48 return (
wcsstr(pServiceImage->pszImagePath,
L"\\system32\\lsass.exe") !=
NULL);
60 DWORD dwServiceCurrent = 1;
61 DWORD dwKeyDisposition;
70 L"SYSTEM\\CurrentControlSet\\Control\\ServiceCurrent",
80 DPRINT1(
"RegCreateKeyEx() failed with error %lu\n", dwError);
86 dwKeySize =
sizeof(
DWORD);
91 (
BYTE*)&dwServiceCurrent,
96 DPRINT1(
"RegQueryValueEx() failed with error %lu\n", dwError);
107 (
BYTE*)&dwServiceCurrent,
108 sizeof(dwServiceCurrent));
114 DPRINT1(
"RegSetValueExW() failed (Error %lu)\n", dwError);
120 dwServiceCurrent = 0;
125 L"\\\\.\\pipe\\net\\NtControlPipe%lu", dwServiceCurrent);
127 DPRINT(
"PipeName: %S\n", szControlPipeName);
129 SecurityAttributes.
nLength =
sizeof(SecurityAttributes);
140 &SecurityAttributes);
141 DPRINT(
"CreateNamedPipeW(%S) done\n", szControlPipeName);
144 DPRINT1(
"Failed to create control pipe\n");
158 DPRINT(
"ScmGetServiceImageByImagePath(%S) called\n", lpImagePath);
172 ImageEntry = ImageEntry->
Flink;
175 DPRINT(
"Couldn't find a matching image\n");
207 CurrentImage = CurrentService->
lpImage;
215 ServiceEntry = ServiceEntry->
Flink;
274 if (pszAccountName1 ==
NULL &&
275 pszAccountName2 ==
NULL)
278 if (pszAccountName1 ==
NULL &&
279 pszAccountName2 !=
NULL &&
280 _wcsicmp(pszAccountName2,
L"LocalSystem") == 0)
283 if (pszAccountName1 !=
NULL &&
284 pszAccountName2 ==
NULL &&
285 _wcsicmp(pszAccountName1,
L"LocalSystem") == 0)
288 if (pszAccountName1 !=
NULL &&
289 pszAccountName2 !=
NULL &&
290 _wcsicmp(pszAccountName1, pszAccountName2) == 0)
302 if (pszAccountName ==
NULL ||
303 _wcsicmp(pszAccountName,
L"LocalSystem") == 0)
320 DPRINT(
"ScmEnableBackupRestorePrivileges(%p %d)\n", hToken,
bEnable);
324 if (pTokenPrivileges ==
NULL)
326 DPRINT1(
"Failed to allocate privilege buffer\n");
345 DPRINT1(
"AdjustTokenPrivileges() succeeded, but with not all privileges assigned\n");
350 if (pTokenPrivileges !=
NULL)
370 DPRINT(
"ScmLogonService(%p %p)\n", pService, pImage);
371 DPRINT(
"Service %S\n", pService->lpServiceName);
381 pszUserName =
ptr + 1;
382 pszDomainName = pImage->pszAccountName;
387 pszUserName = pImage->pszAccountName;
388 pszDomainName =
NULL;
394 (
wcslen(pService->lpServiceName) + 5) *
sizeof(
WCHAR));
395 if (pszPassword ==
NULL)
402 wcscat(pszPassword, pService->lpServiceName);
404 DPRINT(
"Domain: %S User: %S Password: %S\n", pszDomainName, pszUserName, pszPassword);
415 DPRINT1(
"LogonUserW() failed (Error %lu)\n", dwError);
423 ZeroMemory(&ProfileInfo,
sizeof(ProfileInfo));
424 ProfileInfo.
dwSize =
sizeof(ProfileInfo);
440 DPRINT1(
"LoadUserProfileW() failed (Error %lu)\n", dwError);
444 pImage->hProfile = ProfileInfo.
