48 return (
wcsstr(pServiceImage->pszImagePath,
L"\\system32\\lsass.exe") !=
NULL);
60 DWORD dwServiceCurrent = 1;
61 DWORD dwKeyDisposition;
70 L"SYSTEM\\CurrentControlSet\\Control\\ServiceCurrent",
80 DPRINT1(
"RegCreateKeyEx() failed with error %lu\n", dwError);
86 dwKeySize =
sizeof(
DWORD);
91 (
BYTE*)&dwServiceCurrent,
96 DPRINT1(
"RegQueryValueEx() failed with error %lu\n", dwError);
107 (
BYTE*)&dwServiceCurrent,
108 sizeof(dwServiceCurrent));
114 DPRINT1(
"RegSetValueExW() failed (Error %lu)\n", dwError);
120 dwServiceCurrent = 0;
125 L"\\\\.\\pipe\\net\\NtControlPipe%lu", dwServiceCurrent);
127 DPRINT(
"PipeName: %S\n", szControlPipeName);
129 SecurityAttributes.
nLength =
sizeof(SecurityAttributes);
140 &SecurityAttributes);
141 DPRINT(
"CreateNamedPipeW(%S) done\n", szControlPipeName);
144 DPRINT1(
"Failed to create control pipe\n");
158 DPRINT(
"ScmGetServiceImageByImagePath(%S) called\n", lpImagePath);
172 ImageEntry = ImageEntry->
Flink;
175 DPRINT(
"Couldn't find a matching image\n");
207 CurrentImage = CurrentService->
lpImage;
215 ServiceEntry = ServiceEntry->
Flink;
274 if (pszAccountName1 ==
NULL &&
275 pszAccountName2 ==
NULL)
278 if (pszAccountName1 ==
NULL &&
279 pszAccountName2 !=
NULL &&
280 _wcsicmp(pszAccountName2,
L"LocalSystem") == 0)
283 if (pszAccountName1 !=
NULL &&
284 pszAccountName2 ==
NULL &&
285 _wcsicmp(pszAccountName1,
L"LocalSystem") == 0)
288 if (pszAccountName1 !=
NULL &&
289 pszAccountName2 !=
NULL &&
290 _wcsicmp(pszAccountName1, pszAccountName2) == 0)
302 if (pszAccountName ==
NULL ||
303 _wcsicmp(pszAccountName,
L"LocalSystem") == 0)
320 DPRINT(
"ScmEnableBackupRestorePrivileges(%p %d)\n", hToken,
bEnable);
324 if (pTokenPrivileges ==
NULL)
326 DPRINT1(
"Failed to allocate privilege buffer\n");
345 DPRINT1(
"AdjustTokenPrivileges() succeeded, but with not all privileges assigned\n");
350 if (pTokenPrivileges !=
NULL)
370 DPRINT(
"ScmLogonService(%p %p)\n", pService, pImage);
371 DPRINT(
"Service %S\n", pService->lpServiceName);
381 pszUserName =
ptr + 1;
382 pszDomainName = pImage->pszAccountName;
387 pszUserName = pImage->pszAccountName;
388 pszDomainName =
NULL;
394 (
wcslen(pService->lpServiceName) + 5) *
sizeof(
WCHAR));
395 if (pszPassword ==
NULL)
402 wcscat(pszPassword, pService->lpServiceName);
404 DPRINT(
"Domain: %S User: %S Password: %S\n", pszDomainName, pszUserName, pszPassword);
415 DPRINT1(
"LogonUserW() failed (Error %lu)\n", dwError);
423 ZeroMemory(&ProfileInfo,
sizeof(ProfileInfo));
424 ProfileInfo.
dwSize =
sizeof(ProfileInfo);
440 DPRINT1(
"LoadUserProfileW() failed (Error %lu)\n", dwError);
444 pImage->hProfile = ProfileInfo.
