ReactOS 0.4.16-dev-1946-g52006dd
Macros | Functions
service.c File Reference
#include <apitest.h>
#include <windef.h>
#include <winbase.h>
#include <wingdi.h>
#include <winreg.h>
#include <winsvc.h>
#include <winspool.h>
#include <winsplp.h>
#include <tlhelp32.h>
#include "localspl_apitest.h"
#include <debug.h>
Include dependency graph for service.c:

Go to the source code of this file.

Macros

#define WIN32_NO_STATUS
 

Functions

static void _DoDLLInjection ()
 
static DWORD WINAPI _ServiceControlHandlerEx (DWORD dwControl, DWORD dwEventType, LPVOID lpEventData, LPVOID lpContext)
 
static void WINAPI _ServiceMain (DWORD dwArgc, LPWSTR *lpszArgv)
 
 START_TEST (service)
 

Macro Definition Documentation

◆ WIN32_NO_STATUS

#define WIN32_NO_STATUS

Definition at line 10 of file service.c.

Function Documentation

◆ _DoDLLInjection()

static void _DoDLLInjection ( )
static

Definition at line 27 of file service.c.

28{
29 DWORD cbDLLPath;
30 HANDLE hProcess;
31 HANDLE hSnapshot;
32 HANDLE hThread;
33 PROCESSENTRY32W pe;
34 PVOID pLoadLibraryAddress;
35 PVOID pLoadLibraryArgument;
36 PWSTR p;
37 WCHAR wszFilePath[MAX_PATH];
38
39 // Get the full path to our EXE file.
40 if (!GetModuleFileNameW(NULL, wszFilePath, _countof(wszFilePath)))
41 {
42 DPRINT("GetModuleFileNameW failed with error %lu!\n", GetLastError());
43 return;
44 }
45
46 // Replace the extension.
47 p = wcsrchr(wszFilePath, L'.');
48 if (!p)
49 {
50 DPRINT("File path has no file extension: %S\n", wszFilePath);
51 return;
52 }
53
54 wcscpy(p, L".dll");
55 cbDLLPath = (lstrlenW(wszFilePath) + 1) * sizeof(WCHAR);
56
57 // Create a snapshot of the currently running processes.
58 hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
59 if (hSnapshot == INVALID_HANDLE_VALUE)
60 {
61 DPRINT("CreateToolhelp32Snapshot failed with error %lu!\n", GetLastError());
62 return;
63 }
64
65 // Enumerate through all running processes.
66 pe.dwSize = sizeof(pe);
67 if (!Process32FirstW(hSnapshot, &pe))
68 {
69 DPRINT("Process32FirstW failed with error %lu!\n", GetLastError());
70 return;
71 }
72
73 do
74 {
75 // Check if this is the spooler server process.
76 if (_wcsicmp(pe.szExeFile, L"spoolsv.exe") != 0)
77 continue;
78
79 // Open a handle to the process.
80 hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe.th32ProcessID);
81 if (!hProcess)
82 {
83 DPRINT("OpenProcess failed with error %lu!\n", GetLastError());
84 return;
85 }
86
87 // Get the address of LoadLibraryW.
88 pLoadLibraryAddress = (PVOID)GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "LoadLibraryW");
89 if (!pLoadLibraryAddress)
90 {
91 DPRINT("GetProcAddress failed with error %lu!\n", GetLastError());
92 return;
93 }
94
95 // Allocate memory for the DLL path in the spooler process.
96 pLoadLibraryArgument = VirtualAllocEx(hProcess, NULL, cbDLLPath, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
97 if (!pLoadLibraryArgument)
98 {
99 DPRINT("VirtualAllocEx failed with error %lu!\n", GetLastError());
100 return;
101 }
102
103 // Write the DLL path to the process memory.
104 if (!WriteProcessMemory(hProcess, pLoadLibraryArgument, wszFilePath, cbDLLPath, NULL))
105 {
106 DPRINT("WriteProcessMemory failed with error %lu!\n", GetLastError());
107 return;
108 }
109
110 // Create a new thread in the spooler process that calls LoadLibraryW as the start routine with our DLL as the argument.
111 // This effectively injects our DLL into the spooler process and we can inspect localspl.dll there just like the spooler.
