"Original" Windows Services housekeeper service Control Manager

The Service Control Manager, which is called SCM, is it! In the Windows kernel, you can see her busy figure, can be said to be a system of service and drive housekeeper!

SCM Housekeeper Qizaotanhei, and every time the system starts, so does she. With her own efforts, she finally took a place in the core of Windows, deploying many services and drivers. SCM What is she capable of? She is a remote procedure call service that provides a convenient door for normal program-controlled computer services, including remote computers. service configuration and control programs use SCM functionality by invoking a series of service function interfaces!
 in the final analysis, SCM in the kernel silently play her role in order to be respected by many services, then what did she do for Windows services what good? Come to think of it, SCM has five major tasks in the kernel:

• Maintaining a database of installed services
  
• Open the service or drive service when needed or when the system starts
  
• Enumerate installed services or drive services
  
• Maintain status information for a service or drive service that is already running
  
• Passing a control code to a running service
  
• Lock/Unlock Service database

    We now say the SCM housekeeping skills, that is, the top five tasks!   1. Maintaining a database of installed services
  1.1 What is a database?  What is a database of services? Database? Sounds so familiar, but in fact it is not so, beginners will be and MySQL and other mainstream database confused, in fact, not quite the same. This database is nothing more than a collection of service-related data from the system registry. Its specific location is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.  It is important because it stores some information about the installed services. The SCM is responsible for initiating the installed services when needed or when the system is started. At startup, the SCM needs to get basic information about the driverThe database provides the required portals for device drivers. . AlsoThe database can be used for SCM or programs to add, delete, modify, or configure services. What important content does the database contain?
    
1.2 Database Contentlet's pry from the outside to the inside.   1.2.1 Sub-key name--the name of the service  Let's talk about the many sub-keys under services, what. NET CLR data, and so the unintelligible name is actually the name of the service, each service installation will be in this database hang name, in case the SCM can not find it at startup. Who is the name of the designation, must say clearly! It goes back to the night the service was born ... Remember CreateService This function, there is athe Lpservicename parameter is the name of the service!
  1.2.2 The contents of the child keyabove is the most basic content of a service, and of course there are other.

• Type ( service type). For a generic service, it indicates the service's operating environment: a process that is shared within its own process or with other services, or a kernel service or file system service for the drive service. Here's what it means: 0x1: Drive Service, 0x2: File system service, 0x10: services running on their own processes, 0x20: services that share processes with other services
• Start (startup type). It shows whether this is a self-starting service or a demand-starting service, starting with a system boot or SCM boot, and a service configurator that starts the service configuration manually. It can also indicate whether the service is useful, in which case the service cannot be started. 0x00: The system boot program automatically runs the service; 0x01: A service started by the IoInitSystem function; 0x02: When the system starts, the SCM automatically runs the service; 0X03: Demand starts when a program calls the StartService function. SCM Start service; 0x04: A service that cannot be started
• ErrorControl(Error handling mode). The severity of the error and the protection measures taken when the startup service fails. 0x00: Ignore error; 0X01-0X03: Other error handling, refer to CreateService function.
• ImagePath(the full path to the executable file). For services, the suffix is. exe; for drivers, the suffix is. sys. Can be a relative path and can have a startup parameter.
• Optional account name and password (for service), the service program runs in the context of this account, when no account is specified, the default is LocalSystem account
• The optional Drive object name (to drive), the name in the IO system will be used to load the drive device. If no name is specified, the IO system generates a default name based on the driver service name.
• DependOnService(optional dependency information). For a service, the information can be a list of services that must be started by the specified service in the list before the SCM starts the service. For drivers, the information can be a driver list, and the driver specified in the list must first be started before the SCM starts the service.
• Group (service group). If the service does not have this item, then it does not belong to any of the service groups, and the system will default to load it after all services have been started.
• Tag (tag). It is used to describe the identity of the service. Each service in the service group is assigned a unique identity. The registry is scheduled through the arrangement of service identities for service groups, and the order in which services in the same service group are loaded

