flat assembler
Message board for the users of flat assembler.

Index > Windows > need service example [skeleton]

Author
Thread Post new topic Reply to topic
Vasilev Vjacheslav



Joined: 11 Aug 2004
Posts: 392
Vasilev Vjacheslav
hello, i searched on this board and i can't find any example of windows service, it would be nice if someone share it, 10x

_________________
[not enough memory]
Post 21 Apr 2006, 06:40
View user's profile Send private message Reply with quote
Kermil



Joined: 26 Oct 2005
Posts: 35
Location: Russia
Kermil
Try to use attached example, it is small telnet server.


Description:
Download
Filename: vIm.ASM
Filesize: 7.53 KB
Downloaded: 96 Time(s)

Post 21 Apr 2006, 08:33
View user's profile Send private message ICQ Number Reply with quote
Madis731



Joined: 25 Sep 2003
Posts: 2140
Location: Estonia
Madis731
Stupid me Sad - I compiled it and it doesn't want to shut down! I can't find it in the services either...
Post 21 Apr 2006, 10:54
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger Reply with quote
okasvi



Joined: 18 Aug 2005
Posts: 382
Location: Finland
okasvi
see, start->run->services.msc

if it isnt there, it isnt running... unless there is rootkit hiding it, which is unlikely Laughing
Post 21 Apr 2006, 11:13
View user's profile Send private message MSN Messenger Reply with quote
Madis731



Joined: 25 Sep 2003
Posts: 2140
Location: Estonia
Madis731
Ok, I did some digging and its under the name "System Service Configuration", but it has all the functions disabled Sad
I guess I'll have to restart afterall Razz
Post 21 Apr 2006, 11:39
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger Reply with quote
okasvi



Joined: 18 Aug 2005
Posts: 382
Location: Finland
okasvi
Madis731 wrote:
Ok, I did some digging and its under the name "System Service Configuration", but it has all the functions disabled Sad
I guess I'll have to restart afterall Razz


did you see preferences of the service to make sure it doesnt autostart?

_________________
When We Ride On Our Enemies
support reverse smileys |:
Post 21 Apr 2006, 11:44
View user's profile Send private message MSN Messenger Reply with quote
Madis731



Joined: 25 Sep 2003
Posts: 2140
Location: Estonia
Madis731
I put it to disabled so it won't start on the next reboot, but it has all the functional buttons disabled like the RPC. I'm hacking the registry right now but I don't think it will work.
Post 21 Apr 2006, 12:04
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger Reply with quote
Kermil



Joined: 26 Oct 2005
Posts: 35
Location: Russia
Kermil
okasvi wrote:
see, start->run->services.msc

if it isnt there, it isnt running... unless there is rootkit hiding it, which is unlikely Laughing


It is not rootkit Sad

2Madis731, add your code in the following function:

Code:
;Handle message for service
proc    Handler, dwAction
        cmp     [dwAction], SERVICE_CONTROL_SHUTDOWN
        jnz     @F
        invoke  ExitProcess, 0
@@:
        ret
endp
    


And change this field - status.dwControlsAccepted
Post 21 Apr 2006, 12:07
View user's profile Send private message ICQ Number Reply with quote
Madis731



Joined: 25 Sep 2003
Posts: 2140
Location: Estonia
Madis731
Ok, this is where I put my code, when I want something to be done, WHEN the shutdown message arrives, but there IS NO shutdown message, because itsdisabled.
Code:
mov     [status.dwControlsAccepted], SERVICE_ACCEPT_SHUTDOWN
    

How should this work?

Code:
invoke  GetCommandLine
    

and how should this work? For example does it accept variables from the commandline and if it does - what should they be like?
vIm -exit and vIm -shutdown didn't work, they just start new instances Sad

and:
Code:
C:\Documents and Settings\Madisk>telnet localhost
Connecting To localhost...Could not open a connection to host on port 23 : Connect failed
    


Last edited by Madis731 on 21 Apr 2006, 12:22; edited 1 time in total
Post 21 Apr 2006, 12:21
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger Reply with quote
Kermil



Joined: 26 Oct 2005
Posts: 35
Location: Russia
Kermil
I coded this program very long ago. Use GetModuleFileName function instead of GetCommandLine. Constant PORT defines port for the binding.

Quote:

telnet localhost 14135
Post 21 Apr 2006, 12:28
View user's profile Send private message ICQ Number Reply with quote
Madis731



Joined: 25 Sep 2003
Posts: 2140
Location: Estonia
Madis731
Ok, the service works - I successfully connected to telnet Wink

Did you have any backdoors in mind when you coded this? Very Happy
Post 21 Apr 2006, 12:30
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger Reply with quote
Kermil



Joined: 26 Oct 2005
Posts: 35
Location: Russia
Kermil
No. If I will want to code backdoor, I cut many lines, which concern to a service.
Post 21 Apr 2006, 12:35
View user's profile Send private message ICQ Number Reply with quote
Madis731



Joined: 25 Sep 2003
Posts: 2140
Location: Estonia
Madis731
I restarted my computer, but now I want to find out an elegant way to uninstall the service - now it just sits there as "disabled" in the Service Manager Smile
Post 21 Apr 2006, 12:44
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger Reply with quote
Kermil



Joined: 26 Oct 2005
Posts: 35
Location: Russia
Kermil
Look on this line:
Code:
ServiceName             db      'SysConfig',0
    


It is name of service. For killing of service delete following key in registry:

Quote:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysConfig
Post 21 Apr 2006, 12:50
View user's profile Send private message ICQ Number Reply with quote
Madis731



Joined: 25 Sep 2003
Posts: 2140
Location: Estonia
Madis731
but even if I do:
Code:
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysConfig]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SysConfig]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysConfig]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SYSCONFIG]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SYSCONFIG]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SYSCONFIG]
    

...there will remain...
Code:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SYSCONFIG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SYSCONFIG
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SYSCONFIG
    

...because of ACCESS_DENIED Sad

PS I have to go home now - I won't answer the posts for about ~2 hours. See you later


Last edited by Madis731 on 21 Apr 2006, 13:03; edited 1 time in total
Post 21 Apr 2006, 12:57
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger Reply with quote
Kermil



Joined: 26 Oct 2005
Posts: 35
Location: Russia
Kermil
I think that following keys don't concern to service:

Quote:

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SYSCONFIG]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SYSCONFIG]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SYSCONFIG]
Post 21 Apr 2006, 13:02
View user's profile Send private message ICQ Number Reply with quote
Vasilev Vjacheslav



Joined: 11 Aug 2004
Posts: 392
Vasilev Vjacheslav
Quote:
because of ACCESS_DENIED


if you have admin rights, just right click on target branch and set permissions to administrator
Post 21 Apr 2006, 16:52
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.