112 hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pLoadLibraryAddress, pLoadLibraryArgument, 0, NULL);
113 if (!hThread)
114 {
115 DPRINT("CreateRemoteThread failed with error %lu!\n", GetLastError());
116 return;
117 }
118
119 CloseHandle(hThread);
120 break;
121 }
122 while (Process32NextW(hSnapshot, &pe));
123}
wcscpy
wcscpy
Definition: corecrt_wstring.h:120
NULL
#define NULL
Definition: types.h:112
FALSE
#define FALSE
Definition: types.h:117
CloseHandle
#define CloseHandle
Definition: compat.h:739
wcsrchr
#define wcsrchr
Definition: compat.h:16
GetProcAddress
#define GetProcAddress(x, y)
Definition: compat.h:753
INVALID_HANDLE_VALUE
#define INVALID_HANDLE_VALUE
Definition: compat.h:731
MAX_PATH
#define MAX_PATH
Definition: compat.h:34
lstrlenW
#define lstrlenW
Definition: compat.h:750
GetModuleFileNameW
DWORD WINAPI GetModuleFileNameW(HINSTANCE hModule, LPWSTR lpFilename, DWORD nSize)
Definition: loader.c:600
GetModuleHandleW
HMODULE WINAPI GetModuleHandleW(LPCWSTR lpModuleName)
Definition: loader.c:838
WriteProcessMemory
BOOL NTAPI WriteProcessMemory(IN HANDLE hProcess, IN LPVOID lpBaseAddress, IN LPCVOID lpBuffer, IN SIZE_T nSize, OUT SIZE_T *lpNumberOfBytesWritten)
Definition: proc.c:2064
OpenProcess
HANDLE WINAPI OpenProcess(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN DWORD dwProcessId)
Definition: proc.c:1227
CreateRemoteThread
HANDLE WINAPI CreateRemoteThread(IN HANDLE hProcess, IN LPSECURITY_ATTRIBUTES lpThreadAttributes, IN DWORD dwStackSize, IN LPTHREAD_START_ROUTINE lpStartAddress, IN LPVOID lpParameter, IN DWORD dwCreationFlags, OUT LPDWORD lpThreadId)
Definition: thread.c:159
Process32NextW
BOOL WINAPI Process32NextW(HANDLE hSnapshot, LPPROCESSENTRY32W lppe)
Definition: toolhelp.c:1073
CreateToolhelp32Snapshot
HANDLE WINAPI CreateToolhelp32Snapshot(DWORD dwFlags, DWORD th32ProcessID)
Definition: toolhelp.c:1255
Process32FirstW
BOOL WINAPI Process32FirstW(HANDLE hSnapshot, LPPROCESSENTRY32W lppe)
Definition: toolhelp.c:984
L
#define L(x)
Definition: resources.c:13
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
p
GLfloat GLfloat p
Definition: glext.h:8902
hProcess
_In_ BOOL _In_ HANDLE hProcess
Definition: mapping.h:71
LPTHREAD_START_ROUTINE
PTHREAD_START_ROUTINE LPTHREAD_START_ROUTINE
Definition: minwinbase.h:124
hThread
HANDLE hThread
Definition: wizard.c:28
PAGE_READWRITE
#define PAGE_READWRITE
Definition: nt_native.h:1307
PROCESS_ALL_ACCESS
#define PROCESS_ALL_ACCESS
Definition: nt_native.h:1327
MEM_RESERVE
#define MEM_RESERVE
Definition: nt_native.h:1317
MEM_COMMIT
#define MEM_COMMIT
Definition: nt_native.h:1316
_wcsicmp
_Check_return_ _CRTIMP int __cdecl _wcsicmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
DPRINT
#define DPRINT
Definition: sndvol32.h:73
_countof
#define _countof(array)
Definition: sndvol32.h:70
tagPROCESSENTRY32W::szExeFile
WCHAR szExeFile[MAX_PATH]
Definition: tlhelp32.h:58
tagPROCESSENTRY32W::th32ProcessID
DWORD th32ProcessID
Definition: tlhelp32.h:51
TH32CS_SNAPPROCESS
#define TH32CS_SNAPPROCESS
Definition: tlhelp32.h:26
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:56
PVOID
void * PVOID
Definition: typedefs.h:50
VirtualAllocEx
LPVOID NTAPI VirtualAllocEx(IN HANDLE hProcess, IN LPVOID lpAddress, IN SIZE_T dwSize, IN DWORD flAllocationType, IN DWORD flProtect)
Definition: virtmem.c:23
GetLastError
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180

