monitorservice.cpp

这是一本学习 window编程的很好的参考教材

// monitorservice.cpp : 定义控制台应用程序的入口点。
//


//Author:	Anish C.V.
//EMail :   cv_anish@hotmail.com 

#include "stdafx.h"
#include <Winsock2.h>
#include "Windows.h"
#include "Winsvc.h"
#include "eth2file.h"





//#include <stdio.h>
//#include "common.h" 
//#include <ntsecapi.h>
//
//#pragma comment( lib, "advapi32.lib" )
//
//#define E_OBJ_IS_A_SERVICE			0x80040500
//#define E_NO_RUN_AS_DATA			0x80040501
//#define E_RUN_AS_INTERACTIVE		0x80040502
//#define E_NO_INTERACTIVE_SESSION	0x80040503
//#define E_SHELL_NOT_FOUND			0x80040504
//
//#define GUIDSTR_MAX				38
//#define MAX_TASKS           256 
//#define MAX_CMD_LEN 8192
SERVICE_STATUS m_ServiceStatus;
HANDLE g_hQuitServiceEvent=NULL;
SERVICE_STATUS_HANDLE m_ServiceStatusHandle;
BOOL bRunning=true;
void WINAPI ServiceMain(DWORD argc, LPTSTR *argv);
void WINAPI ServiceCtrlHandler(DWORD Opcode);
BOOL InstallService();
BOOL DeleteService();
//
//TCHAR g_szUserName[MAX_PATH];
//
//HRESULT GrantDesktopAccess(HANDLE hToken);
//
//HRESULT GetProcessToken(DWORD dwProcessID, LPHANDLE token, DWORD nUserNameMax, LPTSTR szwUserName, DWORD nUserDomainMax, LPTSTR szwUserDomain)
//{
//	HANDLE hProcess=OpenProcess(PROCESS_DUP_HANDLE|PROCESS_QUERY_INFORMATION,TRUE,dwProcessID); 
//	HRESULT retval = S_OK;
//	if(hProcess) { 
//		HANDLE hToken = INVALID_HANDLE_VALUE;
//		if (!OpenProcessToken(hProcess, TOKEN_DUPLICATE | TOKEN_QUERY, &hToken)) retval = HRESULT_FROM_WIN32(GetLastError());
//		else {
//			BYTE buf[MAX_PATH]; DWORD dwRead = 0;
//			if (!GetTokenInformation(hToken, TokenUser, buf, MAX_PATH, &dwRead)) retval = HRESULT_FROM_WIN32(GetLastError());
//			else {
//				TOKEN_USER *puser = reinterpret_cast<TOKEN_USER*>(buf);
//				SID_NAME_USE eUse;
//				if (!LookupAccountSid(NULL, puser->User.Sid, szwUserName, &nUserNameMax, szwUserDomain, &nUserDomainMax, &eUse))
//					retval = HRESULT_FROM_WIN32(GetLastError());
//			}
//			if (FAILED(retval)) return retval;
//			if (!DuplicateTokenEx(hToken, 
//				TOKEN_IMPERSONATE | TOKEN_QUERY | TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE, 
//				NULL, SecurityImpersonation, TokenPrimary,token))
//				retval = HRESULT_FROM_WIN32(GetLastError());
//			else  retval = S_OK;
//			CloseHandle(hToken);
//		}
//		CloseHandle(hProcess);
//	} else retval = HRESULT_FROM_WIN32(GetLastError());
//	return retval;
//}
//
//HRESULT GetInteractiveUserToken(LPHANDLE token, DWORD nUserNameMax, LPTSTR szwUserName, DWORD nUserDomainMax, LPTSTR szwUserDomain)
//{
//    HKEY                  registryKey;
//    ULONG returnValue = RegOpenKeyEx (HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", 0, KEY_READ, &registryKey);
//    if (returnValue != ERROR_SUCCESS) return HRESULT_FROM_WIN32(returnValue);
//
//	DWORD valueType;
//	DWORD valueSize = (MAX_PATH+1)*sizeof(TCHAR);
//    TCHAR process[MAX_PATH+1];
//	memset(process,0,sizeof(process));
//    returnValue = RegQueryValueEx(registryKey, "Shell", NULL, &valueType, (BYTE*)process, &valueSize);
//	RegCloseKey(registryKey);
//	if (returnValue != ERROR_SUCCESS) return E_NO_INTERACTIVE_SESSION;