hProfile;
447 if (pszPassword !=
NULL)
468 BOOL bSecurityService;
470 DPRINT(
"ScmCreateOrReferenceServiceImage(%p)\n", pService);
493 DPRINT1(
"RtlQueryRegistryValues() failed (Status %lx)\n",
Status);
497 DPRINT(
"ImagePath: '%wZ'\n", &ImagePath);
501 if (pServiceImage ==
NULL)
511 if (pServiceImage ==
NULL)
542 DPRINT1(
"ScmLogonService() failed (Error %lu)\n", dwError);
557 DPRINT1(
"ScmCreateNewControlPipe() failed (Error %lu)\n", dwError);
577 if (bSecurityService)
609 pService->
lpImage = pServiceImage;
615 DPRINT(
"ScmCreateOrReferenceServiceImage() done (Error: %lu)\n", dwError);
624 DPRINT1(
"ScmRemoveServiceImage() called\n");
662 DPRINT(
"ScmGetServiceEntryByName() called\n");
673 return CurrentService;
676 ServiceEntry = ServiceEntry->
Flink;
679 DPRINT(
"Couldn't find a matching service\n");
691 DPRINT(
"ScmGetServiceEntryByDisplayName() called\n");
702 return CurrentService;
705 ServiceEntry = ServiceEntry->
Flink;
708 DPRINT(
"Couldn't find a matching service\n");
720 DPRINT(
"ScmGetServiceEntryByResumeCount() called\n");
731 return CurrentService;
734 ServiceEntry = ServiceEntry->
Flink;
737 DPRINT(
"Couldn't find a matching service\n");
774 DPRINT(
"Service: '%S'\n", lpServiceName);
780 if (lpService ==
NULL)
783 *lpServiceRecord = lpService;
867 DWORD dwErrorControl;
870 DPRINT(
"Service: '%S'\n", lpServiceName);
871 if (*lpServiceName ==
L'{')
890 DPRINT(
"Service type: %lx\n", dwServiceType);
902 DPRINT(
"Start type: %lx\n", dwStartType);
914 DPRINT(
"Error control: %lx\n", dwErrorControl);
925 DPRINT(
"Tag: %lx\n", dwTagId);
933 DPRINT(
"Group: %S\n", lpGroup);
951 lpService->
dwTag = dwTagId;
971 DPRINT(
"Start %lx Type %lx Tag %lx ErrorControl %lx\n",
992 DPRINT(
"No security descriptor found! Assign default security descriptor\n");
1005 if (lpGroup !=
NULL)
1011 if (lpService !=
NULL)
1033 ServiceEntry = ServiceEntry->
Flink;
1038 L"System\\CurrentControlSet\\Services",
1069 L"SYSTEM\\CurrentControlSet\\Control\\Windows",
1077 L"NoInteractiveServices",
1094 DWORD dwSubKeyLength;
1098 DPRINT(
"ScmCreateServiceDatabase() called\n");
1116 L"System\\CurrentControlSet\\Services",
1136 szSubKey[0] !=
L'{')
1138 DPRINT(
"SubKeyName: '%S'\n", szSubKey);
1168 DPRINT(
"ScmCreateServiceDatabase() done\n");
1177 DPRINT(
"ScmShutdownServiceDatabase() called\n");
1182 DPRINT(
"ScmShutdownServiceDatabase() done\n");
1198 DPRINT(
"ScmCheckDriver(%S) called\n",
Service->lpServiceName);
1254 DPRINT(
"Found: '%S' '%wZ'\n",
1261 Service->Status.dwServiceSpecificExitCode = 0;
1262 Service->Status.dwCheckPoint = 0;
1263 Service->Status.dwWaitHint = 0;
1290 DPRINT(
"ScmGetBootAndSystemDriverState() called\n");
1306 ServiceEntry = ServiceEntry->
Flink;
1309 DPRINT(
"ScmGetBootAndSystemDriverState() done\n");
1322 DWORD dwWriteCount = 0;
1323 DWORD dwReadCount = 0;
1330 DPRINT(
"ScmControlService() called\n");
1342 if (ControlPacket ==
NULL)
1365 if (bResult ==
FALSE)
1367 DPRINT(
"WriteFile() returned FALSE\n");
1372 DPRINT(
"dwError: ERROR_IO_PENDING\n");
1376 DPRINT(
"WaitForSingleObject() returned %lu\n", dwError);
1381 if (bResult ==
FALSE)
1395 if (bResult ==
FALSE)
1398 DPRINT1(
"GetOverlappedResult() failed (Error %lu)\n", dwError);
1406 DPRINT1(
"WriteFile() failed (Error %lu)\n", dwError);
1419 if (bResult ==
FALSE)
1421 DPRINT(
"ReadFile() returned FALSE\n");
1426 DPRINT(
"dwError: ERROR_IO_PENDING\n");
1430 DPRINT(
"WaitForSingleObject() returned %lu\n", dwError);
1435 if (bResult ==
FALSE)
1449 if (bResult ==
FALSE)
1452 DPRINT1(
"GetOverlappedResult() failed (Error %lu)\n", dwError);
1460 DPRINT1(
"ReadFile() failed (Error %lu)\n", dwError);
1473 dwError = ReplyPacket.