hProfile;
447 if (pszPassword !=
NULL)
468 BOOL bSecurityService;
470 DPRINT(
"ScmCreateOrReferenceServiceImage(%p)\n", pService);
493 DPRINT1(
"RtlQueryRegistryValues() failed (Status %lx)\n",
Status);
497 DPRINT(
"ImagePath: '%wZ'\n", &ImagePath);
501 if (pServiceImage ==
NULL)
511 if (pServiceImage ==
NULL)
542 DPRINT1(
"ScmLogonService() failed (Error %lu)\n", dwError);
557 DPRINT1(
"ScmCreateNewControlPipe() failed (Error %lu)\n", dwError);
577 if (bSecurityService)
609 pService->
lpImage = pServiceImage;
615 DPRINT(
"ScmCreateOrReferenceServiceImage() done (Error: %lu)\n", dwError);
624 DPRINT1(
"ScmRemoveServiceImage() called\n");
662 DPRINT(
"ScmGetServiceEntryByName() called\n");
673 return CurrentService;
676 ServiceEntry = ServiceEntry->
Flink;
679 DPRINT(
"Couldn't find a matching service\n");
691 DPRINT(
"ScmGetServiceEntryByDisplayName() called\n");
702 return CurrentService;
705 ServiceEntry = ServiceEntry->
Flink;
708 DPRINT(
"Couldn't find a matching service\n");
720 DPRINT(
"ScmGetServiceEntryByResumeCount() called\n");
731 return CurrentService;
734 ServiceEntry = ServiceEntry->
Flink;
737 DPRINT(
"Couldn't find a matching service\n");
774 DPRINT(
"Service: '%S'\n", lpServiceName);
780 if (lpService ==
NULL)
783 *lpServiceRecord = lpService;
858 DWORD dwServiceState,
867 DWORD dwServicesReturned = 0;
874 L"System\\CurrentControlSet\\Services",
880 DPRINT1(
"Failed to open services key\n");
890 &dwServicesReturned);
895 DPRINT1(
"Deletion failed due to running dependencies\n");
910 DPRINT1(
"Failed to delete the Service Registry key\n");
966 DWORD dwErrorControl;
969 DPRINT(
"Service: '%S'\n", lpServiceName);
970 if (*lpServiceName ==
L'{')
989 DPRINT(
"Service type: %lx\n", dwServiceType);
1001 DPRINT(
"Start type: %lx\n", dwStartType);
1013 DPRINT(
"Error control: %lx\n", dwErrorControl);
1024 DPRINT(
"Tag: %lx\n", dwTagId);
1032 DPRINT(
"Group: %S\n", lpGroup);
1050 lpService->
dwTag = dwTagId;
1052 if (lpGroup !=
NULL)
1070 DPRINT(
"Start %lx Type %lx Tag %lx ErrorControl %lx\n",
1091 DPRINT(
"No security descriptor found! Assign default security descriptor\n");
1104 if (lpGroup !=
NULL)
1110 if (lpService !=
NULL)
1132 ServiceEntry = ServiceEntry->
Flink;
1137 L"System\\CurrentControlSet\\Services",
1168 L"SYSTEM\\CurrentControlSet\\Control\\Windows",
1176 L"NoInteractiveServices",
1193 DWORD dwSubKeyLength;
1197 DPRINT(
"ScmCreateServiceDatabase() called\n");
1215 L"System\\CurrentControlSet\\Services",
1235 szSubKey[0] !=
L'{')
1237 DPRINT(
"SubKeyName: '%S'\n", szSubKey);
1267 DPRINT(
"ScmCreateServiceDatabase() done\n");
1276 DPRINT(
"ScmShutdownServiceDatabase() called\n");
1281 DPRINT(
"ScmShutdownServiceDatabase() done\n");
1297 DPRINT(
"ScmCheckDriver(%S) called\n",
Service->lpServiceName);
1353 DPRINT(
"Found: '%S' '%wZ'\n",
1360 Service->Status.dwServiceSpecificExitCode = 0;
1361 Service->Status.dwCheckPoint = 0;
1362 Service->Status.dwWaitHint = 0;
1389 DPRINT(
"ScmGetBootAndSystemDriverState() called\n");
1405 ServiceEntry = ServiceEntry->
Flink;
1408 DPRINT(
"ScmGetBootAndSystemDriverState() done\n");
1433 DWORD dwReadCount = 0;
1436 DPRINT(
"ScmControlService(%S, %d) called\n", pServiceName, dwControl);
1485 PWSTR *pOffPtr, pArgPtr;
1494 DPRINT(
"dwArgumentsCount: %lu\n", ControlPacket->dwArgumentsCount);
1495 DPRINT(
"dwArgumentsOffset: %lu\n", ControlPacket->dwArgumentsOffset);
1501 DPRINT(
"offset[%lu]: %p\n",
i, pOffPtr[
i]);
1513 sizeof(ReplyPacket),
1522 DPRINT1(
"TransactNamedPipe(%S, %d) failed (Error %lu)\n", pServiceName, dwControl, dwError);
1526 DPRINT(
"TransactNamedPipe(%S, %d) returned ERROR_IO_PENDING\n", pServiceName, dwControl);
1529 DPRINT(
"WaitForSingleObject(%S, %d) returned %lu\n", pServiceName, dwControl, dwError);
1533 DPRINT1(
"WaitForSingleObject(%S, %d) timed out\n", pServiceName, dwControl);
1536 DPRINT1(
"CancelIo(%S, %d) failed (Error %lu)\n", pServiceName, dwControl,
GetLastError());
1549 DPRINT1(
"GetOverlappedResult(%S, %d) failed (Error %lu)\n", pServiceName, dwControl, dwError);
1561 if (dwReadCount ==
sizeof(ReplyPacket))
1562 dwError = ReplyPacket.