Referenced by _ServiceMain().

◆ _ServiceControlHandlerEx()

static DWORD WINAPI _ServiceControlHandlerEx ( DWORD  dwControl,
DWORD  dwEventType,
LPVOID  lpEventData,
LPVOID  lpContext 
)
static

Definition at line 126 of file service.c.

127{
128 return NO_ERROR;
129}
NO_ERROR
#define NO_ERROR
Definition: dderror.h:5

Referenced by _ServiceMain().

◆ _ServiceMain()

static void WINAPI _ServiceMain ( DWORD  dwArgc,
LPWSTR lpszArgv 
)
static

Definition at line 132 of file service.c.

133{
134 SERVICE_STATUS_HANDLE hServiceStatus;
135 SERVICE_STATUS ServiceStatus;
136
137 UNREFERENCED_PARAMETER(dwArgc);
138 UNREFERENCED_PARAMETER(lpszArgv);
139
140 // Register our service for control.
141 hServiceStatus = RegisterServiceCtrlHandlerExW(SERVICE_NAME, _ServiceControlHandlerEx, NULL);
142
143 // Report SERVICE_RUNNING status.
144 ServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN;
145 ServiceStatus.dwServiceSpecificExitCode = 0;
146 ServiceStatus.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
147 ServiceStatus.dwWaitHint = 4000;
148 ServiceStatus.dwWin32ExitCode = NO_ERROR;
149 ServiceStatus.dwCurrentState = SERVICE_RUNNING;
150 SetServiceStatus(hServiceStatus, &ServiceStatus);
151
152 // Do our funky crazy stuff.
153 _DoDLLInjection();
154
155 // Our work is done.
156 ServiceStatus.dwCurrentState = SERVICE_STOPPED;
157 SetServiceStatus(hServiceStatus, &ServiceStatus);
158}
SERVICE_STATUS_HANDLE
static SERVICE_STATUS_HANDLE(WINAPI *pRegisterServiceCtrlHandlerExA)(LPCSTR
ServiceStatus
static SERVICE_STATUS ServiceStatus
Definition: browser.c:23
_DoDLLInjection
static void _DoDLLInjection()
Definition: service.c:27
_ServiceControlHandlerEx
static DWORD WINAPI _ServiceControlHandlerEx(DWORD dwControl, DWORD dwEventType, LPVOID lpEventData, LPVOID lpContext)
Definition: service.c:126
UNREFERENCED_PARAMETER
#define UNREFERENCED_PARAMETER(P)
Definition: ntbasedef.h:329
RegisterServiceCtrlHandlerExW
SERVICE_STATUS_HANDLE WINAPI RegisterServiceCtrlHandlerExW(LPCWSTR lpServiceName, LPHANDLER_FUNCTION_EX lpHandlerProc, LPVOID lpContext)
Definition: sctrl.c:831
SetServiceStatus
BOOL WINAPI SetServiceStatus(SERVICE_STATUS_HANDLE hServiceStatus, LPSERVICE_STATUS lpServiceStatus)
Definition: sctrl.c:1016
_SERVICE_STATUS
Definition: winsvc.h:104
_SERVICE_STATUS::dwServiceType
DWORD dwServiceType
Definition: winsvc.h:105
_SERVICE_STATUS::dwWin32ExitCode
DWORD dwWin32ExitCode
Definition: winsvc.h:108
_SERVICE_STATUS::dwControlsAccepted
DWORD dwControlsAccepted
Definition: winsvc.h:107
_SERVICE_STATUS::dwWaitHint
DWORD dwWaitHint
Definition: winsvc.h:111
_SERVICE_STATUS::dwCurrentState
DWORD dwCurrentState
Definition: winsvc.h:106
_SERVICE_STATUS::dwServiceSpecificExitCode
DWORD dwServiceSpecificExitCode
Definition: winsvc.h:109
hServiceStatus
SERVICE_STATUS_HANDLE hServiceStatus
Definition: main.c:10
SERVICE_STOPPED
#define SERVICE_STOPPED
Definition: winsvc.h:21
SERVICE_ACCEPT_STOP
#define SERVICE_ACCEPT_STOP
Definition: winsvc.h:28
SERVICE_RUNNING
#define SERVICE_RUNNING
Definition: winsvc.h:24
SERVICE_ACCEPT_SHUTDOWN
#define SERVICE_ACCEPT_SHUTDOWN
Definition: winsvc.h:30
SERVICE_NAME
#define SERVICE_NAME
Definition: wlansvc.c:18
SERVICE_WIN32_OWN_PROCESS
#define SERVICE_WIN32_OWN_PROCESS
Definition: cmtypes.h:962