dwError;
1478 DPRINT(
"ScmControlService() done\n");
1498 DWORD dwWriteCount = 0;
1499 DWORD dwReadCount = 0;
1502 DPRINT(
"ScmSendStartCommand() called\n");
1531 if (ControlPacket ==
NULL)
1559 DPRINT(
"dwArgumentsCount: %lu\n", ControlPacket->dwArgumentsCount);
1560 DPRINT(
"dwArgumentsOffset: %lu\n", ControlPacket->dwArgumentsOffset);
1566 DPRINT(
"offset[%lu]: %p\n",
i, pOffPtr[
i]);
1576 if (bResult ==
FALSE)
1578 DPRINT(
"WriteFile() returned FALSE\n");
1583 DPRINT(
"dwError: ERROR_IO_PENDING\n");
1587 DPRINT(
"WaitForSingleObject() returned %lu\n", dwError);
1592 if (bResult ==
FALSE)
1606 if (bResult ==
FALSE)
1609 DPRINT1(
"GetOverlappedResult() failed (Error %lu)\n", dwError);
1617 DPRINT1(
"WriteFile() failed (Error %lu)\n", dwError);
1630 if (bResult ==
FALSE)
1632 DPRINT(
"ReadFile() returned FALSE\n");
1637 DPRINT(
"dwError: ERROR_IO_PENDING\n");
1641 DPRINT(
"WaitForSingleObject() returned %lu\n", dwError);
1646 if (bResult ==
FALSE)
1660 if (bResult ==
FALSE)
1663 DPRINT1(
"GetOverlappedResult() failed (Error %lu)\n", dwError);
1671 DPRINT1(
"ReadFile() failed (Error %lu)\n", dwError);
1684 dwError = ReplyPacket.
dwError;
1687 DPRINT(
"ScmSendStartCommand() done\n");
1697 DWORD dwProcessId = 0;
1703 WCHAR szBuffer1[20];
1704 WCHAR szBuffer2[20];
1707 DPRINT(
"ScmWaitForServiceConnect()\n");
1713 if (bResult ==
FALSE)
1715 DPRINT(
"ConnectNamedPipe() returned FALSE\n");
1720 DPRINT(
"dwError: ERROR_IO_PENDING\n");
1724 DPRINT(
"WaitForSingleObject() returned %lu\n", dwError);
1728 DPRINT(
"WaitForSingleObject() returned WAIT_TIMEOUT\n");
1731 if (bResult ==
FALSE)
1738 lpLogStrings[0] =
Service->lpDisplayName;
1739 lpLogStrings[1] = szBuffer1;
1746 DPRINT1(
"Log EVENT_CONNECTION_TIMEOUT by %S\n",
Service->lpDisplayName);
1756 if (bResult ==
FALSE)
1759 DPRINT1(
"GetOverlappedResult failed (Error %lu)\n", dwError);
1767 DPRINT1(
"ConnectNamedPipe failed (Error %lu)\n", dwError);
1772 DPRINT(
"Control pipe connected\n");
1782 if (bResult ==
FALSE)
1784 DPRINT(
"ReadFile() returned FALSE\n");
1789 DPRINT(
"dwError: ERROR_IO_PENDING\n");
1795 DPRINT(
"WaitForSingleObject() returned WAIT_TIMEOUT\n");
1798 if (bResult ==
FALSE)
1805 lpLogStrings[0] = szBuffer1;
1812 DPRINT1(
"Log EVENT_READFILE_TIMEOUT by %S\n",
Service->lpDisplayName);
1818 DPRINT(
"WaitForSingleObject() returned WAIT_OBJECT_0\n");
1820 DPRINT(
"Process Id: %lu\n", dwProcessId);
1826 if (bResult ==
FALSE)
1829 DPRINT1(
"GetOverlappedResult() failed (Error %lu)\n", dwError);
1836 DPRINT1(
"WaitForSingleObject() returned %lu\n", dwError);
1841 DPRINT1(
"ReadFile() failed (Error %lu)\n", dwError);
1847 (dwProcessId !=
Service->lpImage->dwProcessId))
1851 _ultow(dwProcessId, szBuffer2, 10);
1853 lpLogStrings[0] =
Service->lpDisplayName;
1854 lpLogStrings[1] = szBuffer1;
1855 lpLogStrings[2] = szBuffer2;
1863 DPRINT1(
"Log EVENT_SERVICE_DIFFERENT_PID_CONNECTED by %S\n",
Service->lpDisplayName);
1866 DPRINT(
"ScmWaitForServiceConnect() done\n");
1886 if (
Service->lpImage->dwImageRunCount > 1)
1893 ZeroMemory(&StartupInfo,
sizeof(StartupInfo));