dwError;
1564 DPRINT(
"ScmControlService(%S, %d) done (Error %lu)\n", pServiceName, dwControl, dwError);
1587 DWORD dwProcessId = 0;
1593 WCHAR szBuffer1[20];
1594 WCHAR szBuffer2[20];
1597 DPRINT(
"ScmWaitForServiceConnect()\n");
1601 if (bResult ==
FALSE)
1603 DPRINT(
"ConnectNamedPipe() returned FALSE\n");
1608 DPRINT(
"dwError: ERROR_IO_PENDING\n");
1612 DPRINT(
"WaitForSingleObject() returned %lu\n", dwError);
1616 DPRINT(
"WaitForSingleObject() returned WAIT_TIMEOUT\n");
1619 if (bResult ==
FALSE)
1626 lpLogStrings[0] =
Service->lpDisplayName;
1627 lpLogStrings[1] = szBuffer1;
1634 DPRINT1(
"Log EVENT_CONNECTION_TIMEOUT by %S\n",
Service->lpDisplayName);
1644 if (bResult ==
FALSE)
1647 DPRINT1(
"GetOverlappedResult failed (Error %lu)\n", dwError);
1655 DPRINT1(
"ConnectNamedPipe failed (Error %lu)\n", dwError);
1660 DPRINT(
"Control pipe connected\n");
1670 if (bResult ==
FALSE)
1672 DPRINT(
"ReadFile() returned FALSE\n");
1677 DPRINT(
"dwError: ERROR_IO_PENDING\n");
1683 DPRINT(
"WaitForSingleObject() returned WAIT_TIMEOUT\n");
1686 if (bResult ==
FALSE)
1693 lpLogStrings[0] = szBuffer1;
1700 DPRINT1(
"Log EVENT_READFILE_TIMEOUT by %S\n",
Service->lpDisplayName);
1706 DPRINT(
"WaitForSingleObject() returned WAIT_OBJECT_0\n");
1708 DPRINT(
"Process Id: %lu\n", dwProcessId);
1714 if (bResult ==
FALSE)
1717 DPRINT1(
"GetOverlappedResult() failed (Error %lu)\n", dwError);
1724 DPRINT1(
"WaitForSingleObject() returned %lu\n", dwError);
1729 DPRINT1(
"ReadFile() failed (Error %lu)\n", dwError);
1735 (dwProcessId !=
Service->lpImage->dwProcessId))
1739 _ultow(dwProcessId, szBuffer2, 10);
1741 lpLogStrings[0] =
Service->lpDisplayName;
1742 lpLogStrings[1] = szBuffer1;
1743 lpLogStrings[2] = szBuffer2;
1751 DPRINT1(
"Log EVENT_SERVICE_DIFFERENT_PID_CONNECTED by %S\n",
Service->lpDisplayName);
1754 DPRINT(
"ScmWaitForServiceConnect() done\n");
1774 if (
Service->lpImage->dwImageRunCount > 1)
1778 ZeroMemory(&StartupInfo,
sizeof(StartupInfo));
