45 replies to this topic

[tibbar]

Well folks, I've improved this demo code somewhat.

It now is a fully functional clone of svrany.exe.

Note that this has no need for any ini files, all is self contained.

Enjoy!

[edit] this is superceded by newer version below.

[realloader]

Very good!
I will test it soon!

[DCLXVI]

very nice work tibbar, works great here on win 2000 pro

[tibbar]

Note that this program has a couple of advantages over svrany.

It will actually stop the program you have turned into a service when you type net stop servicename - svrany would not normally do this, so you would still have to manually kill the program.

also, the command line for the program can be up to 500 character, which is useful for things like ftp server which require a lot of command line parameters.

let me know if you think of additional features it lacks - i thought of adding restart services options, so you can choose what happens if the service fails.

[jead99]

The restart service option sounds like a good idea.

Btw. nice work

[tibbar]

done...

service will restart on failure, and if you specify reboot, then after first failure and failed restart, system will reboot and service will then restart.

[edit] latest code and binary below

[jead99]

@tibbar: a way back i also made a service manager. I just want to ask you if its ok i use your code to extend it ?

[tibbar]

of course:

ServiceDaemon Written by Tibbar @ GSO.  You may use this code in your own projects
for non-commercial purposes provided you give credit to the author.

[tibbar]

I've added more options on service name, and allow you to set description now.


[edit] superceded by version below with safe mode...

[dont-staY]

nice work!

A further option to start a service even in Safe Mode would be a good idea !

The following registry keys list the driver and service groups enabled in safe mode:

Safe mode without networking
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

Safe mode with networking
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

[tibbar]

that's a good idea, looks like a 5 min job.

what happens if you add a service to this list, and then it's subsequently removed via the service manager? will it get left in this list, and if so, what effect will that have on safe mode booting up?

[tibbar]

ok, it's done (untested on safe mode... i leave this to you!)

/*

ServiceDaemon Written by Tibbar @ GSO.  You may use this code in your own projects
for non-commercial purposes provided you give credit to the author.

D:\cpp\ServiceDaemon\Release>ServiceDaemon.exe
*** ServiceDaemon by Tibbar @ GSO ***
Usage:  ServiceDaemon install ShortServiceName LongServiceName ServiceDescriptio
n StartupPath ServiceFailure SafeMode
ServiceFailure = 0 ---> do not restart service on failure
ServiceFailure = 1 ---> restart service on failure
ServiceFailure = 2 ---> reboot computer on failure
SafeMode           = 0 ---> Service will not start in Safe Mode
SafeMode           = 1 ---> Service will start in Safe Mode

        ServiceDaemon remove ShortServiceName

e.g. ServiceDaemon install MyServ MyService "It's a test service" "c:\windows\my
Prog -i -n -2333" 1 1

    ServiceDaemon remove MyServ

D:\ServiceDaemon\Debug>ServiceDaemon.exe install MyNote MyNotePad "It's a useful pad of paper" "c:\windows\system32\notepad.exe" 1 1
Service Was Installed Successfully

D:\ServiceDaemon\Debug>net start MyNote

The MyNotepad service was started successfully.

(notepad now appears in taskmgr, but does not appear as a window)

D:\ServiceDaemon\Debug>net stop MyNote
The MyNotepad service is stopping.
The MyNotepad service was stopped successfully.

(notepad now automatically shutsdown)

D:\ServiceDaemon\Debug>ServiceDaemon.exe remove MyNote
Service Removed Successfully

*/


#include <stdio.h>
#include <windows.h>
#include <tchar.h>
#include "shlobj.h" 
#include <tlhelp32.h>

//TCHAR gszServiceName[256] = TEXT("");
char gszLongServiceName[256] = "";
char gszShortServiceName[256] = "";
char gszServiceDescription[500] = "";
char g_StartUp[500] = "";
SERVICE_STATUS serviceStatus;
SERVICE_STATUS_HANDLE serviceStatusHandle = 0;
HANDLE ServiceControlEvent = 0;
DWORD g_PID = 0;
DWORD g_FailureAction = 0;
DWORD g_SafeMode = 0;

void WINAPI ServiceControlHandler( DWORD controlCode )
{
 switch ( controlCode )
  {
	case SERVICE_CONTROL_INTERROGATE:
	break;

	case SERVICE_CONTROL_SHUTDOWN:
	case SERVICE_CONTROL_STOP:
   	 serviceStatus.dwCurrentState = SERVICE_STOP_PENDING;
  SetServiceStatus( serviceStatusHandle, &serviceStatus );