//	if (_tcslen(process)==0) return E_NO_INTERACTIVE_SESSION;
//
//	TCHAR *p = _tcsrchr( process , '.' ); 
//    if (p) { 
//        p[0] = '\0'; 
//    } 
//	for (p = process; *p!='\0'; p++) *p = _totupper(*p);
//
//	TASK_LIST   tlist[MAX_TASKS]; 
//	memset(tlist,0, sizeof(tlist));
//	DWORD numTasks = GetTaskListNT( tlist, MAX_TASKS ); 
//	TCHAR tname[MAX_PATH+1];
//	memset(tname,0,sizeof(tname));
//    for (DWORD i=0; i<numTasks; i++) { 
//        tname[0] = 0; 
//        _tcscpy( tname, tlist[i].ProcessName ); 
//        p = _tcsrchr( tname, '.' ); 
//        if (p) { 
//            p[0] = '\0'; 
//        } 
//        if (MatchPattern( tname, process)) { 
//			return GetProcessToken(tlist[i].dwProcessId, token, nUserNameMax, szwUserName, nUserDomainMax, szwUserDomain);
//        } else if (MatchPattern( tlist[i].ProcessName, process )) { 
//			return GetProcessToken(tlist[i].dwProcessId, token, nUserNameMax, szwUserName, nUserDomainMax, szwUserDomain);
//        } else if (MatchPattern(tlist[i].WindowTitle, process)) { 
//			return GetProcessToken(tlist[i].dwProcessId, token, nUserNameMax, szwUserName, nUserDomainMax, szwUserDomain);
//        } 
//    } 
//
//	return E_SHELL_NOT_FOUND;
//}
//
////HRESULT GetRunAsPassword (LPTSTR AppID, int nPasswordMax, LPTSTR szwPassword, int nUserNameMax, LPTSTR szwUserName, int nUserDomainMax, LPTSTR szwUserDomain)
////{
////    LSA_OBJECT_ATTRIBUTES objectAttributes;
////    HANDLE                policyHandle = NULL;
////    LSA_UNICODE_STRING    lsaKeyString;
////    PLSA_UNICODE_STRING   lsaPasswordString;
////    TCHAR                 key [4 + GUIDSTR_MAX + 1];
////    ULONG                 returnValue;
////    TCHAR                 keyName [MAX_PATH+1];
////    HKEY                  registryKey;
////
////    wsprintf (keyName, "AppID\\%s", AppID);
////    returnValue = RegOpenKeyEx (HKEY_CLASSES_ROOT, keyName, 0, KEY_READ, &registryKey);
////    if (returnValue == ERROR_SUCCESS) {
////		DWORD valueType;
////		DWORD valueSize = 0;
////        returnValue = RegQueryValueEx (registryKey, "LocalService", NULL, &valueType, NULL, &valueSize);
////
////        if (returnValue == ERROR_SUCCESS || returnValue == ERROR_MORE_DATA) return RegCloseKey (registryKey), E_OBJ_IS_A_SERVICE;
////		
////	    TCHAR principal[MAX_PATH+1];
////		valueSize = (MAX_PATH+1)*sizeof(TCHAR);
////        returnValue = RegQueryValueEx(registryKey, "RunAs", NULL, &valueType, (BYTE*)principal, &valueSize);
////        RegCloseKey (registryKey);
////        if (returnValue != ERROR_SUCCESS) return E_NO_RUN_AS_DATA;
////		if (_tcscmp(principal, "Interactive User") == 0) return E_RUN_AS_INTERACTIVE;
////		LPCTSTR ptmp = _tcschr(principal, '\\');
////		if (ptmp == 0) {
////			memset(szwUserDomain, 0, nUserDomainMax);
////			_tcsncpy(szwUserName, principal, nUserNameMax);
////		} else {
////			memset(szwUserDomain, 0, nUserDomainMax);
////			_tcsncpy(szwUserDomain, principal, min(nUserDomainMax, ptmp-principal));
////			_tcsncpy(szwUserName, ptmp+1, nUserNameMax);
////		}
////    } else return E_NO_RUN_AS_DATA;
////
////    _tcscpy (key, "SCM:");