1779 StartupInfo.
cb =
sizeof(StartupInfo);
1780 ZeroMemory(&ProcessInformation,
sizeof(ProcessInformation));
1789 DPRINT1(
"CreateEnvironmentBlock() failed with error %d; service '%S' will run with current environment\n",
1791 lpEnvironment =
NULL;
1801 Service->lpImage->pszImagePath,
1809 &ProcessInformation);
1819 DPRINT1(
"ImpersonateLoggedOnUser() failed with error %d\n", dwError);
1829 DPRINT1(
"CreateEnvironmentBlock() failed with error %d; service '%S' will run with current environment\n",
1831 lpEnvironment =
NULL;
1845 Service->lpImage->pszImagePath,
1853 &ProcessInformation);
1869 DPRINT1(
"Starting '%S' failed with error %d\n",
1870 Service->lpServiceName, dwError);
1874 DPRINT(
"Process Id: %lu Handle %p\n",
1877 DPRINT(
"Thread Id: %lu Handle %p\n",
1893 DPRINT1(
"Connecting control pipe failed! (Error %lu)\n", dwError);
1894 Service->lpImage->dwProcessId = 0;
1918 WCHAR szLogBuffer[80];
1920 DPRINT(
"ScmLoadService() called\n");
1925 DPRINT(
"Service %S is already running\n",
Service->lpServiceName);
1929 DPRINT(
"Service->Type: %lu\n",
Service->Status.dwServiceType);
1946 Service->Status.dwControlsAccepted = 0;
1951 Service->lpImage->dwImageRunCount--;
1952 if (
Service->lpImage->dwImageRunCount == 0)
1961 DPRINT(
"ScmLoadService() done (Error %lu)\n", dwError);
1972 lpLogStrings[0] =
Service->lpDisplayName;
1973 lpLogStrings[1] = szLogBuffer;
1987 lpLogStrings[0] =
Service->lpServiceName;
1988 lpLogStrings[1] = szLogBuffer;
1996 switch (
Service->dwErrorControl)
1999 if (IsLastKnownGood ==
FALSE)
2006 if (IsLastKnownGood ==
FALSE)
2031 DPRINT(
"ScmStartService() called\n");
2058 DPRINT(
"ScmStartService() done (Error %lu)\n", dwError);
2073 DWORD SafeBootEnabled;
2086 L"SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Option",
2092 dwKeySize =
sizeof(SafeBootEnabled);
2097 (
LPBYTE)&SafeBootEnabled,
2104 SafeBootEnabled = 0;
2117 L"SYSTEM\\CurrentControlSet\\Control\\SafeBoot");
2119 switch (SafeBootEnabled)
2134 if (SafeBootEnabled != 0)
2138 szSafeBootServicePath,
2152 szSafeBootServicePath,
2170 DPRINT1(
"WARNING: Could not open the associated Safe Boot key\n");
2175 ServiceEntry = ServiceEntry->
Flink;
2194 if ((CurrentService->
lpGroup == CurrentGroup) &&
2203 ServiceEntry = ServiceEntry->
Flink;
2213 if ((CurrentService->
lpGroup == CurrentGroup) &&
2221 ServiceEntry = ServiceEntry->
Flink;
2224 GroupEntry = GroupEntry->
Flink;
2241 ServiceEntry = ServiceEntry->
Flink;
2258 ServiceEntry = ServiceEntry->
Flink;
2267 ServiceEntry = ServiceEntry->
Flink;
2281 DPRINT(
"ScmAutoShutdownServices() called\n");
2303 ServiceEntry = ServiceEntry->
Flink;
2309 DPRINT(
"ScmAutoShutdownServices() done\n");
2344 L"SYSTEM\\CurrentControlSet\\Control",
2352 L"ServicesPipeTimeout",
static SERVICE_STATUS_HANDLE(WINAPI *pRegisterServiceCtrlHandlerExA)(LPCSTR
#define InterlockedIncrement
#define InterlockedDecrement
static HANDLE hServicesKey
DWORD ScmReadString(HKEY hServiceKey, LPCWSTR lpValueName, LPWSTR *lpValue)
BOOL ScmIsDeleteFlagSet(HKEY hServiceKey)
DWORD ScmWriteSecurityDescriptor(_In_ HKEY hServiceKey, _In_ PSECURITY_DESCRIPTOR pSecurityDescriptor)
DWORD ScmReadSecurityDescriptor(_In_ HKEY hServiceKey, _Out_ PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