  SetEvent( ServiceControlEvent );
  return;

	case SERVICE_CONTROL_PAUSE:
  break;

	case SERVICE_CONTROL_CONTINUE:
  break;

	default:
  if ( controlCode >= 128 && controlCode <= 255 )
  // user defined control code
 	 break;
  else
  // unrecognised control code
 	 break;
	}

	SetServiceStatus( serviceStatusHandle, &serviceStatus );
}

BOOL IsProcessAlive(DWORD pId)
{
	HANDLE         hProcessSnap = NULL; 
    BOOL           bRet      = FALSE; 
    PROCESSENTRY32 pe32      = {0}; 
 
    //  Take a snapshot of all processes in the system. 

    hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); 

    if (hProcessSnap == INVALID_HANDLE_VALUE) 
        return (FALSE); 
 
    //  Fill in the size of the structure before using it. 

    pe32.dwSize = sizeof(PROCESSENTRY32); 
 
    //  Walk the snapshot of the processes

    if (Process32First(hProcessSnap, &pe32)) 
    { 
        do 
        { 
 	 if(pId == pe32.th32ProcessID)
 	 {
    CloseHandle (hProcessSnap);
    return TRUE;
 	 }
        } 
        while (Process32Next(hProcessSnap, &pe32));  
    } 
    CloseHandle (hProcessSnap); 
    return FALSE; 
	
}

DWORD WINAPI ChildProcAlive(LPVOID param)
{
	// this thread must check that the child process is alive
	// if not self terminate process
	while(true)
	{
  /*
 	 HANDLE hProcess = NULL;
 	 hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, g_PID);
 	 ** It seems windows will let you open and query dead processes!...try again
  */
  BOOL isItAlive = IsProcessAlive(g_PID);
  
        if(!isItAlive) /* then child is dead */
  {
 	 DWORD pid = GetCurrentProcessId();
 	 HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);

 	 DWORD exitCode = 0;

 	 if(NULL != hProcess)
 	 {
    BOOL didItWork = GetExitCodeProcess(hProcess, &exitCode);
    if(didItWork != 0)
    {
   	 TerminateProcess(hProcess,exitCode);
    }
 	 }
 	 return 0;
  
  }
  
  Sleep(10000);
	}
}

void WINAPI ServiceMain( DWORD argc, TCHAR* argv[] )
{
	// initialise service status
	serviceStatus.dwServiceType = SERVICE_WIN32;
	serviceStatus.dwCurrentState = SERVICE_STOPPED;
	serviceStatus.dwControlsAccepted = 0;
	serviceStatus.dwWin32ExitCode = NO_ERROR;
	serviceStatus.dwServiceSpecificExitCode = NO_ERROR;
	serviceStatus.dwCheckPoint = 0;
	serviceStatus.dwWaitHint = 0;

	if(strcmp(argv[0],"") == 0) return;

	serviceStatusHandle = RegisterServiceCtrlHandler( argv[0],
  ServiceControlHandler );

	if ( serviceStatusHandle )
	{
  // service is starting
  serviceStatus.dwCurrentState = SERVICE_START_PENDING;
  SetServiceStatus( serviceStatusHandle, &serviceStatus );

	// Create the Controlling Event here
   ServiceControlEvent = CreateEvent( 0, FALSE, FALSE, 0 );

	// Service running
  serviceStatus.dwControlsAccepted |= (SERVICE_ACCEPT_STOP |
  SERVICE_ACCEPT_SHUTDOWN);
  serviceStatus.dwCurrentState = SERVICE_RUNNING;
  SetServiceStatus( serviceStatusHandle, &serviceStatus );

  // retrieve startup info
  char Key1[256];
  char Key2[60];
  strcpy(Key1,"SYSTEM\\CurrentControlSet\\Services\\");
  strcpy(Key2, argv[0]);
  strcat(Key2,"\\Parameters");
  strcat(Key1,Key2);
  HKEY hKey;
  DWORD Type = REG_SZ;
  Type = REG_SZ;
  RegOpenKeyEx(HKEY_LOCAL_MACHINE, Key1, 0, KEY_ALL_ACCESS, &hKey);

  char regValue[500] = "";
  DWORD size = 500*sizeof(char);
  LONG didItWork = RegQueryValueEx(hKey, "StartUp", NULL, NULL, (LPBYTE) regValue, &size );
  
  strcpy(g_StartUp, regValue);

  if(didItWork ==  ERROR_SUCCESS)
  {
  // start process

  STARTUPINFO si;
  PROCESS_INFORMATION pi;

