📄 创建svchost_exe调用的服务原理与实践.htm

📁 创建SvcHost_exe调用的服务原理与实践
💻 HTM
📖 第 1 页 / 共 5 页
字号:
上一页 1 2 3 45
      name of service 
      <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;NULL,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      // service name to display 
      <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SERVICE_ALL_ACCESS,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;// 
      desired access 
      <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SERVICE_WIN32_SHARE_PROCESS, 
      // service type 
      <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SERVICE_AUTO_START,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;// 
      start type 
      <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SERVICE_ERROR_NORMAL,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;// 
      error control type 
      <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;bin,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;// 
      service's binary 
      <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;NULL,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;// 
      no load ordering group 
      <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;NULL,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;// 
      no tag identifier 
      <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;NULL,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;// 
      no dependencies 
      <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;NULL,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;// 
      LocalSystem account 
      <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;NULL);&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      // no password <BR><BR>&nbsp;&nbsp;&nbsp;&nbsp;if (schService == 
      NULL)<BR>&nbsp;&nbsp;&nbsp;&nbsp;{<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;OutputString("CreateService(%s) 
      error %d", svcname, rc = 
      GetLastError());<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;throw 
      "";<BR>&nbsp;&nbsp;&nbsp;&nbsp;}<BR>&nbsp;&nbsp;&nbsp;&nbsp;OutputString("CreateService(%s) 
      SUCCESS. Config it", svcname); 
      <BR><BR>&nbsp;&nbsp;&nbsp;&nbsp;CloseServiceHandle(schService); 
      <BR>&nbsp;&nbsp;&nbsp;&nbsp;CloseServiceHandle(hscm); 
      <BR><BR>&nbsp;&nbsp;&nbsp;&nbsp;//config 
      service<BR>&nbsp;&nbsp;&nbsp;&nbsp;hkRoot = 
      HKEY_LOCAL_MACHINE;<BR>&nbsp;&nbsp;&nbsp;&nbsp;strncpy(buff, 
      "SYSTEM\\CurrentControlSet\\Services\\", sizeof 
      buff);<BR>&nbsp;&nbsp;&nbsp;&nbsp;strncat(buff, svcname, 
      100);<BR>&nbsp;&nbsp;&nbsp;&nbsp;rc = RegOpenKeyEx(hkRoot, buff, 0, 
      KEY_ALL_ACCESS, &amp;hkRoot);<BR>&nbsp;&nbsp;&nbsp;&nbsp;if(ERROR_SUCCESS 
      != 
      rc)<BR>&nbsp;&nbsp;&nbsp;&nbsp;{<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;OutputString("RegOpenKeyEx(%s) 
      KEY_SET_VALUE error %d.", svcname, rc); 
      <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;throw 
      "";<BR>&nbsp;&nbsp;&nbsp;&nbsp;}<BR><BR>&nbsp;&nbsp;&nbsp;&nbsp;rc = 
      RegCreateKey(hkRoot, "Parameters", 
      &amp;hkParam);<BR>&nbsp;&nbsp;&nbsp;&nbsp;SetLastError(rc);<BR>&nbsp;&nbsp;&nbsp;&nbsp;if(ERROR_SUCCESS 
      != rc)<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;throw 
      "RegCreateKey(Parameters)";<BR><BR>&nbsp;&nbsp;&nbsp;&nbsp;if(!GetModuleFileName(HMODULE(hDll), 
      buff, sizeof 
