论坛: 编程破解 标题: 将程序注册成为系统服务,如何设置“描述”? 复制本贴地址    
作者: BearKing [bking]    版主   登录
#include <windows.h>
#include <stdio.h>
#include <process.h>

#include "kprocess.h"
#include <tlhelp32.h>
#include <vdmdbg.h>

//#define SLEEP_TIME 180000
#define SLEEP_TIME 7200000
#define LOGFILE "log.txt"

////////////////////////////////////////////////////////////
// Declare several global variables to share
// their values across multiple functions of your program.
////////////////////////////////////////////////////////////
SERVICE_STATUS          ServiceStatus;
SERVICE_STATUS_HANDLE  hStatus;

////////////////////////////////////////////////////////////
// Make the forward definitions of functions prototypes.
//
////////////////////////////////////////////////////////////
void  ServiceMain(int argc, char** argv);
void  ControlHandler(DWORD request);
//int InitService();


///////////////////////////////////////////////////
  //跟据进程名获取PID
DWORD EnumProcess()  //可以加个形参以达到关闭任何进程的功能。
{
PROCESSENTRY32 pe;
HANDLE hSnapshot;
DWORD dRet=0;
//遍历进程
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
pe.dwSize = sizeof(PROCESSENTRY32);
if( !Process32First(hSnapshot,&pe) )
return dRet;
do{
pe.dwSize = sizeof(PROCESSENTRY32);
if( Process32Next(hSnapshot,&pe)==FALSE )
break;
if(stricmp(pe.szExeFile,"novel.exe") == 0){ //这个程序很死板
dRet=pe.th32ProcessID;
}
} while(1);
CloseHandle(hSnapshot);
return dRet;
}





///////////////////////////////////////////////////
  //杀掉进程
typedef struct
  {
      DWORD  dwID ;
      DWORD  dwThread ;
  } TERMINFO ;

  // 声明回调枚举函数.
  BOOL CALLBACK TerminateAppEnum( HWND hwnd, LPARAM lParam ) ;

  BOOL CALLBACK Terminate16AppEnum( HWND hwnd, LPARAM lParam ) ;


  DWORD WINAPI TerminateApp( DWORD dwPID, DWORD dwTimeout )

      //关闭 32-位进程(或  Windows 95 下的 16-位进程)
  DWORD WINAPI TerminateApp( DWORD dwPID, DWORD dwTimeout )
  {
      HANDLE  hProc ;
      DWORD  dwRet ;

      // 如果无法用 PROCESS_TERMINATE 权限打开进程,那么立即放弃。
      hProc = OpenProcess(SYNCHRONIZE|PROCESS_TERMINATE, FALSE,dwPID);

      if(hProc == NULL)
      {
        return TA_FAILED;
      }

      // TerminateAppEnum() 将 WM_CLOSE 消息发到所有其进程ID 与你所提供的进程ID 匹配的窗口.
      EnumWindows((WNDENUMPROC)TerminateAppEnum, (LPARAM) dwPID) ;

      // 等待处理,如果成功,OK。如果超时,则干掉它.
      if(WaitForSingleObject(hProc, dwTimeout)!=WAIT_OBJECT_0)
        dwRet=(TerminateProcess(hProc,0)?TA_SUCCESS_KILL:TA_FAILED);
      else
        dwRet = TA_SUCCESS_CLEAN ;

      CloseHandle(hProc) ;

      return dwRet ;
  }


  DWORD WINAPI Terminate16App( DWORD dwPID, DWORD dwThread,  //关闭16位程序
                        WORD w16Task, DWORD dwTimeout )

  DWORD WINAPI Terminate16App( DWORD dwPID, DWORD dwThread,
                        WORD w16Task, DWORD dwTimeout )
  {
      HINSTANCE      hInstLib ;
      TERMINFO      info ;

      // 你必须通过外部链接调用函数,以便代码在所有  Win32 平台上都兼容。
      BOOL (WINAPI *lpfVDMTerminateTaskWOW)(DWORD dwProcessId,WORD htask) ;

      hInstLib = LoadLibraryA( "VDMDBG.DLL" ) ;
      if( hInstLib == NULL )
        return TA_FAILED ;