1894 StartupInfo.
cb =
sizeof(StartupInfo);
1895 ZeroMemory(&ProcessInformation,
sizeof(ProcessInformation));
1904 DPRINT1(
"CreateEnvironmentBlock() failed with error %d; service '%S' will run with current environment\n",
1906 lpEnvironment =
NULL;
1916 Service->lpImage->pszImagePath,
1924 &ProcessInformation);
1934 DPRINT1(
"ImpersonateLoggedOnUser() failed with error %d\n", dwError);
1944 DPRINT1(
"CreateEnvironmentBlock() failed with error %d; service '%S' will run with current environment\n",
1946 lpEnvironment =
NULL;
1960 Service->lpImage->pszImagePath,
1968 &ProcessInformation);
1984 DPRINT1(
"Starting '%S' failed with error %d\n",
1985 Service->lpServiceName, dwError);
1989 DPRINT(
"Process Id: %lu Handle %p\n",
1992 DPRINT(
"Thread Id: %lu Handle %p\n",
2008 DPRINT1(
"Connecting control pipe failed! (Error %lu)\n", dwError);
2009 Service->lpImage->dwProcessId = 0;
2026 WCHAR szLogBuffer[80];
2028 DPRINT(
"ScmLoadService() called\n");
2033 DPRINT(
"Service %S is already running\n",
Service->lpServiceName);
2037 DPRINT(
"Service->Type: %lu\n",
Service->Status.dwServiceType);
2054 Service->Status.dwControlsAccepted = 0;
2058 Service->lpImage->dwImageRunCount--;
2059 if (
Service->lpImage->dwImageRunCount == 0)
2068 DPRINT(
"ScmLoadService() done (Error %lu)\n", dwError);
2079 lpLogStrings[0] =
Service->lpDisplayName;
2080 lpLogStrings[1] = szLogBuffer;
2094 lpLogStrings[0] =
Service->lpServiceName;
2095 lpLogStrings[1] = szLogBuffer;
2103 switch (
Service->dwErrorControl)
2106 if (IsLastKnownGood ==
FALSE)
2113 if (IsLastKnownGood ==
FALSE)
2138 DPRINT(
"ScmStartService() called\n");
2164 DPRINT(
"ScmStartService() done (Error %lu)\n", dwError);
2179 DWORD SafeBootEnabled;
2192 L"SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Option",
2198 dwKeySize =
sizeof(SafeBootEnabled);
2203 (
LPBYTE)&SafeBootEnabled,
2210 SafeBootEnabled = 0;
2223 L"SYSTEM\\CurrentControlSet\\Control\\SafeBoot");
2225 switch (SafeBootEnabled)
2240 if (SafeBootEnabled != 0)
2244 szSafeBootServicePath,
2258 szSafeBootServicePath,
2276 DPRINT1(
"WARNING: Could not open the associated Safe Boot key\n");
2281 ServiceEntry = ServiceEntry->
Flink;
2300 if ((CurrentService->
lpGroup == CurrentGroup) &&
2309 ServiceEntry = ServiceEntry->
Flink;
2319 if ((CurrentService->
lpGroup == CurrentGroup) &&
2327 ServiceEntry = ServiceEntry->
Flink;
2330 GroupEntry = GroupEntry->
Flink;
2347 ServiceEntry = ServiceEntry->
Flink;
2364 ServiceEntry = ServiceEntry->
Flink;
2373 ServiceEntry = ServiceEntry->
Flink;
2387 DPRINT(
"ScmAutoShutdownServices() called\n");
2409 ServiceEntry = ServiceEntry->
Flink;
2415 DPRINT(
"ScmAutoShutdownServices() done\n");
2450 L"SYSTEM\\CurrentControlSet\\Control",
2458 L"ServicesPipeTimeout",
static SERVICE_STATUS_HANDLE(WINAPI *pRegisterServiceCtrlHandlerExA)(LPCSTR
static HANDLE hServicesKey
DWORD ScmReadString(HKEY hServiceKey, LPCWSTR lpValueName, LPWSTR *lpValue)
BOOL ScmIsDeleteFlagSet(HKEY hServiceKey)
DWORD ScmWriteSecurityDescriptor(_In_ HKEY hServiceKey, _In_ PSECURITY_DESCRIPTOR pSecurityDescriptor)
