OpenServiceW issue in MMC.exe on Win7
OpenServiceW issue in MMC.exe on Win7
Hi Guys,
Is anybody having issues hooking OpenServiceW on Window 7 in the Services Control Manager (mmc.exe)?
On Windows Xp everything works fine but on Windows 7 it is either not being called or is not hooking.
Thanks for any help.
Lee
Is anybody having issues hooking OpenServiceW on Window 7 in the Services Control Manager (mmc.exe)?
On Windows Xp everything works fine but on Windows 7 it is either not being called or is not hooking.
Thanks for any help.
Lee
Re: OpenServiceW issue in MMC.exe on Win7
Disassembly of advapi32's OpenServiceW in Windows 7:
Code: Select all
7587ca4c public OpenServiceW: ; function entry point
7587ca4c mov edi, edi
7587ca4e push ebp
7587ca4f mov ebp, esp
7587ca51 pop ebp
7587ca52 jmp loc_7587ca59
7587ca52
7587ca52 ; ---------------------------------------------------------
7587ca52
7587ca59 loc_7587ca59:
7587ca59 jmp dword ptr [$7587142c] ; OpenServiceW (sechost.dll)
Re: OpenServiceW issue in MMC.exe on Win7
Hi Madshi,
Like I said over email if we use command prompt and type "sc query SERVICENAME" or "net stop SERVICENAME" etc then we can intercept "OpenServiceW" on Windows 7.
Whenever you refresh or click a service in SCM ("services.msc") "OpenServiceW" should be called we can't seem to intercept it. We tried running "API Monitor v2" and it logged that "OpenServiceW" was being called. Oddly though, if we attach API Monitor to the "services.msc" when it is first launched then it won't log the "OpenServiceW" api. If "services.msc" is already running and then we attach API monitor to it then the "OpenServiceW" api is logged... weird!
Is this something you can check your side to see what might be happening?
Thanks,
Lee
Like I said over email if we use command prompt and type "sc query SERVICENAME" or "net stop SERVICENAME" etc then we can intercept "OpenServiceW" on Windows 7.
Whenever you refresh or click a service in SCM ("services.msc") "OpenServiceW" should be called we can't seem to intercept it. We tried running "API Monitor v2" and it logged that "OpenServiceW" was being called. Oddly though, if we attach API Monitor to the "services.msc" when it is first launched then it won't log the "OpenServiceW" api. If "services.msc" is already running and then we attach API monitor to it then the "OpenServiceW" api is logged... weird!
Is this something you can check your side to see what might be happening?
Thanks,
Lee
Re: OpenServiceW issue in MMC.exe on Win7
It seems you didn't look properly at my previous comment. Let me give you a hint:
jmp dword ptr [$7587142c] ; OpenServiceW (sechost.dll)
jmp dword ptr [$7587142c] ; OpenServiceW (sechost.dll)
Re: OpenServiceW issue in MMC.exe on Win7
haha ... sorry its been a long day!! You are the man, where do I "donate" ?? thanks
Re: OpenServiceW issue in MMC.exe on Win7
Well, give it a try first... Maybe hooking that won't work, either!
Re: OpenServiceW issue in MMC.exe on Win7
Works perfect!
I'll email you in the morning and buy 3 years worth of support if that's possible?
I'll email you in the morning and buy 3 years worth of support if that's possible?
Re: OpenServiceW issue in MMC.exe on Win7
Yam-yam, thank you!