flat assembler
Message board for the users of flat assembler.

Index > Windows > application runs as window services

Author
Thread Post new topic Reply to topic
sleepsleep



Joined: 05 Oct 2006
Posts: 13104
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 0010456
sleepsleep 18 Mar 2007, 12:25
any idea?
assume we got a sample.exe and we want to run it as one of windows xp/2000/2003 service..

anyone code something like this before?
Post 18 Mar 2007, 12:25
View user's profile Send private message Reply with quote
Vasilev Vjacheslav



Joined: 11 Aug 2004
Posts: 392
Vasilev Vjacheslav 18 Mar 2007, 12:44
check this, maybe it helps


Description:
Download
Filename: svc.rar
Filesize: 3.17 KB
Downloaded: 310 Time(s)


_________________
[not enough memory]
Post 18 Mar 2007, 12:44
View user's profile Send private message Reply with quote
HyperVista



Joined: 18 Apr 2005
Posts: 691
Location: Virginia, USA
HyperVista 18 Mar 2007, 16:27
Hello sleepsleep. When you say "run as a service", Do you mean a device driver? Service and device driver can be synonymous.

This thread might be helpful to you: http://www.board.flatassembler.net/topic.php?t=6504

I discuss an approach to running fasm code within a Windows device driver, which is in turn activated as a Windows service. In the thread i reference, you will find sample code for the device driver and associated files necessary for creating the driver and your debug environment. You will also find instructions on how to set-up the DDK build directory and example SOURCES file. It's a do nothing example that simply uses fasm code to print an integer in the debug window.

Basically, you'll want to compile your fasm code as object files (format MS COFF) and link those into the driver as .lib files using the DDK lib utility.

You'll note that in the sample driver code that you have to include the fasm module as extern. In the sample driver code, I decided to call the fasm code in the NTSTATUS Open(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp) section using the KDPrint function. However, you can call the fasm code in the NTSTATUS DeiverEntry(IN PDRIVER_OBJECT DirverObject, IN PUNICODE_STRING RegistryPath) function if you want your code to execute when the dirver is loaded.

Lastly, in the thread I referenced, you will see instructions on how to manually install the device driver in the registry and how to turn the service on via the device manager dialog box. Alternatively, you can use one of the following utilities to install your device driver (windows service). Btw, I recommend the OSR utility Wink

Let me know if you have any questions.


Description:
Download
Filename: osrloaderv23.zip
Filesize: 146.9 KB
Downloaded: 293 Time(s)

Description:
Download
Filename: device driver installer.zip
Filesize: 160.97 KB
Downloaded: 269 Time(s)

Post 18 Mar 2007, 16:27
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 13104
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 0010456
sleepsleep 18 Mar 2007, 17:37
thanks Vasilev Vjacheslav & hypervista
would take a look on ur guys code Smile

appreciate Smile
Post 18 Mar 2007, 17:37
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 18 Mar 2007, 19:13
i wouldn't be so sure that services and device drivers are the same... :S
Post 18 Mar 2007, 19:13
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
HyperVista



Joined: 18 Apr 2005
Posts: 691
Location: Virginia, USA
HyperVista 18 Mar 2007, 19:33
Quote:
i wouldn't be so sure that services and device drivers are the same... :S


yeah, sure. your are correct vid. but some people use the two terms interchangably (incorrectly, of course). For example, in Russinovich and Solomon "Windows Internals"(http://www.microsoft.com/MSPress/books/6710.aspx), the index says under services, "see device drivers". i wasn't sure what sleepsleep wanted to accomplish, so i asked him if he meant a device driver. if he did want kernel level access, i thought i'd pass along the link to our "running fasm in a windows device driver" thread.

of course, sleepsleep if you don't seek kernel level access, you could just create a Windows Services application from scratch using the template provided in VS 2k5. if you take that approach, you'll have to write some installer code too, but that's not a big deal.

