finally got around trying this. I did this:
(1) Installed a brand new Windows Server 2003 Standard Edition x86 PC with SP2.
(2) Created an empty folder "test" on the desktop.
(3) Added "Everyone" to the security settings of the "test" folder with full access.
(4) Copied a test service and dll into that "test" folder.
(5) Installed the service.
(6) The service when started (not installed) injected the dll into the Explorer.
(7) Double checked with ProcessExplorer.
No problems, works just fine here. Not sure why it doesn't work for you.
Code: Select all
#include <windows.h>
#include "madCHook.h"
// ***************************************************************
// these are our service parameters
char CServiceName [24] = "madDllInjectPraveen";
char CServiceDescr [25] = "madCodeHook_praveen_demo";
DWORD CServiceType = SERVICE_WIN32_OWN_PROCESS;
DWORD CServiceStart = SERVICE_AUTO_START;
// ***************************************************************
// we need this handle is several functions, so we have to make it global
SERVICE_STATUS_HANDLE statusHandle;
void UpdateStatus(DWORD status)
// update the status of our service
{
SERVICE_STATUS ss;
ZeroMemory(&ss, sizeof(ss));
ss.dwServiceType = CServiceType;
ss.dwCurrentState = status;
ss.dwControlsAccepted = SERVICE_ACCEPT_STOP;
ss.dwWaitHint = 8000;
SetServiceStatus(statusHandle, &ss);
}
void WINAPI ServiceHandler(DWORD control)
// this function gets called when our service shall be stopped or started
{
HANDLE event;
CHAR evName [MAX_PATH];
if ((control == SERVICE_CONTROL_STOP) || (control == SERVICE_CONTROL_SHUTDOWN))
{
// our service is about to stop
UpdateStatus(SERVICE_STOP_PENDING);
// then we set our shutdown event
lstrcpy(evName, CServiceName);
lstrcat(evName, "ShutdownEvent");
event = OpenGlobalEvent(evName);
SetEvent(event);
CloseHandle(event);
}
else
UpdateStatus(SERVICE_RUNNING);
}
void WINAPI ServiceProc(DWORD, LPSTR*)
// this is the main function of our service, we do all the work here...
{
HANDLE event;
CHAR evName [MAX_PATH];
statusHandle = RegisterServiceCtrlHandler(CServiceName, ServiceHandler);
if (statusHandle)
{
UpdateStatus(SERVICE_START_PENDING);
InitializeMadCHook();
lstrcpy(evName, CServiceName);
lstrcat(evName, "ShutdownEvent");
event = CreateGlobalEvent(evName, true, false);
HANDLE ph = OpenProcess(PROCESS_ALL_ACCESS, false, 1780); // 1780 = hard coded Explorer process ID
InjectLibrary("HookTerminateAPIs32.dll", ph);
CloseHandle(ph);
UpdateStatus(SERVICE_RUNNING);
WaitForSingleObject(event, INFINITE);
CloseHandle(event);
FinalizeMadCHook();
UpdateStatus(SERVICE_STOPPED);
}
}
void RunService()
// this is the main thread of our injection service
// we have to call StartServiceCtrlDispatcher as soon as possible here
{
SERVICE_TABLE_ENTRY st [2];
ZeroMemory(&st, sizeof(st));
st[0].lpServiceName = CServiceName;
st[0].lpServiceProc = &ServiceProc;
StartServiceCtrlDispatcher(st);
}
// ***************************************************************
void InstallService()
// this function is executed, if someone starts our service exe manually
// if our service is installed, we uninstall it and vice versa
{
CHAR arrCh [MAX_PATH + 1];
SC_HANDLE c1, c2;
DWORD c3;
SERVICE_STATUS ss;
LPQUERY_SERVICE_CONFIG qsc;
int i1;
bool b1;
GetModuleFileName(GetModuleHandle(NULL), arrCh, MAX_PATH);
// first we contact the service control manager
c1 = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (!c1)
// didn't work, maybe we asked for too many access rights?