////    wcscat (key, AppID);
////
////    lsaKeyString.Length = (USHORT) ((_tcslen (key) + 1) * sizeof (TCHAR));
////    lsaKeyString.MaximumLength = (GUIDSTR_MAX + 5) * sizeof (TCHAR);
////    lsaKeyString.Buffer = key;
////
////    //
////    // Open the local security policy
////    //
////
////    memset (&objectAttributes, 0x00, sizeof (LSA_OBJECT_ATTRIBUTES));
////    objectAttributes.Length = sizeof (LSA_OBJECT_ATTRIBUTES);
////
////    returnValue = LsaOpenPolicy (NULL,
////                                 &objectAttributes,
////                                 POLICY_GET_PRIVATE_INFORMATION,
////                                 &policyHandle);
////
////    if (returnValue != ERROR_SUCCESS)
////        return returnValue;
////
////    //
////    // Read the user's password
////    //
////
////    returnValue = LsaRetrievePrivateData (policyHandle,
////                                          &lsaKeyString,
////                                          &lsaPasswordString);
////
////    if (returnValue != ERROR_SUCCESS)
////    {
////        LsaClose (policyHandle);
////        return returnValue;
////    }
////
////    LsaClose (policyHandle);
////    _tcsncpy (szwPassword, lsaPasswordString->Buffer, nPasswordMax);
////	LsaFreeMemory(lsaPasswordString->Buffer);
////
////    return ERROR_SUCCESS;
////}
//
//void Quit( const TCHAR* pszMsg, int nExitCode = 1 )
//{
//	printf( "%s\n", pszMsg );
//	exit( nExitCode );
//}
//
//void Err( const TCHAR* pszFcn, DWORD nErr = GetLastError() )
//{
//	TCHAR szErrMsg[256];
//	TCHAR szMsg[512];
//	if ( FormatMessage( FORMAT_MESSAGE_FROM_SYSTEM, 0, nErr, 0, szErrMsg, sizeof szErrMsg / sizeof *szErrMsg, 0 ) )
//		 sprintf( szMsg, "%s failed: %s", szErrMsg );
//	else sprintf( szMsg, "%s failed: 0x%08X", nErr );
//	Quit( szMsg );
//}
//
//
//
//void* GetAdminSid()
//{
//	SID_IDENTIFIER_AUTHORITY ntauth = SECURITY_NT_AUTHORITY;
//	void* psid = 0;
//	if ( !AllocateAndInitializeSid( &ntauth, 2,
//			SECURITY_BUILTIN_DOMAIN_RID,
//			DOMAIN_ALIAS_RID_ADMINS,
//			0, 0, 0, 0, 0, 0, &psid ) )
//		Err( "AllocateAndInitializeSid" );
//	return psid;
//}
//
//void* GetLocalSystemSid()
//{
//	SID_IDENTIFIER_AUTHORITY ntauth = SECURITY_NT_AUTHORITY;
//	void* psid = 0;
//	if ( !AllocateAndInitializeSid( &ntauth, 1,
//			SECURITY_LOCAL_SYSTEM_RID,
//			0, 0, 0, 0, 0, 0, 0, &psid ) )
//		Err( "AllocateAndInitializeSid" );
//	return psid;
//}
//
//
//bool IsAdmin()
//{
//	bool bIsAdmin = false;
//	HANDLE htok = 0;
//	if ( !OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &htok ) )
//		Err( "OpenProcessToken" );
//
//	DWORD cb = 0;
//	GetTokenInformation( htok, TokenGroups, 0, 0, &cb );
//	TOKEN_GROUPS* ptg = (TOKEN_GROUPS*)malloc( cb );
//	if ( !ptg )
//		Err( "malloc" );
//	if ( !GetTokenInformation( htok, TokenGroups, ptg, cb, &cb ) )
//		Err( "GetTokenInformation" );
//
//	void* pAdminSid = GetAdminSid();
//
//	SID_AND_ATTRIBUTES* const end = ptg->Groups + ptg->GroupCount;
//	for ( SID_AND_ATTRIBUTES* it = ptg->Groups; end != it; ++it )
//		if ( EqualSid( it->Sid, pAdminSid ) )
//			break;
//
//	bIsAdmin = end != it;