DWORD ScmReadSecurityDescriptor(_In_ HKEY hServiceKey, _Out_ PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
DWORD ScmDeleteRegKey(_In_ HKEY hKey, _In_ PCWSTR pszSubKey)
static BOOL ScmEnableBackupRestorePrivileges(_In_ HANDLE hToken, _In_ BOOL bEnable)
VOID ScmAutoStartServices(VOID)
static PSERVICE_IMAGE ScmGetServiceImageByImagePath(LPWSTR lpImagePath)
static DWORD CreateServiceListEntry(LPCWSTR lpServiceName, HKEY hServiceKey)
PSERVICE ScmGetServiceEntryByResumeCount(DWORD dwResumeCount)
static DWORD ScmSendStartCommand(PSERVICE Service, DWORD argc, LPWSTR *argv)
static DWORD ScmLoadService(PSERVICE Service, DWORD argc, LPWSTR *argv)
VOID ScmRemoveServiceImage(PSERVICE_IMAGE pServiceImage)
VOID ScmUnlockDatabase(VOID)
DWORD ScmControlService(HANDLE hControlPipe, PWSTR pServiceName, SERVICE_STATUS_HANDLE hServiceStatus, DWORD dwControl)
DWORD ScmGenerateServiceTag(PSERVICE lpServiceRecord)
static NTSTATUS ScmCheckDriver(PSERVICE Service)
static BOOL ScmIsSecurityService(_In_ PSERVICE_IMAGE pServiceImage)
DWORD ScmGetServiceNameFromTag(IN PTAG_INFO_NAME_FROM_TAG_IN_PARAMS InParams, OUT PTAG_INFO_NAME_FROM_TAG_OUT_PARAMS *OutParams)
static BOOL ScmIsLocalSystemAccount(_In_ PCWSTR pszAccountName)
VOID ScmInitNamedPipeCriticalSection(VOID)
static DWORD NoInteractiveServices
static DWORD ScmCreateOrReferenceServiceImage(PSERVICE pService)
DWORD ScmCreateServiceDatabase(VOID)
static DWORD ScmLogonService(IN PSERVICE pService, IN PSERVICE_IMAGE pImage)
static RTL_RESOURCE DatabaseLock
VOID ScmDeleteServiceRecord(PSERVICE lpService)
VOID ScmAutoShutdownServices(VOID)
BOOL ScmLockDatabaseExclusive(VOID)
static BOOL ScmIsSameServiceAccount(_In_ PCWSTR pszAccountName1, _In_ PCWSTR pszAccountName2)
VOID ScmGetBootAndSystemDriverState(VOID)
DWORD ScmStartService(PSERVICE Service, DWORD argc, LPWSTR *argv)
DWORD ScmCreateNewServiceRecord(LPCWSTR lpServiceName, PSERVICE *lpServiceRecord, DWORD dwServiceType, DWORD dwStartType)
PSERVICE ScmGetServiceEntryByName(LPCWSTR lpServiceName)
BOOL ScmLockDatabaseShared(VOID)
LIST_ENTRY ServiceListHead
static DWORD ScmCreateNewControlPipe(_In_ PSERVICE_IMAGE pServiceImage, _In_ BOOL bSecurityServiceProcess)
static DWORD ScmStartUserModeService(PSERVICE Service, DWORD argc, LPWSTR *argv)
static DWORD ScmWaitForServiceConnect(PSERVICE Service)
VOID ScmDeleteNamedPipeCriticalSection(VOID)
static VOID ScmGetNoInteractiveServicesValue(VOID)
static CRITICAL_SECTION ControlServiceCriticalSection
VOID ScmDeleteMarkedServices(VOID)
VOID ScmShutdownServiceDatabase(VOID)
PSERVICE ScmGetServiceEntryByDisplayName(LPCWSTR lpDisplayName)
DWORD ScmStartDriver(PSERVICE pService)
DWORD ScmAcquireServiceStartLock(IN BOOL IsServiceController, OUT LPSC_RPC_LOCK lpLock)
DWORD ScmReleaseServiceStartLock(IN OUT LPSC_RPC_LOCK lpLock)
#define IDS_SERVICE_START
PSECURITY_DESCRIPTOR pPipeSD
DWORD ScmCreateDefaultServiceSD(PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
DWORD SetSecurityServicesEvent(VOID)
VOID ScmLogEvent(DWORD dwEventId, WORD wType, WORD wStrings, LPCWSTR *lpStrings)
struct _SERVICE_IMAGE SERVICE_IMAGE
#define RegCloseKey(hKey)
_In_ PFCB _In_ PCD_NAME DirName
