About Win2k services
Created:
Article attributes: original
Source: www.opengram.com
Article submission: refdom (refdom_at_263.net)
About Win2k services
Author: refdom
Email: refdom@263.net
Homepage: www.opengram.com
2002/7/25
I. Summary
Ii. Win2k services
III. Basic Process of Service Startup and Shutdown
Iv. Service Programming
V. Service Security
Vi. Service Management
VII. End
I. Summary
The services under Windows NT are similar to the daemon processes under * nix, and more software are designed as services. After the launch of XP,
It is very useful to implement multi-user switching through services.
From a security perspective, if we look at Win's services, there are many topics, such as running permissions and running time.
This article will introduce and talk about some items of the win service in some aspects. The content is not refined due to horizontal restrictions.
Ii. Win2k services
The Win32 service consists of three parts: service application, Service Control Program (SCP), and Service Control Manager (SCM ).
I. Service Control Manager
Service Control Manager
The RPC server. This is also the core of the win service system.
SCM is mainly responsible for the following:
· Maintain the installed Service Database
· Start services and driver services when the system starts or has commands
· Enumeration of installed services and drivers
· Maintain the running service and driving status
· Transfer control requests to run services
· Lock and unlock the Service Database
SCM maintains the Service database in the registry, which is located at: HKEY_LOCAL_MACHINE/system/CurrentControlSet/services. The subkey under it is
Is the installed Service and driver service. The name of each sub-key is the service name, which is specified by the createservice function of the Service Security Program during installation.
When the system is installed, the initial database is created. This database contains the device drivers when the system starts. Each service and driver in the database
The information includes:
· Service type. Whether the service is implemented by itself or shared with other services, whether it is the core driver or the file system driver.
· Startup type. Whether the service or driver service is automatically started when the system starts or whether the SCM is used to receive control requests to start. Startup class
Type also indicates whether the service is disabled.
· Error control level. Specifies the error handling if the service or driver fails to start.
· Full path of the execution file.
· Attaching dependency information determines the proper sequence of startup. For a service, this information includes the specified service that the SCM needs to start before the service starts.
The name of the load sequence group. It is the identifier of the Service startup sequence in the group. For the driver service, this information includes the specified driver to be started before the driver starts.
· There is an additional account name and password for the service. If no account is specified, the Service uses the LocalSystem account.
· For the driver, append the driver object name for the I/0 system to load the device driver. If the object name is not specified, the I/O system is created on the basis of the driver service name.
Create a default name.
Ii. service control procedures
The Service Control Program (SCP) is a functional block that controls the service application and a bridge between the service application and the Service Manager (SCM. Service Control
The program can complete these actions:
· If the Service Startup type is service_demand_start, the service control program starts the service.
· Send control requests to running services
· Query the current status of a running service
These actions require opening the handle of a service object.
· Start services
To start a service, the service control program uses the startservice function. If the database is locked, the startservice function fails. If
In this case, the service control program needs to wait and call startservice again. You can use queryservicelockstatus to query service data.
Database status.
When a service control program starts a service, you can use the startservice function to specify the parameters passed to the servicemain function of the service. When
After a new thread executes servicemain, startservice returns. The service controller can use the queryservicestatus function to query
The status of the service. In the service_status structure initialization, dwcurrentstate should be service_start_pending, while dwwaithint is
The time interval in milliseconds indicates the time that the Service Control Program should wait for when queryservicestatus is called. After the initialization is complete, the service will change the service status.
Dwcurrentstate is service_running.
If the service does not change its status within 80 seconds plus the last wait time, the Service Control Manager determines that the service has stopped responding and records the event and
Stop the service.
If the program starts the driver service, startservice will return after the device driver initialization is complete.
· Service control request
The service control program sends a control request to the running service through controlservice. This function specifies the control value passed to the specified service
Handlerex function. The control value can be a user-defined code or the following basic control code:
· Stop service: service_control_stop
· Service suspension: service_control_pause
· Resume the suspended service: service_control_continue
· Return service update status information: service_control_interrogate
Each service can specify the control value it receives and processes. You can use the queryservicestatus function or
Service_control_interrogate is specified to call the controlservice function. Returned by dwcontrolsaccepted in the service_status Structure
Whether the service can be stopped, paused, or restored. All services can receive service_control_interrogate.
The queryservicestatus function returns the latest status of the specified service and does not obtain the updated status of the service. Use
Service_control_interrogate controls to call the controlservice function to determine whether the status is the current information.