DWORD ScmDeleteRegKey(_In_ HKEY hKey, _In_ PCWSTR pszSubKey)
static BOOL ScmEnableBackupRestorePrivileges(_In_ HANDLE hToken, _In_ BOOL bEnable)
DWORD ScmControlService(_In_ HANDLE hControlPipe, _In_ PCWSTR pServiceName, _In_ DWORD dwControl, _In_ SERVICE_STATUS_HANDLE hServiceStatus)
DWORD ScmControlServiceEx(_In_ HANDLE hControlPipe, _In_ PCWSTR pServiceName, _In_ DWORD dwControl, _In_ SERVICE_STATUS_HANDLE hServiceStatus, _In_opt_ DWORD dwServiceTag, _In_opt_ DWORD argc, _In_reads_opt_(argc) const PCWSTR *argv)
VOID ScmAutoStartServices(VOID)
static PSERVICE_IMAGE ScmGetServiceImageByImagePath(LPWSTR lpImagePath)
static DWORD ScmStartUserModeService(PSERVICE Service, DWORD argc, const PCWSTR *argv)
static DWORD CreateServiceListEntry(LPCWSTR lpServiceName, HKEY hServiceKey)
PSERVICE ScmGetServiceEntryByResumeCount(DWORD dwResumeCount)
VOID ScmRemoveServiceImage(PSERVICE_IMAGE pServiceImage)
VOID ScmUnlockDatabase(VOID)
DWORD ScmGenerateServiceTag(PSERVICE lpServiceRecord)
static DWORD ScmLoadService(PSERVICE Service, DWORD argc, const PCWSTR *argv)
static NTSTATUS ScmCheckDriver(PSERVICE Service)
static BOOL ScmIsSecurityService(_In_ PSERVICE_IMAGE pServiceImage)
DWORD ScmGetServiceNameFromTag(IN PTAG_INFO_NAME_FROM_TAG_IN_PARAMS InParams, OUT PTAG_INFO_NAME_FROM_TAG_OUT_PARAMS *OutParams)
static BOOL ScmIsLocalSystemAccount(_In_ PCWSTR pszAccountName)
VOID ScmInitNamedPipeCriticalSection(VOID)
DWORD ScmReferenceService(PSERVICE lpService)
static DWORD NoInteractiveServices
static DWORD ScmCreateOrReferenceServiceImage(PSERVICE pService)
DWORD ScmCreateServiceDatabase(VOID)
DWORD ScmStartService(PSERVICE Service, DWORD argc, const PCWSTR *argv)
static DWORD ScmLogonService(IN PSERVICE pService, IN PSERVICE_IMAGE pImage)
static RTL_RESOURCE DatabaseLock
VOID ScmDeleteServiceRecord(PSERVICE lpService)
VOID ScmAutoShutdownServices(VOID)
BOOL ScmLockDatabaseExclusive(VOID)
static BOOL ScmIsSameServiceAccount(_In_ PCWSTR pszAccountName1, _In_ PCWSTR pszAccountName2)
VOID ScmGetBootAndSystemDriverState(VOID)
DWORD ScmDereferenceService(PSERVICE lpService)
DWORD ScmCreateNewServiceRecord(LPCWSTR lpServiceName, PSERVICE *lpServiceRecord, DWORD dwServiceType, DWORD dwStartType)
PSERVICE ScmGetServiceEntryByName(LPCWSTR lpServiceName)
BOOL ScmLockDatabaseShared(VOID)
LIST_ENTRY ServiceListHead
DWORD Int_EnumDependentServicesW(HKEY hServicesKey, PSERVICE lpService, DWORD dwServiceState, PSERVICE *lpServices, LPDWORD pcbBytesNeeded, LPDWORD lpServicesReturned)
static DWORD ScmCreateNewControlPipe(_In_ PSERVICE_IMAGE pServiceImage, _In_ BOOL bSecurityServiceProcess)
static DWORD ScmWaitForServiceConnect(PSERVICE Service)
VOID ScmDeleteNamedPipeCriticalSection(VOID)
static VOID ScmGetNoInteractiveServicesValue(VOID)
static CRITICAL_SECTION ControlServiceCriticalSection
VOID ScmDeleteMarkedServices(VOID)
DWORD ScmDeleteService(PSERVICE lpService)
VOID ScmShutdownServiceDatabase(VOID)
PSERVICE ScmGetServiceEntryByDisplayName(LPCWSTR lpDisplayName)
DWORD ScmStartDriver(PSERVICE pService)
DWORD ScmAcquireServiceStartLock(IN BOOL IsServiceController, OUT LPSC_RPC_LOCK lpLock)
DWORD ScmReleaseServiceStartLock(IN OUT LPSC_RPC_LOCK lpLock)
#define IDS_SERVICE_START
PSECURITY_DESCRIPTOR pPipeSD
DWORD ScmCreateDefaultServiceSD(PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
