📄 创建svchost_exe调用的服务原理与实践.htm
字号:
DllMain called DLL_THREAD_ATTACH");<BR> case
DLL_THREAD_DETACH:<BR> OutputString("SvcHostDLL:
DllMain called DLL_THREAD_DETACH");<BR> case
DLL_PROCESS_DETACH:<BR> TellSCM(
SERVICE_STOP_PENDING, 0, 0
);<BR> Sleep(1500);<BR> TellSCM(
SERVICE_STOPPED, 0, 0
);<BR> OutputString("SvcHostDLL:
DllMain called
DLL_PROCESS_DETACH");<BR>#endif<BR> break;<BR> }<BR><BR> return
TRUE;<BR>}<BR><BR><BR>void __stdcall ServiceMain( int argc, wchar_t*
argv[]
)<BR>{<BR>// DebugBreak();<BR> char
svcname[256];<BR> strncpy(svcname, (char*)argv[0],
sizeof svcname); //it's should be unicode, but if it's ansi we do it
well<BR> wcstombs(svcname, argv[0], sizeof
svcname);<BR> OutputString("SvcHostDLL:
ServiceMain(%d, %s) called", argc,
svcname);<BR><BR> hSrv =
RegisterServiceCtrlHandler( svcname, (LPHANDLER_FUNCTION)ServiceHandler
);<BR> if( hSrv == NULL
)<BR> {<BR> OutputString("SvcHostDLL:
RegisterServiceCtrlHandler %S failed",
argv[0]);<BR> return;<BR> }else
FreeConsole();<BR><BR> TellSCM(
SERVICE_START_PENDING, 0, 1 );<BR> TellSCM(
SERVICE_RUNNING, 0, 0 );<BR><BR> // call Real
Service function noew<BR> if(argc >
1)<BR> strncpy(svcname,
(char*)argv[1], sizeof
svcname),<BR> wcstombs(svcname,
argv[1], sizeof svcname);<BR> RealService(argc >
1 ? svcname : MY_EXECUTE_NAME, argc > 2 ? 1 :
0);<BR><BR> do{<BR> Sleep(10);//not
quit until receive stop command, otherwise the service will
stop<BR> }while(dwCurrState != SERVICE_STOP_PENDING
&& dwCurrState !=
SERVICE_STOPPED);<BR><BR> OutputString("SvcHostDLL:
ServiceMain done");<BR> return;<BR>}<BR><BR>int
TellSCM( DWORD dwState, DWORD dwExitCode, DWORD dwProgress
)<BR>{<BR> SERVICE_STATUS
srvStatus;<BR> srvStatus.dwServiceType =
SERVICE_WIN32_OWN_PROCESS;<BR> srvStatus.dwCurrentState
= dwCurrState =
dwState;<BR> srvStatus.dwControlsAccepted =
SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_PAUSE_CONTINUE |
SERVICE_ACCEPT_SHUTDOWN;<BR> srvStatus.dwWin32ExitCode
=
dwExitCode;<BR> srvStatus.dwServiceSpecificExitCode
= 0;<BR> srvStatus.dwCheckPoint =
dwProgress;<BR> srvStatus.dwWaitHint =
3000;<BR> return SetServiceStatus( hSrv,
&srvStatus );<BR>}<BR><BR>void __stdcall ServiceHandler( DWORD
dwCommand )<BR>{<BR> // not really necessary
because the service stops quickly<BR> switch(
dwCommand )<BR> {<BR> case
SERVICE_CONTROL_STOP:<BR> TellSCM(
SERVICE_STOP_PENDING, 0, 1
);<BR> OutputString("SvcHostDLL:
ServiceHandler called
SERVICE_CONTROL_STOP");<BR> Sleep(10);<BR> TellSCM(
SERVICE_STOPPED, 0, 0
);<BR> break;<BR> case
SERVICE_CONTROL_PAUSE:<BR> TellSCM(
SERVICE_PAUSE_PENDING, 0, 1
);<BR> OutputString("SvcHostDLL:
ServiceHandler called
SERVICE_CONTROL_PAUSE");<BR> TellSCM(
SERVICE_PAUSED, 0, 0
);<BR> break;<BR> case