3. service applications
A service application is the main program of a service. It is the executable code of one or more services. This will be explained in detail in the programming of the service.
III. Basic Process of Service Startup and Shutdown
When the system starts, SCM starts all automatically started services and the services that these services depend on. If an auto-start service depends on
The manual service (which requires commands to start) will also be automatically started. The order of service loading is determined by the following:
1. Group Order
2. Loading Order of services in a group
3. Services on which each service depends
When the startup is complete, the system executes the startup validation program (by the Registry's HKEY_LOCAL_MACHINE/system/CurrentControlSet/Control
The value of bootverificationprogram in. By default, this value does not exist .). After the first user logs on, the system will simply report
Operation successful. You can independently provide a startup validation program to check system problems and report the startup status to SCM, using the yybootconfigstatus function.
After the system is started successfully, the system clones and saves a database backup as the last-known-Good (LKG) configuration. If the currently used database
If the system fails to be started, you can use a backup to restore it. The backup database is saved in:
HKEY_LOCAL_MACHINE/system/controlsetxxx/services.
The xxx value is also saved in:
HKEY_LOCAL_MACHINE/system/select/lastknowngood.
If a service_error_critical error is returned when the service is automatically started, SCM restarts the machine and uses the LKG configuration.
If the LKG configuration has been used, startup will fail.
The errorcontrol value of the service in the Registry indicates how SCM handles service errors. If the value is service_error_ignore (0) or is not specified, SCM
Ignore the error and start the service. If the error is serivce_error_normal (1), the cause of the error is recorded in the event log. If the error control is
Serivce_error_severe (2) or serivce_error_critical (3), the Service reports a startup error. SCM records Event Logs and calls Functions
Screvertolastknowngood: Switch the System Registration configuration to the LKG version, and then call ntshutdownsystem to restart the system. If the system has
Use the LKG version to restart the instance.
Generation of LKG version: After SCM starts all self-starting services in the system startup phase, it is necessary to determine the LKG configuration. By default
Startup includes successful startup of all services and logon of a user. If the serivce_error_severe (2) or
Serivce_error_critical (3) error. If SCM successfully starts the service, when a user logs on,
Winlogon calls the yybootconfigstatus function to send messages to SCM. After all services are successfully started, and you receive
The SCM calls ntinitializeregistry to save the current STARTUP configuration.
Third parties can replace Winlogon validation with their own definitions, which can be in the registry:
The program in khlm/system/CurrentControlSet/control/bootverificationprogam is determined. You can use this to determine whether the system is successfully started.
. Start the verification program and disable it by setting HKLM/software/Microsoft/Windows NT/CurrentVersion/Winlogon/reportbootok to 0.
Winlogon calls yybootconfigstatus. In this way, after the SCM starts the service, wait for the verification program to call yybootconfigstatus
The function notifies you That the logon is successful, and then saves the LKG configuration.
The SCM execution file is Winn/system32/service.exe, which runs in Console mode. The Winlogon process starts SCM early in system startup.
Svcctrlmain runs immediately after the screen becomes blank. It runs before Winlogon loads graphical identity authentication and displays the logon interface Gina.
Svcctrlmain first creates a synchronization event initialized by nonsignaled named svcctrlevent_a3752dx. After completing the preparation to accept the SCP command
SCM sets this event to the signaled state only after the steps. SCP uses the openscmanager function to confirm SCM. This function waits
Svcctrlevent_a3752dx is signaled to prevent SCP from contacting SCM before SCM Initialization is complete.
Svcctrlmain then calls the sccreateservicedb function to establish the SCM Service database. It first reads from the registry:
HKLM/system/CurrentControlSet/control/servicegrouporder/list, list the service group names and their startup sequence, and then search
The content of HKLM/system/CurrentControlSet/services. Create an entry for each primary key in the Service database. SCM itself belongs to itself
The service and device drivers, and the startup errors marked as boot and system boot drivers, that is, all the boot drivers marked as boot drivers and system boot drivers will
The SCM is loaded before it is started. Before the user mode process is executed, the I/O manager loads these slaves. Sccreateservicedb reads the group key value of the service to determine
The group to which the service belongs and is associated with the previously created group list. This function also uses the dependongroup and dependonservice functions to query
Dependency.
When the service is started, SCM may need to call LSASS. SCM will wait for LSASS to wait for the lsa_rpc_service_active synchronization event at the end of its initialization.