  ZeroMemory( &si, sizeof(si) );
  si.cb = sizeof(si);
  ZeroMemory( &pi, sizeof(pi) );

  // Start the process. 
  CreateProcess( NULL, // No module name (use command line). 
 	 g_StartUp,  // Command line. 
 	 NULL,             // Process handle not inheritable. 
 	 NULL,             // Thread handle not inheritable. 
 	 FALSE,            // Set handle inheritance to FALSE. 
 	 0,                // No creation flags. 
 	 NULL,             // Use parent's environment block. 
 	 NULL,             // Use parent's starting directory. 
 	 &si,              // Pointer to STARTUPINFO structure.
 	 &pi );             // Pointer to PROCESS_INFORMATION structure.
   
  g_PID = pi.dwProcessId;

  // now setup monitoring thread to check that the process is still alive
  // if child process dies, then thread should self terminate ServiceDaemon, this
  // will allow windows to restart the service safely.
  HANDLE hThread = CreateThread(NULL, 0, &ChildProcAlive, NULL, 0, NULL);

  }
  WaitForSingleObject( ServiceControlEvent, INFINITE );

	// service was stopped

  // so we kill the process g_PID

  HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, g_PID);

  DWORD exitCode = 0;

  if(NULL != hProcess)
  {
  BOOL didItWork = GetExitCodeProcess(hProcess, &exitCode);
  if(didItWork != 0)
  {
 	 TerminateProcess(hProcess,exitCode);
  }
  }

  serviceStatus.dwCurrentState = SERVICE_STOP_PENDING;
  SetServiceStatus( serviceStatusHandle, &serviceStatus );

	// do cleanup here
  CloseHandle( ServiceControlEvent );
  ServiceControlEvent = 0;

	// service is now stopped
  serviceStatus.dwControlsAccepted &= ~(SERVICE_ACCEPT_STOP |
  SERVICE_ACCEPT_SHUTDOWN);
  serviceStatus.dwCurrentState = SERVICE_STOPPED;
  SetServiceStatus( serviceStatusHandle, &serviceStatus );
	}
}

void RunService()
{
 SERVICE_TABLE_ENTRY serviceTable[] =
 {
  { gszShortServiceName, ServiceMain }, // since we are using SERVICE_WIN32_OWN_PROCESS, it doesnt matter what service name we pass
	{ 0, 0 }
 };

 StartServiceCtrlDispatcher( serviceTable );
}

void InstallService()
{
 SC_HANDLE serviceControlManager = OpenSCManager( 0, 0,
  SC_MANAGER_CREATE_SERVICE );

 if ( serviceControlManager )
 {
  char path[ _MAX_PATH + 1 ];
	if ( GetModuleFileName( 0, path, sizeof(path)/sizeof(path[0]) ) > 0 )
	{
  SC_HANDLE service = CreateService( serviceControlManager,
 	 gszShortServiceName, gszLongServiceName,
 	 SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS,
 	 SERVICE_AUTO_START, SERVICE_ERROR_IGNORE, path,
 	 0, 0, 0, 0, 0 );
   	 if ( service )
  {
 	 // set description
 	 SERVICE_DESCRIPTION serviceDesc;
 	 serviceDesc.lpDescription = gszServiceDescription;
 	 BOOL didItChange = ChangeServiceConfig2(service, SERVICE_CONFIG_DESCRIPTION,
        &serviceDesc);

 	 // set whether starts on safe mode

 	 if(g_SafeMode == 1)
 	 {
    char Key0[500];
    strcpy(Key0,"SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\");
    strcat(Key0,gszShortServiceName);

    HKEY phkResult;
    RegCreateKeyEx(HKEY_LOCAL_MACHINE, 
       	 Key0,0,NULL,
       	 REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS,NULL,&phkResult,NULL);
    RegCloseKey(phkResult);

    strcpy(Key0,"SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Network\\");
    strcat(Key0,gszShortServiceName);

    RegCreateKeyEx(HKEY_LOCAL_MACHINE, 
       	 Key0,0,NULL,
       	 REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS,NULL,&phkResult,NULL);
    RegCloseKey(phkResult);
 	 }

 	 // set it to restart if required
 	 if(g_FailureAction != 0)
 	 {
    if(g_FailureAction == 1)
    {
   	 SC_ACTION serviceActions;
   	 serviceActions.Delay = 10000;
   	 serviceActions.Type = SC_ACTION_RESTART;
   	 

