Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: DLL Windows-service service , +
I am successful in hooking windows Nt functions (registry and file systems and create process functions). I could hook all exes, however, when the control transfers to service, it is not hooking both registy and file system.
 
Hence I started analysing about hooking services. Ijust have to hook services, such that registy and file system hooking should be enabled from the exe running as a service.
I would like to confirm my idea. If somebody found it as wrong. Please correct me to learn.
 
With the thought that service are long running executables, I assumed tracking the exe involved in the process and replacing the exes with a hooked one will do the needy.
 
I think I can arrive the solution via,
 
1) intercepting any createservice call in an application and I would change the exe path name as the hooked exe name and call the original createservice
 
2) Again for intercepting the existing services, I would like to intercept the openservice api call as below
 
a) From the service name parameter in openservice,
I would call servicequeryconfig to find all the service
parameters including the exe involved
b) create a new service with the hooked exe name
and the retrieved service parameters
c) Finally with the service handle created,
I would like to invoke original openservice API
and return the handle.
 
In both the scenes, I have not touched the service frameworks. I just replaced exe, which is converted as a service.
 
Please guide, if there is other methods to do it well. I am a novice.
Posted 9-Aug-10 21:00pm
Edited 9-Aug-10 21:05pm
v2
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

This maybe useful to you:
www.hellboundhackers.org/forum/keyboard_hook_from_service_application-22-6951_0.html
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 Sergey Alexandrovich Kryukov 6,745
1 OriginalGriff 6,696
2 CPallini 5,315
3 George Jonsson 3,599
4 Gihan Liyanage 2,650


Advertise | Privacy | Mobile
Web04 | 2.8.140922.1 | Last Updated 1 Jan 2014
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100