Notification: Winlogon will also start the LSASS process. LSASS and SCM are initialized synchronously, but the initialization end sequence is not sure. Svcctrlmain will call
Scgetbootandsystemdriverstate is used to traverse the Service database to query the device drivers of boot and system startup. This function is used to query
Name field directory/driver name to determine whether the driver is successfully started. When the device driver is loaded successfully, the I/O manager inserts the drive object into the name field.
If the driver is not loaded, SCM queries its name in the driver list returned by the pnp_devicelist function. svcctrlmain records the name of the driver that has not been started,
As part of the current configuration file in the scfaileddrivers list.
Before starting the self-starting service, SCM creates a pipeline to call pipe/ntsvcs remotely, creates a thread to listen to SCP messages, and then notifies
Its initialization end event svcctrlevent_a3752dx. SCM uses regesterserviceprocess to register a console application to Close event processing and
Register with the Win32 subsystem to prepare for system shutdown.
Svcctrlmain calls the scautostartservice of SCM to start the self-starting service. The algorithm is executed in stages and each stage has a service group.
At the beginning of a stage, scautostartservice marks all services belonging to this group, and then loops through all the services marked to check whether each service can
Enough to start. The check content includes the dependencies of the service group. If there is a dependency, the group on which the service depends must be initialized first, and at least
A service has been successfully started. If the dependency Group of the service in the Group startup sequence is later than the group of the service, the SCM marks the circular dependency error to the service.
For a service (non-driver), check whether the service dependency is enabled. Similarly
If the circular dependency error occurs, the service will not be started. If the service depends on the services of this group and is not started yet, the execution of this service
Is skipped.
After the dependency check is passed, scautostartservice also checks whether the service is part of the current Boot configuration before the service starts. For example, security
Start in HKLM/system/CurrentControlSet/control/safeboot, which includes the minimum configuration and the services to be started when the network supports configuration.
And driver.
When you are sure to start the service, SCM calls the scstartservice function. When scstartservice starts a Win32 service, it reads the Service Registration
Primary Key ImagePath to determine the file that runs the service process, and then check whether the service type is service_win32_cmd_process. SCM ensures that the Service Process
Log On with the same account as the started service. The service registration key value contains account information. At this time, SCM calls sclogonandstartimage to start the service
If it is another account, use the LSASS function to log on to the account. Call lsalogonuser to specify the service logon type. LSASS is under Registry security.
In secrets, find the password in _ SC _ <service>. After Successful Logon, lsalogonuser returns the caller access handle, representing the user's security permissions.
After successful logon, if the account information is not loaded, SCM calls the loaduserprofile function to load the account information. Winsta0 must be enabled for interactive services.
Then the service is not started, and the sclogonandstartimage function continues to start the service process. SCM uses the createprocessasuser function to suspend
State to start the process, and then create a named pipeline to communicate with the service process:/pipe/NET/netcontrolpipex (X is the superposition of each new pipeline), SCM
Use resumethread to restore the service process and wait for the service to connect to the SCM pipeline. Registry:
The value of htlm/system/CurrentControlSet/control/servicepipetimeout determines the waiting time. The default value is 30 seconds.
If the service is smoothly connected to the SCM, the SCM sends the startup command to the service. If no startup command is sent to the response within the timeout period, the SCM gives up and starts
Start the next service and record errors in system logs.
All services in the scautostartservices loop group until the service is started or a dependency error occurs. The cycle is based on the service dependency
Dynamically arrange the order of services. SCM first loops through the services on which it depends. After completing all the service groups, SCM executes the services of those groups that are not listed in the List.
Does not belong to any group of services.
When the system starts to shut down, the win32exitwindowsex function sends a message to the system process CSRSS and calls the CSRSS closing routine. CSRSS traverses all
Process comrades, their systems are shutting down. Before reporting the next process, CSRSS waits for every system process except SCM to exit. The wait time is:
HKLM/. Default/controlpanel/desktop/waittokillapptimeout. The default value is 20 seconds. When the CSRSS encounters an SCM process, it also notifies the SCM system
Close and wait for the time-out specified for SCM. During system initialization, SCM registers its process ID with CSRSS through the registerservicesprocess function,
CSRSS uses the process ID of SCM to identify SCM. The SCM timeout value is:
HKLM/system/CurrentControlSet/control/waittokillservicetimeout. The default value is 20 seconds.