      // 获得函数过程地址.
      lpfVDMTerminateTaskWOW = (BOOL (WINAPI *)(DWORD, WORD ))
        GetProcAddress( hInstLib, "VDMTerminateTaskWOW" ) ;

      if( lpfVDMTerminateTaskWOW == NULL )
      {
        FreeLibrary( hInstLib ) ;
        return TA_FAILED ;
      }

      // 向所有匹配进程 ID 和线程的窗口发送 WM_CLOSE 消息.
      info.dwID = dwPID ;
      info.dwThread = dwThread ;
      EnumWindows((WNDENUMPROC)Terminate16AppEnum, (LPARAM) &info) ;

      // 等待.
      Sleep( dwTimeout ) ;

      // 然后终止.
      lpfVDMTerminateTaskWOW(dwPID, w16Task) ;

      FreeLibrary( hInstLib ) ;
      return TA_SUCCESS_16 ;
  }

  BOOL CALLBACK TerminateAppEnum( HWND hwnd, LPARAM lParam )
  {
      DWORD dwID ;

      GetWindowThreadProcessId(hwnd, &dwID) ;

      if(dwID == (DWORD)lParam)
      {
        PostMessage(hwnd, WM_CLOSE, 0, 0) ;
      }

      return TRUE ;
  }

  BOOL CALLBACK Terminate16AppEnum( HWND hwnd, LPARAM lParam )
  {
      DWORD      dwID ;
      DWORD      dwThread ;
      TERMINFO  *termInfo ;

      termInfo = (TERMINFO *)lParam ;

      dwThread = GetWindowThreadProcessId(hwnd, &dwID) ;

      if(dwID == termInfo->dwID && termInfo->dwThread == dwThread )
      {
        PostMessage(hwnd, WM_CLOSE, 0, 0) ;
      }

      return TRUE ;
  }
//////////////////////////////////////////////
  //进程相关函数完毕
//////////////////////////////////////////////

int WriteToLog(char* str)
{
  FILE* log;
  log = fopen(LOGFILE, "a+");
  if (log == NULL){
  OutputDebugString("Log file open failed.");
      return -1;
  }
  fprintf(log, "%s\n", str);
  fclose(log);
  return 0;
}

// Service initialization
int InitService()
{
OutputDebugString("Monitoring started.");
int result;
result = WriteToLog("Monitoring started.");
return(result);
}

// Control Handler
void ControlHandler(DWORD request)
{
  switch(request)
  {
      case SERVICE_CONTROL_STOP:
OutputDebugString("Monitoring stopped.");
        WriteToLog("Monitoring stopped.");

        ServiceStatus.dwWin32ExitCode = 0;
        ServiceStatus.dwCurrentState = SERVICE_STOPPED;
        SetServiceStatus (hStatus, &ServiceStatus);
        return;

      case SERVICE_CONTROL_SHUTDOWN:
OutputDebugString("Monitoring stopped.");
        WriteToLog("Monitoring stopped.");

        ServiceStatus.dwWin32ExitCode = 0;
        ServiceStatus.dwCurrentState = SERVICE_STOPPED;
        SetServiceStatus (hStatus, &ServiceStatus);
        return;
       
      default:
        break;
    }

    // Report current status
    SetServiceStatus (hStatus, &ServiceStatus);

    return;
}

void ServiceMain(int argc, char** argv)
{
  int error;

  PROCESS_INFORMATION pinfo;  //这儿要注意下
  STARTUPINFO si;
  si.cb=sizeof(si);
  si.lpReserved=NULL;
  si.lpDesktop=TEXT("WinSta0\\Default"); 
  si.lpTitle=NULL;
  si.dwX=si.dwY=si.dwXSize=si.dwYSize=0L;
    si.dwXCountChars=si.dwYCountChars=0;
  si.dwFillAttribute=0;
  si.dwFlags=0;
    si.wShowWindow=SW_HIDE;
    si.cbReserved2=0;
  si.lpReserved2=NULL;