   	 SERVICE_FAILURE_ACTIONS serviceFailureActions;
   	 serviceFailureActions.dwResetPeriod = 10;
   	 serviceFailureActions.lpRebootMsg = "";
   	 serviceFailureActions.lpCommand = NULL;
   	 serviceFailureActions.lpsaActions = &serviceActions;
   	 serviceFailureActions.cActions = 1;   	 
   	 BOOL didItChange = ChangeServiceConfig2(service, SERVICE_CONFIG_FAILURE_ACTIONS,
             	 &serviceFailureActions);
    
    }
    if(g_FailureAction == 2) 
    {
   	 SC_ACTION serviceActions[1];
   	 serviceActions[0].Delay = 10000;
   	 serviceActions[0].Type = SC_ACTION_RESTART;
   	 serviceActions[1].Delay = 10000;
   	 serviceActions[1].Type = SC_ACTION_REBOOT;

   	 SERVICE_FAILURE_ACTIONS serviceFailureActions;
   	 serviceFailureActions.dwResetPeriod = 10;
   	 serviceFailureActions.lpRebootMsg = "";
   	 serviceFailureActions.lpCommand = NULL;
   	 serviceFailureActions.lpsaActions = serviceActions;
   	 serviceFailureActions.cActions = 2;   	 
   	 BOOL didItChange = ChangeServiceConfig2(service, SERVICE_CONFIG_FAILURE_ACTIONS,
             	 &serviceFailureActions);
       	 
    }  
 	 }
 	 CloseServiceHandle( service );

 	 // now we add the cmd line to run the program into the regkey servicename\Parameters\StartUp
    
 	 char Key1[500];
 	 char Key2[60];
 	 strcpy(Key1,"SYSTEM\\CurrentControlSet\\Services\\");
 	 strcpy(Key2, gszShortServiceName);
 	 strcat(Key2,"\\Parameters");
 	 strcat(Key1,Key2);

 	 HKEY phkResult;
 	 RegCreateKeyEx(HKEY_LOCAL_MACHINE, 
        Key1,0,NULL,
        REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS,NULL,&phkResult,NULL);
 	 RegCloseKey(phkResult);

 	 HKEY hKey;
 	 DWORD Type = REG_SZ;
 	 Type = REG_SZ;
 	 RegOpenKeyEx(HKEY_LOCAL_MACHINE, Key1, 0, KEY_ALL_ACCESS, &hKey);
 	 //	long datalen = sizeof(&regdata)+1;
 	 RegSetValueEx(hKey,"StartUp",0,REG_SZ,(unsigned char*)g_StartUp, 256*sizeof(char));

 	 printf("Service Was Installed Successfully\n");
  }
  else
  {
   if(GetLastError() == ERROR_SERVICE_EXISTS)
     printf("Service Already Exists.\n");
   else
     printf("Service Was not Installed Successfully. Error Code %d\n", GetLastError());
  }
	}

	CloseServiceHandle( serviceControlManager );
 }
}

void UninstallService()
{
 SC_HANDLE serviceControlManager = OpenSCManager( 0, 0,
 SC_MANAGER_CONNECT );

if ( serviceControlManager )
{
	SC_HANDLE service = OpenService( serviceControlManager,
  gszShortServiceName, SERVICE_QUERY_STATUS | DELETE );
	if ( service )
	{
  SERVICE_STATUS serviceStatus;
	if ( QueryServiceStatus( service, &serviceStatus ) )
	{
  if ( serviceStatus.dwCurrentState == SERVICE_STOPPED )
  {
 	 if(DeleteService( service ))
 	 {
    // now is good time to remove it from safe mode (if it's there)
    char Key1[256];
    strcpy(Key1,"SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal");
    HKEY hKey;
    DWORD Type = REG_SZ;
    RegOpenKeyEx(HKEY_LOCAL_MACHINE, Key1, 0, KEY_ALL_ACCESS, &hKey);
    RegDeleteKey(hKey, gszShortServiceName);

    strcpy(Key1,"SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Network");