The SCM closing handler sends the closing notification to all the services that need to close the notification upon SCM initialization. Scshutdownallservices traversal of SCM
The SCM database looks for the services that request to disable the notification, sends the notification, and records the waiting delay. After a notification is sent, SCM waits for the notification service to return.
Out or waiting for timeout. If the service does not exit after timeout, SCM determines whether one or more services waiting to exit send a message to SCM.
Is used to tell the SCM service about the progress made during the shutdown process. If at least one service is progressing, SCM will wait again within the latency wait range. SCM continues this
Wait for a loop until all services exit, or wait for the delay range to receive the service progress information.
When the SCM notifies the service relationship and waits for the service to exit, The CSRSS waits for the SCM to exit. If the CSRSS waits for timeout and the SCM has not exited
When the system is shut down, services that fail to be closed within the specified time are simply executed together with SCM.
Iv. Service Programming
A service program is the executable code of one or more services. The Service created by service_win32_own_process can only be the execution process of one service.
. The service can be configured to run with the account relationship of the local, primary domain, or trusted domain. Service_win32_cmd_process can be included in the Service Code.
Contains multiple services.
A service must contain the main, servicemain, and Control Handler functions.
· Main function of the service
A service is usually a console program. The entry point is the main function. The main function obtains parameters from the ImagePath value of the service in the registry. When SCM starts to server
When the program is running, wait for the startservicectrldispatcher function to be called. Rule:
· Services of the Service _ win32_own_process type will immediately call the startservicectrldispatcher function from the main thread. You can
Fully initialized after startup.
· Service _ win32_cmd_process: Public initialization in the program. You can use the startservicectrldispatcher function.
Initialization is completed in the main thread before the call, as long as it takes less than 30 seconds. Otherwise, when the main thread calls startservicectrldispatcher
You must create another thread to complete public initialization. You can complete separate initialization of each service in the servicemain function.
The startservicectrldispatcher function obtains a service_table_entry structure for each service in the process. Specify the service for each structure
And the endpoint of the service. If the startservicectrldispatcher function is successfully called, the call thread will not return until all processes running the service are
Termination. SCM controls the request of this thread through the named pipeline. This thread is like a reporter (Scheduler) to complete the following tasks:
· When a new service starts, create a new thread to call the appropriate entry
· Call appropriate handle functions to operate service control requests
When SCM starts a service process, it will call the startservicectrldispatcher function, which receives a service entry list or a single
Each entry point of a service process is identified by a service name that is too incoming to communicate. After a named pipeline is recommended to communicate with SCM, this function is stuck in the cycle
Wait for the SCM command from the MPs queue. SCM sends a Service Startup command every time it starts the service. Startservicectrldispatcher Function
Create a service thread to call the following and execute the service circular commands. Startservicectrldispatcher function is waiting
The self-SCM command returns the control to the main function of the process only after the service threads of all processes stop and allow the process to clear resources when it leaves.
· Servicemain function of the service
The servicemain function is the entry point of the service.
When the service control program requires a new service to run, SCM starts the service and sends a start request to the scheduler. The scheduler creates a new thread
Servicemain function of the row service. The servicemain function completes the following tasks:
· Call the registerservicectrlhandlerex function to register the Service handle control request immediately. The returned value is the service status handle.
Used to notify the status of the SCM service.
· Complete initialization. If the initialization code is executed for a short time (less than 1 second), the initialization can be completed directly in the servicemain function; if
If the initialization time is longer than 1 second, call the setservicestatus function and specify the service_start_pending server in the service_status structure.
Service Status and waiting time. When the initialization continues, the service should also call setservicestatus to report the progress.
· When Initialization is complete, call setservicestatus and specify the service status as service_running in the service_status structure.
· Complete the service task, or, if there is no pending task, return. Setservicestatus is called to report all status changes.
· If an error occurs during service initialization or running, the Service should call setservicestatus to specify the service_stop_pending status,
If the cleanup process is long. Once the cleanup is complete, call setservicestatus from the last terminated thread to specify the service_stopped status. Are you sure you want
Specify dwservicespecificexitcode and dwwin32exitcode in the service_status structure to identify this error.
· Service control and processing functions
Each service has a Control Handler: handlerex function, which is called by the control sender. When a service process receives a control request
This function controls the sender's security relationship execution. No matter when handlerex is called, the Service must call the setservicestatus function.
Report service status to SCM, regardless of whether or not the service status is changed.