Image

Here's the code generated by the Windows Services template sleepsleep:
Code:
#pragma once

using namespace System;
using namespace System::Collections;
using namespace System::ServiceProcess;
using namespace System::ComponentModel;


namespace TestService {

        /// <summary>
        /// Summary for TestServiceWinService
        /// </summary>
        ///
        /// WARNING: If you change the name of this class, you will need to change the
        ///          'Resource File Name' property for the managed resource compiler tool
        ///          associated with all .resx files this class depends on.  Otherwise,
        ///          the designers will not be able to interact properly with localized
        ///          resources associated with this form.
        public ref class TestServiceWinService : public System::ServiceProcess::ServiceBase
        {
        public:
                TestServiceWinService()
                {
                        InitializeComponent();
                        //
                        //TODO: Add the constructor code here
                        //
                }
        protected:
                /// <summary>
                /// Clean up any resources being used.
                /// </summary>
                ~TestServiceWinService()
                {
                        if (components)
                        {
                                delete components;
                        }
                }

                /// <summary>
                /// Set things in motion so your service can do its work.
                /// </summary>
                virtual void OnStart(array<String^>^ args) override
                {
                        // TODO: Add code here to start your service.
                }

                /// <summary>
                /// Stop this service.
                /// </summary>
                virtual void OnStop() override
                {
                        // TODO: Add code here to perform any tear-down necessary to stop your service.
                }

        private:
                /// <summary>
                /// Required designer variable.
                /// </summary>
                System::ComponentModel::Container ^components;

#pragma region Windows Form Designer generated code
                /// <summary>
                /// Required method for Designer support - do not modify
                /// the contents of this method with the code editor.
                /// </summary>
                void InitializeComponent(void)
                {
                        this->components = gcnew System::ComponentModel::Container();
                        this->CanStop = true;
                        this->CanPauseAndContinue = true;
                        this->AutoLog = true;
                        this->ServiceName = L"TestServiceWinService";
                }
#pragma endregion
        };
}    
Post 18 Mar 2007, 19:33
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 13104
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 0010456
sleepsleep 21 Mar 2007, 02:58
beside service,
is there any other options, to run an application that coulnd't be killed.
or invisible from the task manager? or a mirror application (assume user able to kill one process at one time ~ from the task manager), so if a detects b is being killed, b would load a again, if a detected b was killed, a would load b again.

any alternative?
Post 21 Mar 2007, 02:58
View user's profile Send private message Reply with quote
HyperVista



Joined: 18 Apr 2005
Posts: 691
Location: Virginia, USA
HyperVista 21 Mar 2007, 03:40
well, as an alternative, you can do some rootkit like hooking and hide your process from the task manager ... but that topic gets a little too close to malicious activity and I won't explain any further here Wink
Post 21 Mar 2007, 03:40
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 13104
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 0010456
sleepsleep 07 Apr 2007, 21:36
ok, i am lucky i guess Razz Razz
i found 2 free tools to make an application run as service.
they are from NT Resource Kit, instsrv.exe & srvany.exe

just tested, it works as expected.
now, just wanna know if limited user could kill my application through task manager?

or, i could just write "some code" to minimize the task manager everytime it pops up Smile << i saw a virus did like this... damn,
assume the user don't know sc stop myservice, or just.....
...
...
minimize the cmd window... lol lol
Post 07 Apr 2007, 21:36
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 08 Apr 2007, 22:17
Driver and Service are two very different things... but you use some of the same APIs to control them.

sleepsleep: if you want an "unkillable" process, just make sure every user on the system doesn't have administrative privileges, and run the program with higher privileges. Service with LOCALSYSTEM user should do the trick. Hiding from taskmgr is not necessary, and asking for it smells pretty strongly of bad intent.
Post 08 Apr 2007, 22:17
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 13104
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 0010456
sleepsleep 08 Apr 2007, 22:39
follow your advice, i set the service to run under admin account, but the software on limited privilege account (winxp home)
and HORRAY,
the service couldn't be killed anymore!!!
save all the virus-like detect window and minimize event Wink thanks!!
Post 08 Apr 2007, 22:39
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.