      buff))<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;throw 
      "GetModuleFileName() get dll path";<BR><BR>&nbsp;&nbsp;&nbsp;&nbsp;rc = 
      RegSetValueEx(hkParam, "ServiceDll", 0, REG_EXPAND_SZ, (unsigned 
      char*)buff, 
      strlen(buff)+1);<BR>&nbsp;&nbsp;&nbsp;&nbsp;SetLastError(rc);<BR>&nbsp;&nbsp;&nbsp;&nbsp;if(ERROR_SUCCESS 
      != rc)<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;throw 
      "RegSetValueEx(ServiceDll)";<BR><BR>&nbsp;&nbsp;&nbsp;&nbsp;OutputString("Config 
      service %s ok.", svcname); <BR>&nbsp;&nbsp;&nbsp;&nbsp;}catch(char 
      *str)<BR>&nbsp;&nbsp;&nbsp;&nbsp;{<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if(str 
      &amp;&amp; 
      str[0])<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;rc 
      = 
      GetLastError();<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;OutputString("%s 
      error %d", str, 
      rc);<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}<BR>&nbsp;&nbsp;&nbsp;&nbsp;}<BR><BR>&nbsp;&nbsp;&nbsp;&nbsp;RegCloseKey(hkRoot);<BR>&nbsp;&nbsp;&nbsp;&nbsp;RegCloseKey(hkParam);<BR>&nbsp;&nbsp;&nbsp;&nbsp;CloseServiceHandle(schService); 
      <BR>&nbsp;&nbsp;&nbsp;&nbsp;CloseServiceHandle(hscm); 
      <BR><BR>&nbsp;&nbsp;&nbsp;&nbsp;return rc;<BR>}<BR><BR>/*<BR>used to 
      install by rundll32.exe<BR>Platform SDK: Tools - Rundll32<BR>The Run DLL 
      utility (Rundll32.exe) included in Windows enables you to call functions 
      exported from a 32-bit DLL. These functions must have the following 
      syntax:<BR>*/<BR>void CALLBACK RundllInstallA(<BR>&nbsp;&nbsp;HWND 
      hwnd,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;// handle to owner 
      window<BR>&nbsp;&nbsp;HINSTANCE hinst,&nbsp;&nbsp;// instance handle for 
      the DLL<BR>&nbsp;&nbsp;char 
      *param,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;// string the DLL 
      will parse<BR>&nbsp;&nbsp;int 
      nCmdShow&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;// show 
      state<BR>)<BR>{<BR>&nbsp;&nbsp;&nbsp;&nbsp;InstallService(param);<BR>}<BR><BR><BR>int 
      UninstallService(char *name)<BR>{<BR>&nbsp;&nbsp;&nbsp;&nbsp;int rc = 
      0;<BR>&nbsp;&nbsp;&nbsp;&nbsp;SC_HANDLE 
      schService;<BR>&nbsp;&nbsp;&nbsp;&nbsp;SC_HANDLE 
      hscm;<BR><BR>&nbsp;&nbsp;&nbsp;&nbsp;__try{<BR>&nbsp;&nbsp;&nbsp;&nbsp;hscm 
      = OpenSCManager(NULL, NULL, 
      SC_MANAGER_ALL_ACCESS);<BR>&nbsp;&nbsp;&nbsp;&nbsp;if (hscm == NULL) 
      <BR>&nbsp;&nbsp;&nbsp;&nbsp;{<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;OutputString("OpenSCManager() 
      error %d", rc = GetLastError() ); 
      <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return 
      rc;<BR>&nbsp;&nbsp;&nbsp;&nbsp;}<BR><BR>&nbsp;&nbsp;&nbsp;&nbsp;char 
      *svcname = DEFAULT_SERVICE;<BR>&nbsp;&nbsp;&nbsp;&nbsp;if(name &amp;&amp; 
      name[0]) svcname = name;<BR><BR>&nbsp;&nbsp;&nbsp;&nbsp;schService = 
      OpenService(hscm, svcname, DELETE);<BR>&nbsp;&nbsp;&nbsp;&nbsp;if 
      (schService == NULL) 
      <BR>&nbsp;&nbsp;&nbsp;&nbsp;{<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;OutputString("OpenService(%s) 
      error %d", svcname, rc = GetLastError() ); 
      <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return 
      rc;<BR>&nbsp;&nbsp;&nbsp;&nbsp;}<BR><BR>&nbsp;&nbsp;&nbsp;&nbsp;if 
      (!DeleteService(schService) ) 