The service controller can use the controlservice function to send control requests. All services must be accepted and processed.
Service_control_interrogate control code. You can use setservicestatus to agree or prohibit other control codes. To receive
Service_control_deviceevent control code. You must call the registerdevicenotification function. Services can handle user-defined controls
Code. The control process must be returned within 30 seconds; otherwise, the SCM will return an error. If the service needs to complete a long task
Create a new thread to complete this long task and return it. This prevents service interruptions to control senders.
When the user closes the system, all the control processes need to call setservicestatus to set service_accept_shutdown control code to receive
Service_control_shutdown control code, which will be notified in sequence in the Service database. By default, before the system is disabled,
A service usually takes about 20 seconds to complete the cleanup task. After the time expires, the system will shut down the process, regardless of whether the service is closed. Please note that,
If the system stays in the shutdown status (not restarted or powered down), the service is still running.
If the service needs time to clear, it can send a stop_pending status message, along with a waiting time, so that the service controller is reporting
The system only knows how long it will take before the service is shut down. In any case, there is a service controller waiting for time to prevent the service from staying
Shutdown status. To change the time limit, you can modify the time limit in HKEY_LOCAL_MACHINE/system/CurrentControlSet/control.
Waittokillservicetimeout value.
V. Service Security
Many features of the Service lead to special security considerations: most services have a higher running security level than the Administrator's LocalSystem;
Security issues of a service usually lead to system crash and privilege escalation, such as DDE service problems. The service can be run by the system before account logon,
This is also a suitable running method for Trojans. In addition, many of its own services are also particularly popular: Telnet service, Task Service, remote registry operations,
SNMP service.
Service Security issues come from the following aspects:
1. Problems with service applications
This security problem is caused by the compiling of the service program itself. Because the running account of most services is LocalSystem, these problems
Generally, the permission can be elevated. For example, the privilege escalation vulnerability of the NETDDE Service, the privilege escalation vulnerability of the Telnet service, and the slowdown in the SNMP service.
The dashboard overflow allows attackers to remotely execute commands using the system account permission.
Some services are network services that listen to a TCP port, such as the telnet service, and can be exploited remotely. However, some services only
Local services cannot be used remotely. You need to have a local account and then escalate the permissions.
2. Service Startup Problems
In service management, there are three ways to start a service: automatic, manual, and disabled. Manual and prohibited start methods do not directly start the service,
You need to manually start them as needed. This is a general idea.
But there are some problems here. Manual and prohibited methods cannot completely prohibit the operation of a service. If you start a service in either of the following ways:
Services that run automatically are dependent on them. This can be obtained from the above SCM startup process. And the banned party
Services can also be run manually.
The SC tool provides the function of deleting a service, which can completely prohibit the existence of a service, but it must be used with caution.
3. Service account problems
Because of the LocalSystem account of the service, the service has received a lot of attention. Therefore, the Operation permissions of the Service are described in some security configurations.
Lower, use other accounts to run the service. When the service is installed, use the createservice function to specify the user name and password. You can use
Changeserviceconfig changes the account content. You can also use queryserviceconfig to obtain the User Name of the service object.
When the service is started, SCM logs in with the service account. If the logon succeeds, the system generates an access token to authorize the service process. This token works
Then the obtained object interaction. For example, if a Service tries to open the MPs queue handle, the system compares the service token with the security descriptor of the MPs queue.
In the registry, a service item contains a key objectname, which specifies the Service Running Account. If you use another account to run
In the Registry: secdesc under HKEY_LOCAL_MACHINE/security/policy/secrets/_ SC _ (Service name)
The password hash for storing this account, which is exactly the same as the password hash for this account. Here we can do a lot of things. SCM does not maintain Server
When the system changes the password, it does not notify SCM to change the password. If the password expires or the password is changed, logon fails,
The service fails to be started.
4. Service Management Problems
Because services are very important in applications and some services depend on each other, it is difficult for many administrators to determine which services are required.
Which services can be closed and disabled. From the brief introduction of the Service, it is difficult to identify what a service actually does. And none
Existing Service Management introduction. If some services are disabled by mistake, some functions of the system may be stopped.
Because service management is not so easy, it is convenient for some Trojans to be used as services to confuse victims.
Vi. Service Management
From the service description, it is difficult to determine their actual use. For example, the storage groveler service is described as: "scans Single Instance
Storage (SIS) volumes for duplicate files, and points duplicates files to one data storage point,
Conserving disk space "is not mentioned in what it does. However, it is only used to remotely install the Service (RIS). If you do not need to install it remotely
This service is not required.