DWORD SetSecurityServicesEvent(VOID)
VOID ScmLogEvent(DWORD dwEventId, WORD wType, WORD wStrings, LPCWSTR *lpStrings)
struct _SERVICE_IMAGE SERVICE_IMAGE
#define RegCloseKey(hKey)
_In_ PFCB _In_ PCD_NAME DirName
_In_ ULONG _In_opt_ WDFREQUEST _In_opt_ PVOID _In_ size_t _In_ PVOID _In_ size_t _Out_ size_t * DataLength
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
#define ERROR_NOT_ENOUGH_MEMORY
BOOL WINAPI CancelIo(IN HANDLE hFile)
#define NT_SUCCESS(StatCode)
BOOL WINAPI LogonUserW(_In_ LPWSTR lpszUsername, _In_opt_ LPWSTR lpszDomain, _In_opt_ LPWSTR lpszPassword, _In_ DWORD dwLogonType, _In_ DWORD dwLogonProvider, _Out_opt_ PHANDLE phToken)
BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessAsUserW(_In_opt_ HANDLE hToken, _In_opt_ LPCWSTR lpApplicationName, _Inout_opt_ LPWSTR lpCommandLine, _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ BOOL bInheritHandles, _In_ DWORD dwCreationFlags, _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCWSTR lpCurrentDirectory, _In_ LPSTARTUPINFOW lpStartupInfo, _Out_ LPPROCESS_INFORMATION lpProcessInformation)
LONG WINAPI RegCreateKeyExW(_In_ HKEY hKey, _In_ LPCWSTR lpSubKey, _In_ DWORD Reserved, _In_opt_ LPWSTR lpClass, _In_ DWORD dwOptions, _In_ REGSAM samDesired, _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes, _Out_ PHKEY phkResult, _Out_opt_ LPDWORD lpdwDisposition)
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
LONG WINAPI RegEnumKeyExW(_In_ HKEY hKey, _In_ DWORD dwIndex, _Out_ LPWSTR lpName, _Inout_ LPDWORD lpcbName, _Reserved_ LPDWORD lpReserved, _Out_opt_ LPWSTR lpClass, _Inout_opt_ LPDWORD lpcbClass, _Out_opt_ PFILETIME lpftLastWriteTime)
LONG WINAPI RegSetValueExW(_In_ HKEY hKey, _In_ LPCWSTR lpValueName, _In_ DWORD Reserved, _In_ DWORD dwType, _In_ CONST BYTE *lpData, _In_ DWORD cbData)
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
BOOL WINAPI ImpersonateLoggedOnUser(HANDLE hToken)
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
#define ERROR_INVALID_PARAMETER
#define ReadFile(a, b, c, d, e)
#define INVALID_HANDLE_VALUE
#define HeapFree(x, y, z)
BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessW(LPCWSTR lpApplicationName, LPWSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation)
DWORD WINAPI ResumeThread(IN HANDLE hThread)
BOOL WINAPI DestroyEnvironmentBlock(IN LPVOID lpEnvironment)
BOOL WINAPI CreateEnvironmentBlock(OUT LPVOID *lpEnvironment, IN HANDLE hToken, IN BOOL bInherit)
BOOL WINAPI LoadUserProfileW(_In_ HANDLE hToken, _Inout_ LPPROFILEINFOW lpProfileInfo)
BOOL WINAPI UnloadUserProfile(_In_ HANDLE hToken, _In_ HANDLE hProfile)
static const WCHAR Cleanup[]
#define RemoveEntryList(Entry)
#define InsertTailList(ListHead, Entry)
#define InitializeListHead(ListHead)
_Must_inspect_result_ _In_ PFSRTL_PER_STREAM_CONTEXT Ptr
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
DWORD ScmCreateGroupList(VOID)
DWORD ScmSetServiceGroup(PSERVICE lpService, LPCWSTR lpGroupName)
_CRTIMP wchar_t *__cdecl _ultow(_In_ unsigned long _Value, _Pre_notnull_ _Post_z_ wchar_t *_Dest, _In_ int _Radix)
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
_CONST_RETURN wchar_t *__cdecl wcsstr(_In_z_ const wchar_t *_Str, _In_z_ const wchar_t *_SubStr)
