如何在Windows服务中挂钩可执行文件。 [英] How to hook the executable in windows services.

问题描述

我成功地挂钩了Windows Nt函数（注册表和文件系统以及创建进程函数）。我可以挂钩所有exes，但是，当控件转移到服务时，它不会挂起注册和文件系统。



因此我开始分析挂钩服务。我必须挂钩服务，这样才能从作为服务运行的exe启用注册和文件系统挂钩。

我想证实我的想法。如果有人发现它是错的。请纠正我学习。



考虑到服务是长期运行的可执行文件，我假设跟踪过程中涉及的exe并用钩子替换exes将做有需要的人。



我想我可以通过以下方式到达解决方案，



1）拦截任何创建服务在应用程序中调用，我将更改exe路径名称作为钩子的exe名称，并调用原始的createservice



2）再次拦截现有服务，我想拦截openservice api调用如下：



a）从openservice中的service name参数，

我会调用servicequeryconfig来查找所有服务

参数包括涉及的exe

b）用钩子的exe名称创建一个新服务

和检索到的服务参数

c）最后创建了服务句柄，

我想调用原始的openservice API

并返回句柄。



在这两个场景中，我都没有触及服务框架。我刚刚更换了exe，它被转换为服务。



请指导，如果有其他方法可以做得好。我是新手。

I am successful in hooking windows Nt functions (registry and file systems and create process functions). I could hook all exes, however, when the control transfers to service, it is not hooking both registy and file system.

Hence I started analysing about hooking services. Ijust have to hook services, such that registy and file system hooking should be enabled from the exe running as a service.
I would like to confirm my idea. If somebody found it as wrong. Please correct me to learn.

With the thought that service are long running executables, I assumed tracking the exe involved in the process and replacing the exes with a hooked one will do the needy.

I think I can arrive the solution via,

1) intercepting any createservice call in an application and I would change the exe path name as the hooked exe name and call the original createservice

2) Again for intercepting the existing services, I would like to intercept the openservice api call as below

a) From the service name parameter in openservice,
I would call servicequeryconfig to find all the service
parameters including the exe involved
b) create a new service with the hooked exe name
and the retrieved service parameters
c) Finally with the service handle created,
I would like to invoke original openservice API
and return the handle.

In both the scenes, I have not touched the service frameworks. I just replaced exe, which is converted as a service.

Please guide, if there is other methods to do it well. I am a novice.

推荐答案

这对您有用：

www.hellboundhackers.org/forum/keyboard_hook_from_service_application-22-6951_0。 html

This maybe useful to you:
www.hellboundhackers.org/forum/keyboard_hook_from_service_application-22-6951_0.html

http://odetocode.com/ blogs / scott / archive / 2004/10/29 / createprocessasuser.aspx [ ^ ]

这篇关于如何在Windows服务中挂钩可执行文件。的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！