To decide what the service actually does, try this way:
* Check more description details on Microsoft technet's Windows 2000 Services
Http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/prodspecs/win2ksvc.asp)
* Check the file description. Right-click the file and select version to view the description.
* Check service Dependencies
* Check the port opened by the Service.
· How do I know the files used by a service?
To learn about a service, you need to understand the files used by this service. Generally, you can check the files it runs to determine whether the service is needed.
This batch file can be used to view the file attributes, where reg.exe and depends.exe using the Windows Resource Kit tool are used:
@ Set ImagePath =
@ For/F "tokens = 3" % A in ('reg query HKLM/system/CurrentControlSet/services/% 1
/V ImagePath 2 ^> NUL ^ | find "ImagePath" ') Do @ set ImagePath = %
@ If defined ImagePath (@ echo dependencies for % ImagePath %:
@ Call depends/a0f1c/OC :~ Svcdep. tmp "% ImagePath %"
@ For/F "tokens = 1 delims =, skip = 1" % B in ('Type ~ Svcdep. tmp ^ | findstr/B/C: "," ^ |
Findstr/V/C :"? "^ | Sort ') Do @ echo % B
@ Del ~ Svcdep. tmp 2> NUL
) Else (@ echo '% 1' is not installed or is not a valid service
)
Save the preceding content as svcdep. BAT and start it with the service name (short name) as the parameter. For example, to view the replication service, enter
Svcdep. Bat ntfr:
You can see:
Dependencies for % SystemRoot %/system32/ntfrs.exe:
"C:/winnt/system32/dbghelp. dll"
"C:/winnt/system32/dnsapi. dll"
"C:/winnt/system32/esent. dll"
"C:/winnt/system32/gdi32.dll"
"C:/winnt/system32/kernel32.dll"
"C:/winnt/system32/msvcrt. dll"
"C:/winnt/system32/netapi32.dll"
"C:/winnt/system32/netrap. dll"
"C:/winnt/system32/NTDLL. dll"
"C:/winnt/system32/ntdsapi. dll"
"C:/winnt/system32/ntfr. EXE"
"C:/winnt/system32/rpcrt4.dll"
"C:/winnt/system32/samlib. dll"
"C:/winnt/system32/secur32.dll"
"C:/winnt/system32/user32.dll"
"C:/winnt/system32/wldap32.dll"
"C:/winnt/system32/ws2_32.dll"
"C:/winnt/system32/ws2help. dll"
"C:/winnt/system32/wsock32.dll"
It can be seen that it uses the DNS (dnsapi. dll), Winsock (WS *. dll) and Remote Procedure Call (rpcrt4.dll) libraries
It not only allows you to understand what the service will do, but also lets you know what it needs.
Nowadays, many software, especially security software, tend to register as services. For example, Norton will write a lot of services, except
In the above way, it is also important to understand the actual work of a service and maintain a service list. Check the service list regularly and compare the changes
Is a good idea. SC is a good tool, and there is a similar program (including source code) on my homepage www.opengram.com ). Yes
If you know the specific management of the service, you can go to the Microsoft website or visit here:
Http://www.plasma-online.de/index.html? Content = http % 3A // www.plasma-online.de/english/help/
Solutions/nt4_services.html
Disabling a service does not mean you cannot use the service. For example, for the telnet service, the opentelnet tool I previously wrote is
Enable this service when you disable it. To completely disable the service, you 'd better delete it directly or replace the service application.
VII. End
Although I have said so much, in fact, the Control Service basically requires administrator permissions. Therefore, managing your Administrator is responsible for maintaining service security.
Important.
(Finally, the lengthy eight shares of plagiarism, translation, and nonsense have been completed, shit .)
Reference:
1. msdn
2. <Windows operating system principles>
3. <Windows2000 core programming>
4. "NT Service checks"
Http://www.nextgenss.com/typhon/reports/10.1.1.2/ntsvc.html
5. "Inside Win32 services"
Http://www.winnetmag.com/Articles/Index.cfm? ArticleID = 8943 & Pg = 1
6. "How to Write a Windows NT Service"
Http://www.muukka.net/programming/service.html
7. "Windows NT Services"
Http://www.mailbag.com/users/pengel/index.html
8. "securing Microsoft services"
Http://online.securityfocus.com/infocus/1581