Driver Installation function explanation

The ntquerysysteminformation function hides the driver of the process, but you did not expect an error during installation.
Although I know that the installation program is unlikely to have an error, I have studied some functions of the installation program again to be assured.
First, it is the first one.
Openscmanager
This function opens the service control manager on the specified computer.
Database. The parameter lpmachinename specifies the computer name. If it is null, it is specified as the local machine. Lpdatabasename is the service to be opened
Control Manager Database Name,
The default value is null. Dwdesiredaccess specifies the operation permission,
It can be one of the following values:
---- SC _manager_all_access // All Permissions
---- SC _manager_connect // you can connect to the Service Control Manager database.

---- SC _manager_create_service
// Allows you to create a service object and add it to the database
---- SC _manager_enumerate_service // You can enumerate the services in the database.
---- SC _manager_lock // you can lock the database.
---- SC _manager_query_lock_status // You can query the database blocking information.
---- If the function is successfully executed, a request pointing to Service Control Manager is returned.
Database handle. If it fails, null is returned. Note: winnt uses a service
Control Manager
Database to manage all services, so any operation on the Service should open this database.
My code is:
Hscmanager = openscmanager (null, null, SC _manager_all_access)
That is, open the scmanager on the local machine and check the results without errors.

Check the second item, createservice. The following is a prototype of the createservice function:
SC _handle createservice (SC _handle hscmanager,
Lptstr lpservicename,
Lpctstr lpdisplayname,
DWORD dwdesiredaccess,
DWORD dwservicetype,
DWORD dwstarttype,
DWORD dwerrorcontrol,
Lpctstr lpbinarypathname,
Lpctstr lploadordergroup,
Lpdword lpdwtagid,
Lptstr lpdependencies,
Lpctstr lpservicestartname,
Lpctstr lppassword)

As the name suggests, the creatservice function generates a new service. The hscmanager parameter directs to the service
Control Manager Database
Is returned by openscmanager. Lpservicename indicates the service name, lpdisplayname indicates the service display name, And dwdesiredaccess indicates the access permission. Wservicetype indicates the service type. Dwstarttype is the service startup mode. It should have been self-started, that is, dwstarttype is equal to service_auto_start. However, to facilitate the debugging of a function under the command line, I first set service_demand_start, which should not produce errors.
Dwerrorcontrol indicates the action taken when a service error occurs during startup. Lpbinarypathname indicates the path name of the service ontology program. The remaining five parameters can be set to null. If the function call is successful, the new Service handle is returned. If the function fails, null is returned. Deleteservice (
To delete the specified service.

Then compare with my own code:
Schservice = createservice (hscmanager,
Servicename,
Servicename,
Service_all_access,
Service_kernel_driver,
Service_demand_start,
Service_error_normal, serviceexe,
Null,
Null,
Null,
Null,
Null
);
No errors were found.

Next, the third item is openservice. Function prototype:
SC _handle openservice (SC _handle hscmanager,
Lptstr lpservicename, DWORD dwdesiredaccess)

The openservice function opens the specified service. The hscmanager parameter directs to the service

Control Manager Database
Is returned by openscmanager. Lpservicename is the service name, dwdesiredaccess is the access permission, SDK
Help contains these specific values.
If the function call is successful, the open service handle is returned. If the function fails, null is returned.
This function is relatively simple. My three parameters are correct. hscmanager is the handle returned by the openscmanager function and has the highest access permission.
Schservice =
Openservice (hscmanager, servicename, service_all_access );

The returned values of the above three functions are correct after debugging. That is to say, it is okay to create and open the service. The problem occurs in the following function.
Item 4: startservice. Used to start the service. The prototype of this function:
Bool startservice (SC _handle hservice,
DWORD dwnumserviceargs, lpctstr * lpserviceargvectors)

The startservice function starts the specified service. The hservice parameter is the handle pointing to the service, which is returned by openservice. Dwnumservicear indicates the number of parameters required to start the service. Lpszserviceargs
The parameter required for the startup service. Returns true if the function is successfully executed,
False is returned for failure.
My code:
Nret = startservice (schservice, 0, null)
Schservice is the handle returned by the openservice function. That is to say, my statement is correct, but the nret value returned during debugging is always 0. I suspect there is a problem with my own driver writing. I used a simple helloworld code from the Internet to compile a hello. sys, the debugging result nret = 1, which indicates that the installation program is correct and the problem lies in the driver.

I found the problem and proved that I felt correct at the beginning. It is a waste of time, but now that we have checked the last function, we should check it again.

The fifth item is the controlservice function used to stop the service. Prototype:
Bool controlservice (SC _handle hservice
DWORD dwcontrol, lpservice_status lpservicestatus)

The service program does not have a special stop function, but uses the controlservice function to control the pause, continue, stop, and other operations of the Service. The first hservice parameter is the handle returned by the openservice function. The dwcontrol parameter specifies the control command that can be set to the following values:

Service_control_stop // stop the service
Service_control_pause // pause the service
Service_control_continue // continue service
Service_control_interrogate // query the service status
Service_control_shutdown // invalidate the controlservice call

The lpservicestatus parameter is a pointer to service_status. Service_status is an important structure. It contains various service information, such as the current status and the control commands that can be accepted.

It seems that there is a problem with my driver. I started to study it ......