c1 = OpenSCManager(NULL, NULL, 0);
if (c1)
{
// okay, that worked, now we try to open our service
c2 = OpenService(c1, CServiceName, SERVICE_ALL_ACCESS | DELETE);
if (c2)
{
// our service is already installed, let's check the parameters
b1 = false;
c3 = 0;
QueryServiceConfig(c2, NULL, 0, &c3);
if (c3)
{
qsc = (LPQUERY_SERVICE_CONFIG) LocalAlloc(LPTR, c3 * 2);
b1 = (QueryServiceConfig(c2, qsc, c3 * 2, &c3)) &&
( (qsc->dwServiceType != CServiceType ) ||
(qsc->dwStartType != CServiceStart) ||
(lstrcmpi(qsc->lpDisplayName, CServiceDescr)) );
LocalFree(qsc);
}
if (!ControlService(c2, SERVICE_CONTROL_INTERROGATE, &ss))
ss.dwCurrentState = SERVICE_STOPPED;
if ((!b1) && (ss.dwCurrentState == SERVICE_RUNNING))
{
// the parameters are correct, so we try to stop and remove it
if (ControlService(c2, SERVICE_CONTROL_STOP, &ss))
{
if (DeleteService(c2))
MessageBox(0, "the service is removed again", "information...", MB_ICONINFORMATION);
else MessageBox(0, "the service is stopped, but removing failed", "warning...", MB_ICONWARNING);
}
else
MessageBox(0, "stopping failed", "warning...", MB_ICONWARNING);
}
else
{
if (b1)
// not all parameters are correct, so we try to correct them
if (ChangeServiceConfig(c2, CServiceType, CServiceStart, SERVICE_ERROR_NORMAL,
arrCh, NULL, NULL, NULL, NULL, NULL, CServiceDescr))
MessageBox(0, "correction of service parameters succeeded", "information...", MB_ICONINFORMATION);
else MessageBox(0, "correction of service parameters failed", "warning...", MB_ICONWARNING);
if (ss.dwCurrentState != SERVICE_RUNNING)
// our service was installed, but not running, so we start it
if (StartService(c2, 0, NULL))
MessageBox(0, "the service was restarted", "information...", MB_ICONINFORMATION);
else MessageBox(0, "restarting failed", "warning...", MB_ICONWARNING);
}
CloseServiceHandle(c2);
}
else
{
// probably our service is not installed yet, so we do that now
c2 = CreateService(c1, CServiceName, CServiceDescr,
SERVICE_ALL_ACCESS | STANDARD_RIGHTS_ALL,
CServiceType, CServiceStart,
SERVICE_ERROR_NORMAL, arrCh, NULL, NULL, NULL, NULL, NULL);
if (c2)
{
// installation went smooth
// we want to give everyone full access to our service
if (!AddAccessForEveryone(c2, SERVICE_ALL_ACCESS | DELETE))
MessageBox(0, "access manipulation didn't work", "warning...", MB_ICONWARNING);
// now let's start the service
if (StartService(c2, 0, NULL))
{
// starting succeeded, but does the service run through?
// the service tries to create an ipc queue
// if that fails, it stops and removes itself
ss.dwCurrentState = SERVICE_STOPPED;
for (i1 = 1; (i1 < 50); i1++)
{
if (!ControlService(c2, SERVICE_CONTROL_INTERROGATE, &ss))
ss.dwCurrentState = SERVICE_STOPPED;
if ((ss.dwCurrentState == SERVICE_RUNNING) || (ss.dwCurrentState == SERVICE_STOPPED))
break;
Sleep(50);
}
if (ss.dwCurrentState == SERVICE_RUNNING)
MessageBox(0, "the service is installed now", "information...", MB_ICONINFORMATION);
else MessageBox(0, "installation failed (ipc failure)", "warning...", MB_ICONWARNING);
}
else
MessageBox(0, "installation succeeded, but starting failed", "warning...", MB_ICONWARNING);
CloseServiceHandle(c2);
}
else
MessageBox(0, "you don't have enough privileges", "sorry...", MB_ICONWARNING);
}
CloseServiceHandle(c1);
}
else
MessageBox(0, "you don't have enough privileges", "sorry...", MB_ICONWARNING);
}
// ***************************************************************
int WINAPI WinMain(HINSTANCE, HINSTANCE, LPSTR, int)
{
if (AmSystemProcess())
RunService();
else
InstallService();
return true;
}