flat assembler
Message board for the users of flat assembler.
![]() |
Author |
|
sleepsleep 18 Mar 2007, 12:25
any idea?
assume we got a sample.exe and we want to run it as one of windows xp/2000/2003 service.. anyone code something like this before? |
|||
![]() |
|
Vasilev Vjacheslav 18 Mar 2007, 12:44
check this, maybe it helps
_________________ [not enough memory] |
|||||||||||
![]() |
|
HyperVista 18 Mar 2007, 16:27
Hello sleepsleep. When you say "run as a service", Do you mean a device driver? Service and device driver can be synonymous.
This thread might be helpful to you: http://www.board.flatassembler.net/topic.php?t=6504 I discuss an approach to running fasm code within a Windows device driver, which is in turn activated as a Windows service. In the thread i reference, you will find sample code for the device driver and associated files necessary for creating the driver and your debug environment. You will also find instructions on how to set-up the DDK build directory and example SOURCES file. It's a do nothing example that simply uses fasm code to print an integer in the debug window. Basically, you'll want to compile your fasm code as object files (format MS COFF) and link those into the driver as .lib files using the DDK lib utility. You'll note that in the sample driver code that you have to include the fasm module as extern. In the sample driver code, I decided to call the fasm code in the NTSTATUS Open(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp) section using the KDPrint function. However, you can call the fasm code in the NTSTATUS DeiverEntry(IN PDRIVER_OBJECT DirverObject, IN PUNICODE_STRING RegistryPath) function if you want your code to execute when the dirver is loaded. Lastly, in the thread I referenced, you will see instructions on how to manually install the device driver in the registry and how to turn the service on via the device manager dialog box. Alternatively, you can use one of the following utilities to install your device driver (windows service). Btw, I recommend the OSR utility ![]() Let me know if you have any questions.
|
|||||||||||||||||||||
![]() |
|
sleepsleep 18 Mar 2007, 17:37
thanks Vasilev Vjacheslav & hypervista
would take a look on ur guys code ![]() appreciate ![]() |
|||
![]() |
|
vid 18 Mar 2007, 19:13
i wouldn't be so sure that services and device drivers are the same... :S
|
|||
![]() |
|
HyperVista 18 Mar 2007, 19:33
Quote: i wouldn't be so sure that services and device drivers are the same... :S yeah, sure. your are correct vid. but some people use the two terms interchangably (incorrectly, of course). For example, in Russinovich and Solomon "Windows Internals"(http://www.microsoft.com/MSPress/books/6710.aspx), the index says under services, "see device drivers". i wasn't sure what sleepsleep wanted to accomplish, so i asked him if he meant a device driver. if he did want kernel level access, i thought i'd pass along the link to our "running fasm in a windows device driver" thread. of course, sleepsleep if you don't seek kernel level access, you could just create a Windows Services application from scratch using the template provided in VS 2k5. if you take that approach, you'll have to write some installer code too, but that's not a big deal. ![]() Here's the code generated by the Windows Services template sleepsleep: Code: #pragma once using namespace System; using namespace System::Collections; using namespace System::ServiceProcess; using namespace System::ComponentModel; namespace TestService { /// <summary> /// Summary for TestServiceWinService /// </summary> /// /// WARNING: If you change the name of this class, you will need to change the /// 'Resource File Name' property for the managed resource compiler tool /// associated with all .resx files this class depends on. Otherwise, /// the designers will not be able to interact properly with localized /// resources associated with this form. public ref class TestServiceWinService : public System::ServiceProcess::ServiceBase { public: TestServiceWinService() { InitializeComponent(); // //TODO: Add the constructor code here // } protected: /// <summary> /// Clean up any resources being used. /// </summary> ~TestServiceWinService() { if (components) { delete components; } } /// <summary> /// Set things in motion so your service can do its work. /// </summary> virtual void OnStart(array<String^>^ args) override { // TODO: Add code here to start your service. } /// <summary> /// Stop this service. /// </summary> virtual void OnStop() override { // TODO: Add code here to perform any tear-down necessary to stop your service. } private: /// <summary> /// Required designer variable. /// </summary> System::ComponentModel::Container ^components; #pragma region Windows Form Designer generated code /// <summary> /// Required method for Designer support - do not modify /// the contents of this method with the code editor. /// </summary> void InitializeComponent(void) { this->components = gcnew System::ComponentModel::Container(); this->CanStop = true; this->CanPauseAndContinue = true; this->AutoLog = true; this->ServiceName = L"TestServiceWinService"; } #pragma endregion }; } |
|||
![]() |
|
HyperVista 21 Mar 2007, 03:40
well, as an alternative, you can do some rootkit like hooking and hide your process from the task manager ... but that topic gets a little too close to malicious activity and I won't explain any further here
![]() |
|||
![]() |
|
sleepsleep 07 Apr 2007, 21:36
ok, i am lucky i guess
![]() ![]() i found 2 free tools to make an application run as service. they are from NT Resource Kit, instsrv.exe & srvany.exe just tested, it works as expected. now, just wanna know if limited user could kill my application through task manager? or, i could just write "some code" to minimize the task manager everytime it pops up ![]() assume the user don't know sc stop myservice, or just..... ... ... minimize the cmd window... lol lol |
|||
![]() |
|
f0dder 08 Apr 2007, 22:17
Driver and Service are two very different things... but you use some of the same APIs to control them.
sleepsleep: if you want an "unkillable" process, just make sure every user on the system doesn't have administrative privileges, and run the program with higher privileges. Service with LOCALSYSTEM user should do the trick. Hiding from taskmgr is not necessary, and asking for it smells pretty strongly of bad intent. |
|||
![]() |
|
sleepsleep 08 Apr 2007, 22:39
follow your advice, i set the service to run under admin account, but the software on limited privilege account (winxp home)
and HORRAY, the service couldn't be killed anymore!!! save all the virus-like detect window and minimize event ![]() |
|||
![]() |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.