_In_ ULONG _In_opt_ WDFREQUEST _In_opt_ PVOID _In_ size_t _In_ PVOID _In_ size_t _Out_ size_t * DataLength
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
#define ERROR_NOT_ENOUGH_MEMORY
BOOL WINAPI CancelIo(IN HANDLE hFile)
#define NT_SUCCESS(StatCode)
BOOL WINAPI LogonUserW(_In_ LPWSTR lpszUsername, _In_opt_ LPWSTR lpszDomain, _In_opt_ LPWSTR lpszPassword, _In_ DWORD dwLogonType, _In_ DWORD dwLogonProvider, _Out_opt_ PHANDLE phToken)
BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessAsUserW(_In_opt_ HANDLE hToken, _In_opt_ LPCWSTR lpApplicationName, _Inout_opt_ LPWSTR lpCommandLine, _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ BOOL bInheritHandles, _In_ DWORD dwCreationFlags, _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCWSTR lpCurrentDirectory, _In_ LPSTARTUPINFOW lpStartupInfo, _Out_ LPPROCESS_INFORMATION lpProcessInformation)
LONG WINAPI RegCreateKeyExW(_In_ HKEY hKey, _In_ LPCWSTR lpSubKey, _In_ DWORD Reserved, _In_opt_ LPWSTR lpClass, _In_ DWORD dwOptions, _In_ REGSAM samDesired, _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes, _Out_ PHKEY phkResult, _Out_opt_ LPDWORD lpdwDisposition)
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
LONG WINAPI RegEnumKeyExW(_In_ HKEY hKey, _In_ DWORD dwIndex, _Out_ LPWSTR lpName, _Inout_ LPDWORD lpcbName, _Reserved_ LPDWORD lpReserved, _Out_opt_ LPWSTR lpClass, _Inout_opt_ LPDWORD lpcbClass, _Out_opt_ PFILETIME lpftLastWriteTime)
LONG WINAPI RegSetValueExW(_In_ HKEY hKey, _In_ LPCWSTR lpValueName, _In_ DWORD Reserved, _In_ DWORD dwType, _In_ CONST BYTE *lpData, _In_ DWORD cbData)
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
BOOL WINAPI ImpersonateLoggedOnUser(HANDLE hToken)
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
#define ERROR_INVALID_PARAMETER
#define ReadFile(a, b, c, d, e)
#define INVALID_HANDLE_VALUE
#define HeapFree(x, y, z)
BOOL WINAPI WriteFile(IN HANDLE hFile, IN LPCVOID lpBuffer, IN DWORD nNumberOfBytesToWrite OPTIONAL, OUT LPDWORD lpNumberOfBytesWritten, IN LPOVERLAPPED lpOverlapped OPTIONAL)
BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessW(LPCWSTR lpApplicationName, LPWSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
DWORD WINAPI ResumeThread(IN HANDLE hThread)
BOOL WINAPI DestroyEnvironmentBlock(IN LPVOID lpEnvironment)
BOOL WINAPI CreateEnvironmentBlock(OUT LPVOID *lpEnvironment, IN HANDLE hToken, IN BOOL bInherit)
BOOL WINAPI LoadUserProfileW(_In_ HANDLE hToken, _Inout_ LPPROFILEINFOW lpProfileInfo)
BOOL WINAPI UnloadUserProfile(_In_ HANDLE hToken, _In_ HANDLE hProfile)
static const WCHAR Cleanup[]
#define RemoveEntryList(Entry)
#define InsertTailList(ListHead, Entry)
#define InitializeListHead(ListHead)
_Must_inspect_result_ _In_ PFSRTL_PER_STREAM_CONTEXT Ptr
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
DWORD ScmCreateGroupList(VOID)
DWORD ScmSetServiceGroup(PSERVICE lpService, LPCWSTR lpGroupName)
_CRTIMP wchar_t *__cdecl _ultow(_In_ unsigned long _Value, _Pre_notnull_ _Post_z_ wchar_t *_Dest, _In_ int _Radix)
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
