Click here to Skip to main content
15,867,141 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
I am successful in hooking windows Nt functions (registry and file systems and create process functions). I could hook all exes, however, when the control transfers to service, it is not hooking both registy and file system.

Hence I started analysing about hooking services. Ijust have to hook services, such that registy and file system hooking should be enabled from the exe running as a service.
I would like to confirm my idea. If somebody found it as wrong. Please correct me to learn.

With the thought that service are long running executables, I assumed tracking the exe involved in the process and replacing the exes with a hooked one will do the needy.

I think I can arrive the solution via,

1) intercepting any createservice call in an application and I would change the exe path name as the hooked exe name and call the original createservice

2) Again for intercepting the existing services, I would like to intercept the openservice api call as below

a) From the service name parameter in openservice,
I would call servicequeryconfig to find all the service
parameters including the exe involved
b) create a new service with the hooked exe name
and the retrieved service parameters
c) Finally with the service handle created,
I would like to invoke original openservice API
and return the handle.

In both the scenes, I have not touched the service frameworks. I just replaced exe, which is converted as a service.

Please guide, if there is other methods to do it well. I am a novice.
Posted
Updated 9-Aug-10 21:05pm
v2

This maybe useful to you:
www.hellboundhackers.org/forum/keyboard_hook_from_service_application-22-6951_0.html
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900