2. Open service or drive service SCM manages the start of the service, of course, the start-up for our users are divided into automatic start and manual start, both of which are initiated by the SCM personally. Remember the start type mentioned above? When the system starts, the SCM comes along and she has to work. She first reads the startup information of the service in the database, and, depending on the startup type, opens the service!   2.1 Self-starting service      when the system starts, the SCM initiates all services and drivers of the self-starting type, including the other services and drivers on which these services and drivers depend.   2.2 Delayed self-start service      a self-starting service can be configured to delay start through the Service_config_delayed_auto_start_info parameter of the CHANGESERVICECONFIG2 function, and the change will not take effect until the system restarts.   2.3 Modifying service boot order  for self-initiated services, if no one is telling or reminding which item to start first,SCM Shewill be confused, and eventually lead to service start order disorder, such as a need to start in front of B, but the occasional opportunity, SCM first started B then it will cause system error!   2.3.1 Group Service groupsThe operating system provides a mechanism for a service group that consists of two parts: a list of service groups and a tag flag. How does this mechanism work? Registration Form:The list value for the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder is the start order of the service group. The front-most service group starts first.     a service can specify which service group it belongs to by the group value of the 1th above, so that different services for different service groups have different boot order. If the service does not have this item, then it does not belong to any of the service groups, and the system will default to load it after all services have been started.
but who decides which is the starting order that belongs to the same service group?     registry: Hkey_local_machine\system\currentcontrolset\control\grouporderlist stores information for all service groups.
         Each service group information is saved for the value of a REG_BINARY type, for easy viewing, we divide it into several parts: At the xx-xx | xx
 The first field indicates that the service group has two services, one is a service with a tag value of 01, one is a service with a tag value of 02, and a service that loads different tag values sequentially from left to right. about the tag flag, you can view the tag tag of the 1th, which is one of the basic contents of a service. This will solve the service start order problem!
  2.4 Confirmation procedure       when the boot is complete, the system executes the startup confirmation program (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control by the registryThe Bootverificationprogram key in is specified, by default, this value is not. ）。 When the first user logs on, the system will simply report the bootThe success of the move. A startup confirmation program can be provided separately to check system issues and report the startup status to the SCM, using the Notifybootconfigstatus function.   2.5 Legendary lkg--Last-known-good
    when the system starts successfully, the system saves a copy of the database backup as a Last-known-good (LKG) configuration. If the database currently in usecauses the system to fail to start, it can be restored with a backup. The backed up database is saved in:the hkey_local_machine\system\controlsetxxx\services.      where XXX values are also insured:the Hkey_local_machine\system\select\lastknowngood.      if the auto-start service automatically draws a service_error_critical error, the SCM restarts the machine and uses the LKG configuration ifThe lkg configuration is already in use and will fail to start.      The ErrorControl value of the service in the registry indicates how the SCM handles service errors. If the value is Service_error_ignore (0) or not specified, the SCMjust ignore the error and continue the start of the service, and if it is serivce_error_normal (1), the cause of the error is logged in the event log. If the error is controlled toSerivce_error_severe (2) or serivce_error_critical (3), the service reports a startup error. The SCM records the event log and calls the functionscrevertolastknowngood, switch the system registration configuration to the LKG version, and then call Ntshutdownsystem to restart the system. If the system haswith the LKG version, it is restarted directly.   2.5.1 generation of LKG versions      LKG version Generation: SCM needs to determine this LKG configuration after it has started all the services in the system startup phase. By default, a successfulstartup includes the successful start of all services and the logon of a user. If the service Serivce_error_severe (2) is present during the start service phase orserivce_error_critical (3) error, then this is the start of the failure. If the SCM successfully completes the service startup, when a user logs on,Winlogon calls the Notifybootconfigstatus function to send a message to the SCM. All services are successfully started, and you receive the Notifybootconfigstatuslogin information, SCM calls Ntinitializeregistry to save the current boot configuration information.   2.6 Starting the service manually       Start the service through the Service Control Panel, or start the service by calling the StartService function, both of which can specify parameters for the service.    When the service starts, SCM performs the following steps:

• Retrieving account information stored in the database
• Log in to the service account
  
• Load for preset files
  
• Create a service that is in a pending state
  
• Assigning a login token to a program
  
• Allow program to run

3. SCM Handle      The SCM supports handle types to manipulate the following objects:

• Database of installed Services
• A service
  
• Database lock

    A Scmanager object represents the database for which the service is installed. It is an object container for storing service objects. OpenSCManager is able to get a handle to a Scmanager object. This handle is used to install, delete, open, enumerate services, and lock the service database.    A service object represents a service that is already installed. The CreateService and OpenService functions return a handle to an installed service.    OpenSCManager, the CreateService and OpenService functions can obtain different permissions, allowing or denying the requested permission depends on the permission token of the running program and the security descriptor associated with the Scmanager or service object.    When you don't need these handles, be sure to use the Closeservicehandle function to close this handle 4. Pass the control code to the running service- ControlService      SCM This person is more exclusive, before the completion of a one-off, she will never go to receive another thing. She is handling the service control notifications serially.     when a client has passedthe ControlService function assigns thethe service sends a control code, if the SCM she happens to be free, she will first receive this control code, then she will determine whether the specified service is already in the control code can be sent to its state or the specified service has been specified to receive the control code, good then the service has received the control code. But SCM this person is more exclusive, beginning and ends. The task has not been completed until feedback on the service has been received. She will wait for the service to complete a service control notification processing before sending the next notification, this time the SCM is very busy, she will not receive processing.     so if any service is busy processing a control code, a call to ControlService will pause 30s (this is a time-out), and if the timeout period is over but the processing is not completed, then the function returns a Error_service_request_ TIMEOUT.     As with ControlService, if other services are busy processing the control code, StartService also has a timeout of 30s. If the service that is busy processing the control code is not returned within 30s from its handler function, then StartService will fail to return Error_service_request_timeout because the SCM can only process one service control notification at a time.
  5. Enumerate the installed or running services or drive services  SCM manages a wide range of services, including drivers, up and down the system. For access from the application layer, she provides a fixed interface. For information about enumerating or obtaining services and drivers, SCM providesEnumservicesstatusexfunction, and can even be passedenumdependentservicesto obtain a service or driver dependency. Of course, if you just want to get the name of the service, simply callGetservicekeynameorGetservicedisplaynamecan be.  
This article link: http://www.cnblogs.com/cposture/p/4721139.html

"Original" Windows Services housekeeper service Control Manager