// testDllService.cpp : 定义 DLL 应用程序的入口点。
#include "stdafx.h"
#include <windows.h>
#include <stdio.h>
#ifdef _MANAGED
#pragma managed(push, off)
#endif
void Log(char *p)
{
FILE *file = ::fopen("c:\\service_log.txt","ab+");
if(file != NULL)
{
fprintf(file, "%s\r\n", p);
::fclose(file);
}
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
Log("enter here main!!");
return TRUE;
}
#ifdef _MANAGED
#pragma managed(pop)
#endif
VOID WINAPI MyHandler(DWORD fdwControl);
SERVICE_STATUS service_status;
SERVICE_STATUS_HANDLE handle;
BOOL initService()
{
return true;
}
VOID WINAPI MyHandler(DWORD fdwControl)
{
if(fdwControl == SERVICE_CONTROL_STOP){
Log("service stop!");
service_status.dwWin32ExitCode = 0;
service_status.dwCurrentState = SERVICE_STOPPED;
}
else if(fdwControl == SERVICE_CONTROL_SHUTDOWN){
Log("system shutdown and service stop!");
service_status.dwWin32ExitCode = 0;
service_status.dwCurrentState = SERVICE_STOPPED;
}
SetServiceStatus(handle,&service_status);
}
VOID WINAPI ServiceMain(DWORD dwArgc,LPTSTR* lpszArgv)
{
service_status.dwCheckPoint = 0;
service_status.dwControlsAccepted = SERVICE_ACCEPT_SHUTDOWN|SERVICE_ACCEPT_STOP;
service_status.dwCurrentState = SERVICE_START_PENDING;
service_status.dwServiceSpecificExitCode = 0;
service_status.dwServiceType = SERVICE_WIN32_SHARE_PROCESS;
service_status.dwWaitHint = 0;
service_status.dwWin32ExitCode = 0;
handle = ::RegisterServiceCtrlHandler("MyDllService",MyHandler);
if(handle ==(SERVICE_STATUS_HANDLE)0)
{
Log("create service handle error!");
return;
}
if(!initService())
{
Log("init service handle error!");
service_status.dwCurrentState = SERVICE_STOPPED;
service_status.dwWin32ExitCode = -1;
::SetServiceStatus(handle,&service_status);
return;
}
service_status.dwCurrentState = SERVICE_RUNNING;
::SetServiceStatus(handle,&service_status);
while(service_status.dwCurrentState == SERVICE_RUNNING)
{
char buf[50]={0};
char buflog[100]={0};
int num = ::GetTimeFormat(NULL,LOCALE_USE_CP_ACP,NULL,NULL,buf, 0);
GetTimeFormat(NULL,LOCALE_USE_CP_ACP,NULL,NULL,buf, num);
::sprintf(buflog,"now time is:%s",buf);
Log(buflog);
::Sleep(10000);
}
}
VOID __stdcall Installer()
{
SC_HANDLE handle = NULL;
handle = OpenSCManager(NULL,SERVICES_ACTIVE_DATABASE,SC_MANAGER_ALL_ACCESS);
if(NULL == handle)
{
Log("open scm error!");
return;
}
if(NULL==::CreateService(handle,"MyDllService","MyDllService",SC_MANAGER_ALL_ACCESS,SERVICE_WIN32_SHARE_PROCESS,SERVICE_DEMAND_START,SERVICE_ERROR_NORMAL,"%SystemRoot%\\system32\\svchost -k MyDllService",NULL,NULL,NULL,NULL,NULL))
{
int error = GetLastError();
char buf[50]={0};
::sprintf(buf,"注册错误代码是:%d",error);
Log(buf);
}
HKEY hkey = NULL;
HKEY pkey = NULL;
::RegOpenKey(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Services\\MyDllService",&hkey);
if(NULL !=hkey)
{
char buff[] = "%SystemRoot%\\system32\\testDllService.dll";
::RegCreateKey(hkey,"Parameters",&pkey);
if(ERROR_SUCCESS != (RegSetValueEx(pkey, "ServiceDll", 0, REG_EXPAND_SZ, (unsigned char*)buff, strlen(buff)+1)))
{
Log("注册paramter失败");
}
::RegCloseKey(pkey);
::RegCloseKey(hkey);
}
hkey = NULL;
RegOpenKey(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SvcHost",&hkey);
if(hkey != NULL)
{
if(ERROR_SUCCESS != ::RegSetValueEx(hkey,"MyDllService",0,REG_MULTI_SZ,(BYTE*)"MyDllService",strlen("MyDllService")+1))
{
Log("注册svchost失败");
}
::RegCloseKey(hkey);
}
::CloseHandle(handle);
}
VOID __stdcall Unstaller()
{
SC_HANDLE handle = NULL;
SC_HANDLE handle_sv = NULL;
__try{
handle = OpenSCManager(NULL,SERVICES_ACTIVE_DATABASE,SC_MANAGER_ALL_ACCESS);
if(NULL == handle)
{
Log("open scm error!");
return;
}
handle_sv = OpenService(handle,"MyDllService",SC_MANAGER_ALL_ACCESS);
if(NULL == handle_sv)
{
Log("open service_mydllservice error!");
return;
}
if(NULL==::DeleteService(handle_sv))
{
Log("delete service_mydllservice error!");
return;
}
HKEY hkey = NULL;
RegOpenKey(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SvcHost",&hkey);
if(hkey != NULL)
{
if(ERROR_SUCCESS != ::RegDeleteValue(hkey,"MyDllService"))
{
Log("删除svchost失败");
}
::RegCloseKey(hkey);
}
}__finally
{
if(NULL != handle_sv)
{
::CloseHandle(handle_sv);
}
if(NULL != handle)
{
::CloseHandle(handle);
}
}
}
[课程]Linux pwn 探索篇!