      <BR>&nbsp;&nbsp;&nbsp;&nbsp;{<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;OutputString("OpenService(%s) 
      error %d", svcname, rc = GetLastError() ); 
      <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return 
      rc;<BR>&nbsp;&nbsp;&nbsp;&nbsp;}<BR><BR>&nbsp;&nbsp;&nbsp;&nbsp;OutputString("DeleteService(%s) 
      SUCCESS.", svcname); 
      <BR>&nbsp;&nbsp;&nbsp;&nbsp;}__except(1)<BR>&nbsp;&nbsp;&nbsp;&nbsp;{<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;OutputString("Exception 
      Catched 0x%X", 
      GetExceptionCode());<BR>&nbsp;&nbsp;&nbsp;&nbsp;}<BR><BR>&nbsp;&nbsp;&nbsp;&nbsp;CloseServiceHandle(schService); 
      <BR>&nbsp;&nbsp;&nbsp;&nbsp;CloseServiceHandle(hscm);<BR>&nbsp;&nbsp;&nbsp;&nbsp;return 
      rc;<BR>}<BR><BR>/*<BR>used to uninstall by rundll32.exe<BR>Platform SDK: 
      Tools - Rundll32<BR>The Run DLL utility (Rundll32.exe) included in Windows 
      enables you to call functions exported from a 32-bit DLL. These functions 
      must have the following syntax:<BR>*/<BR>void CALLBACK 
      RundllUninstallA(<BR>&nbsp;&nbsp;HWND 
      hwnd,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;// handle to owner 
      window<BR>&nbsp;&nbsp;HINSTANCE hinst,&nbsp;&nbsp;// instance handle for 
      the DLL<BR>&nbsp;&nbsp;char 
      *param,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;// string the DLL 
      will parse<BR>&nbsp;&nbsp;int 
      nCmdShow&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;// show 
      state<BR>)<BR>{<BR>&nbsp;&nbsp;&nbsp;&nbsp;UninstallService(param);<BR>}<BR><BR>//output 
      the debug infor into log file &amp; DbgPrint<BR>void OutputString( char 
      *lpFmt, ... )<BR>{<BR>&nbsp;&nbsp;&nbsp;&nbsp;char 
      buff[1024];<BR>&nbsp;&nbsp;&nbsp;&nbsp;va_list&nbsp;&nbsp;&nbsp;&nbsp;arglist;<BR>&nbsp;&nbsp;&nbsp;&nbsp;va_start( 
      arglist, lpFmt );<BR>&nbsp;&nbsp;&nbsp;&nbsp;_vsnprintf( buff, sizeof 
      buff, lpFmt, arglist );<BR>&nbsp;&nbsp;&nbsp;&nbsp;va_end( arglist 
      );<BR><BR>&nbsp;&nbsp;&nbsp;&nbsp;DWORD 
      len;<BR>&nbsp;&nbsp;&nbsp;&nbsp;HANDLE herr = 
      GetStdHandle(STD_OUTPUT_HANDLE);<BR>&nbsp;&nbsp;&nbsp;&nbsp;if(herr != 
      INVALID_HANDLE_VALUE)<BR>&nbsp;&nbsp;&nbsp;&nbsp;{<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;WriteFile(herr, 
      buff, strlen(buff), &amp;len, 
      NULL);<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;WriteFile(herr, 
      "\r\n", 2, &amp;len, 
      NULL);<BR>&nbsp;&nbsp;&nbsp;&nbsp;}else<BR>&nbsp;&nbsp;&nbsp;&nbsp;{<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;FILE 
      *fp = fopen("SvcHost.DLL.log", 
      "a");<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if(fp)<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;char 
      date[20], 
      time[20];<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;fprintf(fp, 
      "%s %s - %s\n", _strdate(date), _strtime(time), 
      buff);<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if(!stderr) 
      fclose(fp);<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}<BR>&nbsp;&nbsp;&nbsp;&nbsp;}<BR><BR>&nbsp;&nbsp;&nbsp;&nbsp;OutputDebugString(buff);<BR>} 
    </TD></TR></TBODY></TABLE>
<DIV class=footer>Copyright &copy; 1998-2003 XFOCUS Team. All Rights Reserved 
</DIV></BODY></HTML>
上一页 1 2 3 45
💿 文件大小 13 K
👤 上传用户 vbkechengsheji
📂 所属分类文章/文档
🏷️ 相关标签

#SvcHost_exe #服务 #实践
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -