---
title: services.md
date: 2021-01-13
categories: [cheatsheets]
---
# Services

Services run without their own Process. Services are run as background jobs.
Run & Scheduled by the Windows Service Manager (WSM) 

Services got SYSTEM Priviledge (only as Administrator installable).
Services are also a Way of Persistance (can be run on startup)

## Win32 API Functions to manipulate Servies: 
* OpenSCManager(): Returns HANDLE to a Service (ServiceControlManager)
* CreateService(): Creates a new Service, and adds it to the SC Manager
* StartService(): Starts a Service if set to "manually"

## ServiceTypes:

Different ServiceTypes that tell how a Service is executing ('Type'-Field in the Registry)

* WIN32_SHARE_PROCESS: Code in a DLL, run from svchost.exe
* WIN32_OWN_PROCESS: Code in a exe, runs a individuall Process
* KERNEL_DRIVER: Used for loading Code into the Kernel

Each Service gets a Registry Entry @ HKLM/SYSTEM/CurrentControlSet/Services/


Access Service Information with 'sc qc "Service Name"'

example: sc qc "VMware NAT Service"
```
C:\>sc qc "WinNat"
[SC] QueryServiceConfig ERFOLG

SERVICE_NAME: WinNat
        TYPE               : 1  KERNEL_DRIVER
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : system32\drivers\winnat.sys
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Windows-NAT-Treiber
        DEPENDENCIES       : Tcpip
        SERVICE_START_NAME :
```