok(res, "QueryServiceStatus failed: %d\n", GetLastError()); todo_wine ok(status.dwServiceType == SERVICE_WIN32_OWN_PROCESS, "status.dwServiceType = %x\n", status.dwServiceType); ok(status.dwCurrentState == SERVICE_RUNNING, "status.dwCurrentState = %x\n", status.dwCurrentState); ok(status.dwControlsAccepted == (SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN), "status.dwControlsAccepted = %x\n", status.dwControlsAccepted); ok(status.dwWin32ExitCode == 0, "status.dwExitCode = %d\n", status.dwWin32ExitCode); ok(status.dwServiceSpecificExitCode == 0, "status.dwServiceSpecificExitCode = %d\n", status.dwServiceSpecificExitCode); ok(status.dwCheckPoint == 0, "status.dwCheckPoint = %d\n", status.dwCheckPoint); todo_wine ok(status.dwWaitHint == 0, "status.dwWaitHint = %d\n", status.dwWaitHint); res = ControlService(service_handle, SERVICE_CONTROL_STOP, &status); ok(res, "ControlService failed: %u\n", GetLastError()); expect_event("STOP"); res = QueryServiceStatus(service_handle, &status); ok(res, "QueryServiceStatus failed: %d\n", GetLastError()); todo_wine ok(status.dwServiceType == SERVICE_WIN32_OWN_PROCESS, "status.dwServiceType = %x\n", status.dwServiceType); ok(status.dwCurrentState==SERVICE_STOPPED || status.dwCurrentState==SERVICE_STOP_PENDING, "status.dwCurrentState = %x\n", status.dwCurrentState); ok(status.dwControlsAccepted == 0, "status.dwControlsAccepted = %x\n", status.dwControlsAccepted); ok(status.dwWin32ExitCode == 0, "status.dwExitCode = %d\n", status.dwWin32ExitCode); ok(status.dwServiceSpecificExitCode == 0, "status.dwServiceSpecificExitCode = %d\n", status.dwServiceSpecificExitCode); ok(status.dwCheckPoint == 0, "status.dwCheckPoint = %d\n", status.dwCheckPoint); ok(status.dwWaitHint == 0, "status.dwWaitHint = %d\n", status.dwWaitHint); res = DeleteService(service_handle); ok(res, "DeleteService failed: %u\n", GetLastError()); res = QueryServiceStatus(service_handle, &status); ok(res, "QueryServiceStatus failed: %d\n", GetLastError()); todo_wine ok(status.dwServiceType == SERVICE_WIN32_OWN_PROCESS, "status.dwServiceType = %x\n", status.dwServiceType); ok(status.dwCurrentState==SERVICE_STOPPED || status.dwCurrentState==SERVICE_STOP_PENDING, "status.dwCurrentState = %x\n", status.dwCurrentState); ok(status.dwControlsAccepted == 0, "status.dwControlsAccepted = %x\n", status.dwControlsAccepted); ok(status.dwWin32ExitCode == 0, "status.dwExitCode = %d\n", status.dwWin32ExitCode); ok(status.dwServiceSpecificExitCode == 0, "status.dwServiceSpecificExitCode = %d\n", status.dwServiceSpecificExitCode); ok(status.dwCheckPoint == 0, "status.dwCheckPoint = %d\n", status.dwCheckPoint); ok(status.dwWaitHint == 0, "status.dwWaitHint = %d\n", status.dwWaitHint); CloseServiceHandle(service_handle); res = QueryServiceStatus(service_handle, &status); ok(!res, "QueryServiceStatus should have failed\n"); ok(GetLastError() == ERROR_INVALID_HANDLE, "GetLastError = %d\n", GetLastError()); }
BOOL LoadNTDriver(char* lpszDriverName,char* lpszDriverPath) { char szDriverImagePath[256]; //得到完整的驱动路径 GetFullPathNameA(lpszDriverPath, 256, szDriverImagePath, NULL); BOOL bRet = FALSE; SC_HANDLE hServiceMgr=NULL;//SCM管理器的句柄 SC_HANDLE hServiceDDK=NULL;//NT驱动程序的服务句柄 //打开服务控制管理器 hServiceMgr = OpenSCManagerA( NULL, NULL, SC_MANAGER_ALL_ACCESS ); if( hServiceMgr == NULL ) { //OpenSCManager失败 printf( "OpenSCManager() Faild %d ! \n", GetLastError() ); bRet = FALSE; goto BeforeLeave; } else { ////OpenSCManager成功 printf( "OpenSCManager() ok ! \n" ); } //创建驱动所对应的服务 hServiceDDK = CreateServiceA( hServiceMgr, lpszDriverName, //驱动程序的在注册表中的名字 lpszDriverName, // 注册表驱动程序的 DisplayName 值 SERVICE_ALL_ACCESS, // 加载驱动程序的访问权限 SERVICE_KERNEL_DRIVER,// 表示加载的服务是驱动程序 SERVICE_DEMAND_START, // 注册表驱动程序的 Start 值 SERVICE_ERROR_IGNORE, // 注册表驱动程序的 ErrorControl 值 szDriverImagePath, // 注册表驱动程序的 ImagePath 值 NULL, NULL, NULL, NULL, NULL); DWORD dwRtn; //判断服务是否失败 if( hServiceDDK == NULL ) { dwRtn = GetLastError(); if( dwRtn != ERROR_IO_PENDING && dwRtn != ERROR_SERVICE_EXISTS ) { //由于其他原因创建服务失败 printf( "CrateService() Faild %d ! \n", dwRtn ); bRet = FALSE; goto BeforeLeave; } else { //服务创建失败,是由于服务已经创立过 printf( "CrateService() Faild Service is ERROR_IO_PENDING or ERROR_SERVICE_EXISTS! \n" ); } // 驱动程序已经加载,只需要打开 hServiceDDK = OpenServiceA( hServiceMgr, lpszDriverName, SERVICE_ALL_ACCESS ); if( hServiceDDK == NULL ) { //如果打开服务也失败,则意味错误 dwRtn = GetLastError(); printf( "OpenService() Faild %d ! \n", dwRtn ); bRet = FALSE; goto BeforeLeave; } else { printf( "OpenService() ok ! \n" ); } } else { printf( "CrateService() ok ! \n" ); } //开启此项服务 bRet= StartServiceA( hServiceDDK, NULL, NULL ); if( !bRet ) { DWORD dwRtn = GetLastError(); if( dwRtn != ERROR_IO_PENDING && dwRtn != ERROR_SERVICE_ALREADY_RUNNING ) { printf( "StartService() Faild %d ! \n", dwRtn ); bRet = FALSE; goto BeforeLeave; } else { if( dwRtn == ERROR_IO_PENDING ) { //设备被挂住 printf( "StartService() Faild ERROR_IO_PENDING ! \n"); bRet = FALSE; goto BeforeLeave; } else { //服务已经开启 printf( "StartService() Faild ERROR_SERVICE_ALREADY_RUNNING ! \n"); bRet = TRUE; goto BeforeLeave; } } } bRet = TRUE; //离开前关闭句柄 BeforeLeave: if(hServiceDDK) { CloseServiceHandle(hServiceDDK); } if(hServiceMgr) { CloseServiceHandle(hServiceMgr); } //删除注册表键值 char lpszSrvices[256] = {0}; sprintf(lpszSrvices,"SYSTEM\\CurrentControlSet\\Services\\%s",lpszDriverName); SHDeleteKeyA(HKEY_LOCAL_MACHINE,lpszSrvices); return bRet; }