NTSYSAPI NTSTATUS WINAPI RtlQueryRegistryValues(ULONG, PCWSTR, PRTL_QUERY_REGISTRY_TABLE, PVOID, PVOID)
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
BOOL WINAPI GetOverlappedResult(IN HANDLE hFile, IN LPOVERLAPPED lpOverlapped, OUT LPDWORD lpNumberOfBytesTransferred, IN BOOL bWait)
void *__RPC_USER MIDL_user_allocate(SIZE_T size)
void __RPC_USER MIDL_user_free(void *p)
#define FILE_FLAG_OVERLAPPED
PSDBQUERYRESULT_VISTA PVOID DWORD * dwSize
#define SE_BACKUP_PRIVILEGE
#define SE_RESTORE_PRIVILEGE
#define InitializeObjectAttributes(p, n, a, r, s)
struct _OBJECT_DIRECTORY_INFORMATION OBJECT_DIRECTORY_INFORMATION
NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceShared(_In_ PRTL_RESOURCE Resource, _In_ BOOLEAN Wait)
_In_ PCWSTR _Inout_ _At_ QueryTable _Pre_unknown_ PRTL_QUERY_REGISTRY_TABLE QueryTable
NTSYSAPI VOID NTAPI RtlInitializeResource(_In_ PRTL_RESOURCE Resource)
NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceExclusive(_In_ PRTL_RESOURCE Resource, _In_ BOOLEAN Wait)
NTSYSAPI VOID NTAPI RtlDeleteResource(_In_ PRTL_RESOURCE Resource)
NTSYSAPI VOID NTAPI RtlReleaseResource(_In_ PRTL_RESOURCE Resource)
#define EVENT_SERVICE_DIFFERENT_PID_CONNECTED
#define EVENT_CONNECTION_TIMEOUT
#define EVENT_SERVICE_CONTROL_SUCCESS
#define EVENT_SERVICE_START_FAILED
#define EVENT_READFILE_TIMEOUT
#define _In_reads_opt_(s)
BOOL WINAPI ConnectNamedPipe(IN HANDLE hNamedPipe, IN LPOVERLAPPED lpOverlapped)
BOOL WINAPI TransactNamedPipe(IN HANDLE hNamedPipe, IN LPVOID lpInBuffer, IN DWORD nInBufferSize, OUT LPVOID lpOutBuffer, IN DWORD nOutBufferSize, OUT LPDWORD lpBytesRead OPTIONAL, IN LPOVERLAPPED lpOverlapped OPTIONAL)
HANDLE WINAPI CreateNamedPipeW(LPCWSTR lpName, DWORD dwOpenMode, DWORD dwPipeMode, DWORD nMaxInstances, DWORD nOutBufferSize, DWORD nInBufferSize, DWORD nDefaultTimeOut, LPSECURITY_ATTRIBUTES lpSecurityAttributes)
#define DIRECTORY_TRAVERSE
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define RTL_QUERY_REGISTRY_REQUIRED
#define RTL_QUERY_REGISTRY_DIRECT
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
#define RTL_REGISTRY_SERVICES
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
#define REG_OPENED_EXISTING_KEY
#define REG_OPTION_VOLATILE
#define STATUS_NO_MORE_ENTRIES
NTSTATUS NTAPI NtOpenDirectoryObject(OUT PHANDLE DirectoryHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes)
NTSTATUS NTAPI NtQueryDirectoryObject(IN HANDLE DirectoryHandle, OUT PVOID Buffer, IN ULONG BufferLength, IN BOOLEAN ReturnSingleEntry, IN BOOLEAN RestartScan, IN OUT PULONG Context, OUT PULONG ReturnLength OPTIONAL)
static BOOL bSecurityServiceProcess
_Check_return_ _CRTIMP int __cdecl _wcsicmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
_CRTIMP wchar_t *__cdecl wcscpy(_Out_writes_z_(_String_length_(_Source)+1) wchar_t *_Dest, _In_z_ const wchar_t *_Source)
_CRTIMP wchar_t *__cdecl wcscat(_Inout_updates_z_(_String_length_(_Dest)+_String_length_(_Source)+1) wchar_t *_Dest, _In_z_ const wchar_t *_Source)
_In_ UCHAR _In_ ULONG _Out_ PUCHAR _Outptr_result_bytebuffer_ OutBufferLength PVOID * OutBuffer
struct _SCM_CONTROL_PACKET SCM_CONTROL_PACKET
#define SERVICE_CONTROL_START_OWN
#define SERVICE_CONTROL_START_SHARE
STRSAFEAPI StringCchPrintfW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszFormat,...)