_CONST_RETURN wchar_t *__cdecl wcsstr(_In_z_ const wchar_t *_Str, _In_z_ const wchar_t *_SubStr)
NTSYSAPI NTSTATUS WINAPI RtlQueryRegistryValues(ULONG, PCWSTR, PRTL_QUERY_REGISTRY_TABLE, PVOID, PVOID)
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
BOOL WINAPI GetOverlappedResult(IN HANDLE hFile, IN LPOVERLAPPED lpOverlapped, OUT LPDWORD lpNumberOfBytesTransferred, IN BOOL bWait)
void *__RPC_USER MIDL_user_allocate(SIZE_T size)
void __RPC_USER MIDL_user_free(void *p)
#define FILE_FLAG_OVERLAPPED
PSDBQUERYRESULT_VISTA PVOID DWORD * dwSize
#define SE_BACKUP_PRIVILEGE
#define SE_RESTORE_PRIVILEGE
#define InitializeObjectAttributes(p, n, a, r, s)
struct _OBJECT_DIRECTORY_INFORMATION OBJECT_DIRECTORY_INFORMATION
NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceShared(_In_ PRTL_RESOURCE Resource, _In_ BOOLEAN Wait)
_In_ PCWSTR _Inout_ _At_ QueryTable _Pre_unknown_ PRTL_QUERY_REGISTRY_TABLE QueryTable
NTSYSAPI VOID NTAPI RtlInitializeResource(_In_ PRTL_RESOURCE Resource)
NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceExclusive(_In_ PRTL_RESOURCE Resource, _In_ BOOLEAN Wait)
NTSYSAPI VOID NTAPI RtlDeleteResource(_In_ PRTL_RESOURCE Resource)
NTSYSAPI VOID NTAPI RtlReleaseResource(_In_ PRTL_RESOURCE Resource)
#define EVENT_SERVICE_DIFFERENT_PID_CONNECTED
#define EVENT_CONNECTION_TIMEOUT
#define EVENT_SERVICE_CONTROL_SUCCESS
#define EVENT_SERVICE_START_FAILED
#define EVENT_READFILE_TIMEOUT
BOOL WINAPI ConnectNamedPipe(IN HANDLE hNamedPipe, IN LPOVERLAPPED lpOverlapped)
HANDLE WINAPI CreateNamedPipeW(LPCWSTR lpName, DWORD dwOpenMode, DWORD dwPipeMode, DWORD nMaxInstances, DWORD nOutBufferSize, DWORD nInBufferSize, DWORD nDefaultTimeOut, LPSECURITY_ATTRIBUTES lpSecurityAttributes)
#define DIRECTORY_TRAVERSE
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define RTL_QUERY_REGISTRY_REQUIRED
#define RTL_QUERY_REGISTRY_DIRECT
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
#define RTL_REGISTRY_SERVICES
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
#define REG_OPENED_EXISTING_KEY
#define REG_OPTION_VOLATILE
#define STATUS_NO_MORE_ENTRIES
NTSTATUS NTAPI NtOpenDirectoryObject(OUT PHANDLE DirectoryHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes)
NTSTATUS NTAPI NtQueryDirectoryObject(IN HANDLE DirectoryHandle, OUT PVOID Buffer, IN ULONG BufferLength, IN BOOLEAN ReturnSingleEntry, IN BOOLEAN RestartScan, IN OUT PULONG Context, OUT PULONG ReturnLength OPTIONAL)
static BOOL bSecurityServiceProcess
_Check_return_ _CRTIMP int __cdecl _wcsicmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
_CRTIMP wchar_t *__cdecl wcscpy(_Out_writes_z_(_String_length_(_Source)+1) wchar_t *_Dest, _In_z_ const wchar_t *_Source)
_CRTIMP wchar_t *__cdecl wcscat(_Inout_updates_z_(_String_length_(_Dest)+_String_length_(_Source)+1) wchar_t *_Dest, _In_z_ const wchar_t *_Source)
_In_ UCHAR _In_ ULONG _Out_ PUCHAR _Outptr_result_bytebuffer_ OutBufferLength PVOID * OutBuffer
struct _SCM_CONTROL_PACKET SCM_CONTROL_PACKET
#define SERVICE_CONTROL_START_OWN
#define SERVICE_CONTROL_START_SHARE
STRSAFEAPI StringCchPrintfW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszFormat,...)
