服务(HKLM \ system \ currentcontrolset \ services) [英] Services (HKLM\system\currentcontrolset\services)

问题描述

我必须找到系统上的所有服务.

I have to find all the services on the system.

为此，我想枚举HKLM \ system \ currentcontrolset \ services密钥，但是rootkit钩住了NtEnumerateKey，因此这并没有显示隐藏"消息.服务.

For this I thought to enumerate HKLM\system\currentcontrolset\services key, but a rootkit has hooked NtEnumerateKey so this wasn't showing the "hidden" services.

接下来，我使用实用程序"hobocopy"(我从某个网站下载了它)复制了％systemroot％\ system32 \ config \ system文件，并使用"RegLoadKey"加载了重复的配置单元.密钥已成功加载，但子项"CurrentControlSet"已成功加载. 丢失，但是"ControlSet001"不存在.和"ControlSet002"在那里.目的再次失败.

Next I made a copy of %systemroot%\system32\config\system file using a utility "hobocopy"(I downloaded it from some website) and loaded that duplicate hive using "RegLoadKey". The key was successfully loaded but the subkey "CurrentControlSet" was missing however "ControlSet001" and "ControlSet002" were there. Again purpose failed.

我现在该怎么办?

TIA

推荐答案

尝试使用'EnumServicesStatus(....)'函数.

Try using 'EnumServicesStatus (....)' function.

这篇关于服务(HKLM \ system \ currentcontrolset \ services)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！