SERVICE_CONTROL_CONTINUE:<BR> TellSCM(
SERVICE_CONTINUE_PENDING, 0, 1
);<BR> OutputString("SvcHostDLL:
ServiceHandler called
SERVICE_CONTROL_CONTINUE");<BR> TellSCM(
SERVICE_RUNNING, 0, 0
);<BR> break;<BR> case
SERVICE_CONTROL_INTERROGATE:<BR> OutputString("SvcHostDLL:
ServiceHandler called
SERVICE_CONTROL_INTERROGATE");<BR> TellSCM(
dwCurrState, 0, 0
);<BR> break;<BR> case
SERVICE_CONTROL_SHUTDOWN:<BR> OutputString("SvcHostDLL:
ServiceHandler called
SERVICE_CONTROL_SHUTDOWN");<BR> TellSCM(
SERVICE_STOPPED, 0, 0
);<BR> break;<BR> }<BR>}<BR><BR><BR>//RealService
just create a process <BR>int RealService(char *cmd, int
bInteract)<BR>{<BR> OutputString("SvcHostDLL:
RealService called '%s' %s", cmd, bInteract ? "Interact" :
"");<BR> STARTUPINFO si =
{0};<BR> PROCESS_INFORMATION
pi;<BR> si.cb = sizeof
si;<BR> if(bInteract) si.lpDesktop =
"WinSta0\\Default"; <BR> if(!CreateProcess(NULL,
cmd, NULL, NULL, false, 0, NULL, NULL, &si,
&pi))<BR> OutputString("SvcHostDLL:
CreateProcess(%s) error:%d", cmd,
GetLastError());<BR> else OutputString("SvcHostDLL:
CreateProcess(%s) to %d", cmd,
pi.dwProcessId);<BR><BR> return
0;<BR>}<BR><BR><BR>int InstallService(char
*name)<BR>{<BR> // Open a handle to the SC Manager
database. <BR> int rc =
0;<BR> HKEY hkRoot = HKEY_LOCAL_MACHINE, hkParam =
0;<BR> SC_HANDLE hscm = NULL, schService =
NULL;<BR><BR> try{<BR> char
buff[500];<BR> char *svcname =
DEFAULT_SERVICE;<BR> if(name && name[0])
svcname = name;<BR><BR> //query svchost
setting<BR> char *ptr, *pSvchost =
"SOFTWARE\\Microsoft\\Windows
NT\\CurrentVersion\\Svchost";<BR> rc =
RegOpenKeyEx(hkRoot, pSvchost, 0, KEY_QUERY_VALUE,
&hkRoot);<BR> if(ERROR_SUCCESS !=
rc)<BR> {<BR> OutputString("RegOpenKeyEx(%s)
KEY_QUERY_VALUE error %d.", pSvchost, rc);
<BR> throw
"";<BR> }<BR><BR> DWORD
type, size = sizeof buff;<BR> rc =
RegQueryValueEx(hkRoot, "netsvcs", 0, &type, (unsigned char*)buff,
&size);<BR> RegCloseKey(hkRoot);<BR> SetLastError(rc);<BR> if(ERROR_SUCCESS
!= rc)<BR> throw
"RegQueryValueEx(Svchost\\netsvcs)";<BR><BR> for(ptr
= buff; *ptr; ptr = strchr(ptr,
0)+1)<BR> if(stricmp(ptr,
svcname) == 0) break;<BR><BR> if(*ptr ==
0)<BR> {<BR> OutputString("you
specify service name not in Svchost\\netsvcs, must be one of following:");
<BR> for(ptr = buff; *ptr;
ptr = strchr(ptr,
0)+1)<BR> OutputString("
- %s", ptr); <BR> throw
"";<BR> }<BR><BR> //install
service<BR> hscm = OpenSCManager(NULL, NULL,
SC_MANAGER_ALL_ACCESS);<BR> if (hscm == NULL)
<BR> throw
"OpenSCManager()";<BR> <BR> char
*bin = "%SystemRoot%\\System32\\svchost.exe -k
netsvcs";<BR><BR> schService = CreateService(
<BR> hscm, //
SCManager database
<BR> svcname, //
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -