title: services.md

categories: [cheatsheets]

Services

Services run without their own Process. Services are run as background jobs. Run & Scheduled by the Windows Service Manager (WSM)

Services got SYSTEM Priviledge (only as Administrator installable). Services are also a Way of Persistance (can be run on startup)

Win32 API Functions to manipulate Servies:

OpenSCManager(): Returns HANDLE to a Service (ServiceControlManager)
CreateService(): Creates a new Service, and adds it to the SC Manager
StartService(): Starts a Service if set to "manually"

ServiceTypes:

Different ServiceTypes that tell how a Service is executing ('Type'-Field in the Registry)

WIN32_SHARE_PROCESS: Code in a DLL, run from svchost.exe
WIN32_OWN_PROCESS: Code in a exe, runs a individuall Process
KERNEL_DRIVER: Used for loading Code into the Kernel

Each Service gets a Registry Entry @ HKLM/SYSTEM/CurrentControlSet/Services/

Access Service Information with 'sc qc "Service Name"'

example: sc qc "VMware NAT Service"

C:\>sc qc "WinNat"
[SC] QueryServiceConfig ERFOLG

SERVICE_NAME: WinNat
        TYPE               : 1  KERNEL_DRIVER
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : system32\drivers\winnat.sys
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Windows-NAT-Treiber
        DEPENDENCIES       : Tcpip
        SERVICE_START_NAME :

services.md 1.4 KB لینک دائمی تاريخچه خام

categories: [cheatsheets]

Services

Win32 API Functions to manipulate Servies:

ServiceTypes:

services.md 1.4 KB

لینک دائمی تاريخچه خام