    RegOpenKeyEx(HKEY_LOCAL_MACHINE, Key1, 0, KEY_ALL_ACCESS, &hKey);
    RegDeleteKey(hKey, gszShortServiceName);


    printf("Service Removed Successfully\n");
 	 }
 	 else
 	 {
 	 DWORD dwError;
 	 dwError = GetLastError();
 	 if(dwError == ERROR_ACCESS_DENIED)
    printf("Access Denied While trying to Remove Service \n");
 	 else if(dwError == ERROR_INVALID_HANDLE)
    printf("Handle invalid while trying to Remove Service \n");
 	 else if(dwError == ERROR_SERVICE_MARKED_FOR_DELETE)
    printf("Service already marked for deletion\n");
 	 }
  }
  else
  {
 	 printf("Service is still Running.\n");
  }
  }
  CloseServiceHandle( service );
	}
	CloseServiceHandle( serviceControlManager );
	}
}

int _tmain( int argc, TCHAR* argv[] )
{
	if ( argc != 7 && lstrcmpi( argv[1], TEXT("install") ) == 0 )
	{
  
  size_t length1 = strlen(argv[2]);
  if(length1 >= 256)
  {
 	 printf("Short Service Name greater than 256 characters, exiting...\n");
 	 return 0;
  }
  strcpy(gszShortServiceName, argv[2]); 

  size_t length2 = strlen(argv[3]);
  if(length2 >= 256)
  {
 	 printf("Long Service Name greater than 256 characters, exiting...\n");
 	 return 0;
  }
  strcpy(gszLongServiceName, argv[3]); 

  size_t length3 = strlen(argv[4]);
  if(length3 >= 500)
  {
 	 printf("Service Description greater than 256 characters, exiting...\n");
 	 return 0;
  }
  strcpy(gszServiceDescription, argv[4]); 


  size_t length4 = strlen(argv[5]);
  if(length4 >= 500)
  {
 	 printf("StartUp Path greater than 500 characters, exiting...\n");
 	 return 0;
  }
  strcpy(g_StartUp, argv[5]); 

  int action = 0;
  action = atoi(argv[6]);
  if(action != 0 && action != 1 && action != 2) printf("Invalid failure action specified, defaulting to ServiceFailure=0/n");  
  
  g_FailureAction = action;

  int safe = 0;
  safe = atoi(argv[7]);
  if(safe != 0 && safe != 1) printf("Invalid safe mode parameter entered, defaulting to SafeMode=0/n");  
  
  g_SafeMode = safe;

  InstallService();
	}
	else if ( argc != 2 && lstrcmpi( argv[1], TEXT("remove") ) == 0 )
	{
  size_t length1 = strlen(argv[2]);
  if(length1 >= 256)
  {
 	 printf("Service Name greater than 256 characters, exiting...\n");
 	 return 0;
  }
  strcpy(gszShortServiceName, argv[2]);
  UninstallService();
	}
	else
	{
  printf("*** ServiceDaemon by Tibbar @ GSO ***\n");
  printf("Usage:  ServiceDaemon install ShortServiceName LongServiceName ServiceDescription StartupPath ServiceFailure SafeMode\n");
  printf("ServiceFailure = 0 ---> do not restart service on failure\n");
  printf("ServiceFailure = 1 ---> restart service on failure\n");
  printf("ServiceFailure = 2 ---> reboot computer on failure\n");
  printf("SafeMode    = 0 ---> Service will not start in Safe Mode\n");
  printf("SafeMode    = 1 ---> Service will start in Safe Mode\n");
  printf("\n");
  printf("        ServiceDaemon remove ShortServiceName\n");
  printf("\n");
  printf("e.g. ServiceDaemon install MyServ MyService \"It's a test service\" \"c:\\windows\\myProg -i -n -2333\" 1 1\n");
  printf("\n");
  printf("     ServiceDaemon remove MyServ\n");
  RunService();
	}
	return 0;
}

Attached Files

•  ServiceDaemon.zip   18.13K   458 downloads

[tibbar]

ok, seem i missed out the header file in the source code all these times!

latest release and source attached.

Note that the restart service option fails on cygwin apps, since the pid returned by createprocess is different to the final pid of a cygwin app (due to the way cygwin works).

you should remove the injection code if you need it to work on such apps.

i also added a bug fix where it was not providing parameters to apps correctly.

Attached Files

•  ServiceDaemon.zip   33.19K   639 downloads

[jjfrost]

moin
yea nice tool you coded there big up But my question is, am i able to install an service
with parameters like this "c:\winnt\system32\notepad.exe -p -d -a" ?

greets

[gr33dy]

But my question is, am i able to install an service
with parameters like this "c:\winnt\system32\notepad.exe -p -d -a" ?

Yes, if you ran it you'd see that even in his example he uses a prog which has parameters.