Referenced by START_TEST().

◆ START_TEST()

START_TEST ( service  )

Definition at line 160 of file service.c.

161{
162 int argc;
163 char** argv;
164
165#if defined(_M_AMD64)
166 if (!winetest_interactive)
167 {
168 skip("ROSTESTS-366: Skipping localspl_apitest:service because it hangs on Windows Server 2003 x64-Testbot. Set winetest_interactive to run it anyway.\n");
169 return;
170 }
171#endif
172
173 SERVICE_TABLE_ENTRYW ServiceTable[] =
174 {
175 { SERVICE_NAME, _ServiceMain },
176 { NULL, NULL }
177 };
178
179 // This is no real test, but an easy way to integrate the service handler routines into the API-Test executable.
180 // Therefore, bail out if someone tries to run "service" as a usual test.
181 argc = winetest_get_mainargs(&argv);
182 if (argc != 3)
183 return;
184
185 // If we have exactly 3 arguments, we're run as a service, so initialize the corresponding service handler functions.
186 StartServiceCtrlDispatcherW(ServiceTable);
187
188 // Prevent the testing framework from outputting a "0 tests executed" line here.
189 ExitProcess(0);
190}
argc
static int argc
Definition: ServiceArgs.c:12
skip
#define skip(...)
Definition: atltest.h:64
ExitProcess
VOID WINAPI ExitProcess(IN UINT uExitCode)
Definition: proc.c:1489
ServiceTable
SERVICE_TABLE_ENTRYW ServiceTable[]
Definition: service.c:20
winetest_interactive
int winetest_interactive
_ServiceMain
static void WINAPI _ServiceMain(DWORD dwArgc, LPWSTR *lpszArgv)
Definition: service.c:132
argv
#define argv
Definition: mplay32.c:18
StartServiceCtrlDispatcherW
BOOL WINAPI StartServiceCtrlDispatcherW(const SERVICE_TABLE_ENTRYW *lpServiceStartTable)
Definition: sctrl.c:1153
winetest_get_mainargs
int winetest_get_mainargs(char ***pargv)
_SERVICE_TABLE_ENTRYW
Definition: winsvc.h:188