STRSAFEAPI StringCchCatW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
struct _LIST_ENTRY * Flink
DWORD dwServiceNameOffset
SERVICE_STATUS_HANDLE hServiceStatus
LPVOID lpSecurityDescriptor
LIST_ENTRY ImageListEntry
DWORD dwServiceSpecificExitCode
PSECURITY_DESCRIPTOR pSecurityDescriptor
LIST_ENTRY ServiceListEntry
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
DWORD WINAPI WaitForSingleObject(IN HANDLE hHandle, IN DWORD dwMilliseconds)
VOID WINAPI InitializeCriticalSection(OUT LPCRITICAL_SECTION lpCriticalSection)
#define FIELD_OFFSET(t, f)
#define RtlZeroMemory(Destination, Length)
#define CONTAINING_RECORD(address, type, field)
#define ALIGN_UP(size, type)
#define ALIGN_UP_POINTER(ptr, type)
#define STARTF_INHERITDESKTOP
_In_ WDFCOLLECTION _In_ ULONG Index
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
_Must_inspect_result_ _In_opt_ PWDF_OBJECT_ATTRIBUTES _Out_ WDFWAITLOCK * Lock
SERVICE_STATUS_HANDLE hServiceStatus
_In_ LPCSTR _Out_writes_to_opt_ cchDisplayName LPSTR lpDisplayName
DWORD WINAPI GetLastError(void)
#define PIPE_ACCESS_DUPLEX
void WINAPI LeaveCriticalSection(LPCRITICAL_SECTION)
#define CREATE_UNICODE_ENVIRONMENT
#define PIPE_READMODE_MESSAGE
void WINAPI EnterCriticalSection(LPCRITICAL_SECTION)
void WINAPI DeleteCriticalSection(PCRITICAL_SECTION)
#define PIPE_TYPE_MESSAGE
#define LOGON32_LOGON_SERVICE
#define LOGON32_PROVIDER_DEFAULT
BOOL WINAPI RevertToSelf(void)
#define ERROR_SERVICE_LOGON_FAILED
#define ERROR_SERVICE_ALREADY_RUNNING
#define ERROR_SERVICE_NEVER_STARTED
#define ERROR_NOT_ALL_ASSIGNED
#define ERROR_DIFFERENT_SERVICE_ACCOUNT
#define ERROR_SERVICE_DISABLED
#define ERROR_SERVICE_REQUEST_TIMEOUT
#define ERROR_INVALID_DATA
#define ERROR_PIPE_CONNECTED
#define EVENTLOG_ERROR_TYPE
#define EVENTLOG_INFORMATION_TYPE
#define EVENTLOG_WARNING_TYPE
#define HKEY_LOCAL_MACHINE
#define SERVICE_ACCEPT_STOP
#define SERVICE_CONTROL_SHUTDOWN
#define SERVICE_START_PENDING
#define SERVICE_ACCEPT_SHUTDOWN
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
#define SERVICE_KERNEL_DRIVER
#define SERVICE_WIN32_SHARE_PROCESS
#define SERVICE_ERROR_SEVERE
#define SERVICE_INTERACTIVE_PROCESS
#define SERVICE_AUTO_START
#define SERVICE_BOOT_START
#define SERVICE_ERROR_CRITICAL
#define SERVICE_WIN32_OWN_PROCESS
#define SERVICE_SYSTEM_START
#define SERVICE_FILE_SYSTEM_DRIVER
#define SERVICE_ERROR_IGNORE
struct _TOKEN_PRIVILEGES TOKEN_PRIVILEGES
#define SE_PRIVILEGE_ENABLED