STRSAFEAPI StringCchCatW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
struct _LIST_ENTRY * Flink
DWORD dwServiceNameOffset
SERVICE_STATUS_HANDLE hServiceStatus
LPVOID lpSecurityDescriptor
LIST_ENTRY ImageListEntry
DWORD dwServiceSpecificExitCode
PSECURITY_DESCRIPTOR pSecurityDescriptor
LIST_ENTRY ServiceListEntry
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
DWORD WINAPI WaitForSingleObject(IN HANDLE hHandle, IN DWORD dwMilliseconds)
VOID WINAPI InitializeCriticalSection(OUT LPCRITICAL_SECTION lpCriticalSection)
#define FIELD_OFFSET(t, f)
#define RtlZeroMemory(Destination, Length)
#define CONTAINING_RECORD(address, type, field)
#define ALIGN_UP(size, type)
#define ALIGN_UP_POINTER(ptr, type)
#define STARTF_INHERITDESKTOP
_In_ WDFCOLLECTION _In_ ULONG Index
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
_Must_inspect_result_ _In_opt_ PWDF_OBJECT_ATTRIBUTES _Out_ WDFWAITLOCK * Lock
SERVICE_STATUS_HANDLE hServiceStatus
_In_ LPCSTR _Out_writes_to_opt_ cchDisplayName LPSTR lpDisplayName
DWORD WINAPI GetLastError(void)
#define PIPE_ACCESS_DUPLEX
void WINAPI LeaveCriticalSection(LPCRITICAL_SECTION)
#define CREATE_UNICODE_ENVIRONMENT
#define PIPE_READMODE_MESSAGE
void WINAPI EnterCriticalSection(LPCRITICAL_SECTION)
void WINAPI DeleteCriticalSection(PCRITICAL_SECTION)
#define PIPE_TYPE_MESSAGE
#define LOGON32_LOGON_SERVICE
#define LOGON32_PROVIDER_DEFAULT
BOOL WINAPI RevertToSelf(void)
#define ERROR_SERVICE_LOGON_FAILED
#define ERROR_SERVICE_ALREADY_RUNNING
#define ERROR_SERVICE_NEVER_STARTED
#define ERROR_NOT_ALL_ASSIGNED
#define ERROR_DIFFERENT_SERVICE_ACCOUNT
#define ERROR_DEPENDENT_SERVICES_RUNNING
#define ERROR_SERVICE_DISABLED
#define ERROR_SERVICE_REQUEST_TIMEOUT
#define ERROR_INVALID_DATA
#define ERROR_PIPE_CONNECTED
#define EVENTLOG_ERROR_TYPE
#define EVENTLOG_INFORMATION_TYPE
#define EVENTLOG_WARNING_TYPE
#define HKEY_LOCAL_MACHINE
#define SERVICE_ACCEPT_STOP
_In_ DWORD _In_ DWORD _Out_ LPDWORD pcbBytesNeeded
#define SERVICE_CONTROL_SHUTDOWN
#define SERVICE_START_PENDING
#define SERVICE_ACCEPT_SHUTDOWN
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
#define SERVICE_KERNEL_DRIVER
#define SERVICE_WIN32_SHARE_PROCESS
#define SERVICE_ERROR_SEVERE
#define SERVICE_INTERACTIVE_PROCESS
#define SERVICE_AUTO_START
#define SERVICE_BOOT_START
#define SERVICE_ERROR_CRITICAL
#define SERVICE_WIN32_OWN_PROCESS
#define SERVICE_SYSTEM_START
#define SERVICE_FILE_SYSTEM_DRIVER
#define SERVICE_ERROR_IGNORE
struct _TOKEN_PRIVILEGES TOKEN_PRIVILEGES
#define SE_PRIVILEGE_ENABLED