I am successful in hooking windows Nt functions (registry and file systems and create process functions). I could hook all exes, however, when the control transfers to service, it is not hooking both registy and file system.
Hence I started analysing about hooking services. Ijust have to hook services, such that registy and file system hooking should be enabled from the exe running as a service.
I would like to confirm my idea. If somebody found it as wrong. Please correct me to learn.
With the thought that service are long running executables, I assumed tracking the exe involved in the process and replacing the exes with a hooked one will do the needy.
I think I can arrive the solution via,
1) intercepting any createservice call in an application and I would change the exe path name as the hooked exe name and call the original createservice
2) Again for intercepting the existing services, I would like to intercept the openservice api call as below
a) From the service name parameter in openservice,
I would call servicequeryconfig to find all the service
parameters including the exe involved
b) create a new service with the hooked exe name
and the retrieved service parameters
c) Finally with the service handle created,
I would like to invoke original openservice API
and return the handle.
In both the scenes, I have not touched the service frameworks. I just replaced exe, which is converted as a service.
Please guide, if there is other methods to do it well. I am a novice.