  ServiceStatus.dwServiceType =    SERVICE_WIN32;
  ServiceStatus.dwCurrentState =    SERVICE_START_PENDING;
  ServiceStatus.dwControlsAccepted  =  SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN;
  ServiceStatus.dwWin32ExitCode = 0;
  ServiceStatus.dwServiceSpecificExitCode = 0;
  ServiceStatus.dwCheckPoint = 0;
  ServiceStatus.dwWaitHint = 0;
  char strDir[1024];
  GetCurrentDirectory(1024,strDir);
  strcat(strDir,"\\novel.exe");      //要操作的程序

  hStatus = RegisterServiceCtrlHandler(
      "MemoryStatus",
      (LPHANDLER_FUNCTION)ControlHandler);
  if (hStatus == (SERVICE_STATUS_HANDLE)0)
  {
      // Registering Control Handler failed
      return;
  } 

  // Initialize Service
  error = InitService();
  if (error)
  {
      // Initialization failed
      ServiceStatus.dwCurrentState =
        SERVICE_STOPPED;
      ServiceStatus.dwWin32ExitCode = -1;
      SetServiceStatus(hStatus, &ServiceStatus);
      return;
  }
 
  // We report the running status to SCM.
  ServiceStatus.dwCurrentState =
      SERVICE_RUNNING;
  SetServiceStatus (hStatus, &ServiceStatus);


  // The worker loop of a service
  while (ServiceStatus.dwCurrentState ==
          SERVICE_RUNNING)
  {
      //想要这程序做啥子全都丢这里面
          CreateProcess(NULL,strDir,NULL,NULL,NULL,NULL,NULL,NULL,&si,&pinfo);  //打开那个程序(novel.exe)
  Sleep(36000);
    TerminateApp(EnumProcess(), 1000);  //关闭那个程序
  Sleep(SLEEP_TIME);

  }
  return;
}


BOOL InstallService()
{
  char strDir[1024];
  HANDLE schSCManager,schService;
  GetCurrentDirectory(1024,strDir);
  strcat(strDir,"\\service.exe"); //我的程序名
  schSCManager = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);

  if (schSCManager == NULL)
    return false;
  LPCTSTR lpszBinaryPathName=strDir;

  schService = CreateService(schSCManager,"Service",
        "Microsoft Visual Workstation Services", //嘿嘿,诨人的名字(服务名)
    SERVICE_ALL_ACCESS, // desired access
    SERVICE_WIN32_OWN_PROCESS, // service type
    SERVICE_AUTO_START, // start type         
    SERVICE_ERROR_NORMAL, // error control type
    lpszBinaryPathName, // service's binary
    NULL, // no load ordering group
    NULL, // no tag identifier
    NULL, // no dependencies
    NULL, // LocalSystem account
    NULL); // no password

  if (schService == NULL)
    return false;

  CloseServiceHandle(schService);
  return true;
}

BOOL DeleteService()
{
  HANDLE schSCManager;
  SC_HANDLE hService;
  schSCManager = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);

  if (schSCManager == NULL)
    return false;
  hService=OpenService(schSCManager,"Service",SERVICE_ALL_ACCESS);
  if (hService == NULL)
    return false;
  if(DeleteService(hService)==0)
    return false;
  if(CloseServiceHandle(hService)==0)
    return false;

return true;
}




///////////////////////////////////////////////////
  // 主程序入口
int main(int argc, char* argv[])
{
  HANDLE schSCManager;
  SC_HANDLE hService;
  schSCManager = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
  hService=OpenService(schSCManager,"Service",SERVICE_ALL_ACCESS);
  if(argc>1)
  {
    if(strcmp(argv[1],"-i")==0)  //按装服务,参数为 -i
    {
      if(InstallService())
  {
  printf("\n\n服务已安装\n");
    StartService(hService,NULL,NULL);
  } else
        printf("\n\n按装服务出错\n");
    }
    else if(strcmp(argv[1],"-d")==0)  //卸载服务 参数 -d
    {
      if(DeleteService())
        printf("\n\n服务已卸载\n");
      else
        printf("\n\n卸载服务出错\n");
    }
    else if(strcmp(argv[1],"-s")==0)  //启动服务 参数 -s
{
  StartService(hService,NULL,NULL);
printf("\n\n服务已启动\n");
}
else
    {
      printf("\n\n不会用软件就别乱弄\n\n按装服务 service -i\n\n卸载服务 service -d\n");
    }
  }
  else
  {             
 
  SERVICE_TABLE_ENTRY ServiceTable[2];
  ServiceTable[0].lpServiceName = "Service";
  ServiceTable[0].lpServiceProc = (LPSERVICE_MAIN_FUNCTION)ServiceMain;

