Click here to Skip to main content
12,999,608 members (116,847 online)
Rate this:
Please Sign up or sign in to vote.
I am successful in hooking windows Nt functions (registry and file systems and create process functions). I could hook all exes, however, when the control transfers to service, it is not hooking both registy and file system.

Hence I started analysing about hooking services. Ijust have to hook services, such that registy and file system hooking should be enabled from the exe running as a service.
I would like to confirm my idea. If somebody found it as wrong. Please correct me to learn.

With the thought that service are long running executables, I assumed tracking the exe involved in the process and replacing the exes with a hooked one will do the needy.

I think I can arrive the solution via,

1) intercepting any createservice call in an application and I would change the exe path name as the hooked exe name and call the original createservice

2) Again for intercepting the existing services, I would like to intercept the openservice api call as below

a) From the service name parameter in openservice,
I would call servicequeryconfig to find all the service
parameters including the exe involved
b) create a new service with the hooked exe name
and the retrieved service parameters
c) Finally with the service handle created,
I would like to invoke original openservice API
and return the handle.

In both the scenes, I have not touched the service frameworks. I just replaced exe, which is converted as a service.

Please guide, if there is other methods to do it well. I am a novice.
Posted 9-Aug-10 21:00pm
Updated 9-Aug-10 21:05pm
Rate this: bad
Please Sign up or sign in to vote.

Solution 1

This maybe useful to you:

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy | Mobile
Web02 | 2.8.170624.1 | Last Updated 1 Jan 2014
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100