  ServiceTable[1].lpServiceName = NULL;
  ServiceTable[1].lpServiceProc = NULL;
    // Start the control dispatcher thread for our service
  StartServiceCtrlDispatcher(ServiceTable);

  }
     
  return 0;
}


///////////////////////////////////////////////////////////////////////////////
//  请问一下,如何添加服务的描述? 我上面这个程序添加的服务没有描述


地主 发表时间: 06-06-27 14:46
回复: TomyChen [quest]   版主   登录
ChangeServiceConfig2

MSDN
代码:

VOID ReconfigureSampleService(BOOL fDisable, LPSTR lpDesc) 
{ 
    SC_LOCK sclLock; 
    LPQUERY_SERVICE_LOCK_STATUS lpqslsBuf; 
    SERVICE_DESCRIPTION sdBuf;
    DWORD dwBytesNeeded, dwStartType; 
 
    // Need to acquire database lock before reconfiguring. 
 
    sclLock = LockServiceDatabase(schSCManager); 
 
    // If the database cannot be locked, report the details. 
 
    if (sclLock == NULL) 
    { 
        // Exit if the database is not locked by another process. 
 
        if (GetLastError() != ERROR_SERVICE_DATABASE_LOCKED) 
            MyErrorExit("LockServiceDatabase"); 
 
        // Allocate a buffer to get details about the lock. 
 
        lpqslsBuf = (LPQUERY_SERVICE_LOCK_STATUS) LocalAlloc( 
            LPTR, sizeof(QUERY_SERVICE_LOCK_STATUS)+256); 
        if (lpqslsBuf == NULL) 
            MyErrorExit("LocalAlloc"); 
 
        // Get and print the lock status information. 
 
        if (!QueryServiceLockStatus( 
            schSCManager, 
            lpqslsBuf, 
            sizeof(QUERY_SERVICE_LOCK_STATUS)+256, 
            &dwBytesNeeded) ) 
            MyErrorExit("QueryServiceLockStatus"); 
 
        if (lpqslsBuf->fIsLocked) 
            printf("Locked by: %s, duration: %d seconds\n", 
                lpqslsBuf->lpLockOwner, 
                lpqslsBuf->dwLockDuration); 
        else 
            printf("No longer locked\n"); 
 
        LocalFree(lpqslsBuf); 
        MyErrorExit("Could not lock database"); 
    } 
 
    // The database is locked, so it is safe to make changes. 
 
    // Open a handle to the service. 
 
    schService = OpenService( 
        schSCManager,           // SCManager database 
        "Sample_Srv",           // name of service 
        SERVICE_CHANGE_CONFIG); // need CHANGE access 
    if (schService == NULL) 
        MyErrorExit("OpenService"); 
 
    dwStartType = (fDisable) ? SERVICE_DISABLED : 
                            SERVICE_DEMAND_START; 
 
    // Make the changes. 

    if (! ChangeServiceConfig( 
        schService,        // handle of service 
        SERVICE_NO_CHANGE, // service type: no change 
        dwStartType,       // change service start type 
        SERVICE_NO_CHANGE, // error control: no change 
        NULL,              // binary path: no change 
        NULL,              // load order group: no change 
        NULL,              // tag ID: no change 
        NULL,              // dependencies: no change 
        NULL,              // account name: no change 
        NULL,              // password: no change 
        NULL) )            // display name: no change
    {
        MyErrorExit("ChangeServiceConfig"); 
    }
    else 
        printf("ChangeServiceConfig SUCCESS\n"); 
 
    sdBuf.lpDescription = lpDesc;

    if( !ChangeServiceConfig2(
        schService,                // handle to service
        SERVICE_CONFIG_DESCRIPTION // change: description
        &sdBuf) )                  // value: new description
    {
        MyErrorExit("ChangeServiceConfig2");
    }
    else
        printf("ChangeServiceConfig2 SUCCESS\n");

    // Release the database lock. 
 
    UnlockServiceDatabase(sclLock); 
 
    // Close the handle to the service. 
 
    CloseServiceHandle(schService); 
}



B1层 发表时间: 06-07-20 01:56

论坛: 编程破解

20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon

粤ICP备05087286号