Provided that serviceName (std::wstring) holds the name of the Service and hService (HANDLE) is a handle to a Service, the following code will hide the service:
PSECURITY_DESCRIPTOR secDescPtr;
ULONG secDescSize = 0;
if (ConvertStringSecurityDescriptorToSecurityDescriptor(L"D:(D;;DCWPDTSD;;;IU)(D;;DCWPDTSD;;;SU)(D;;DCWPDTSD;;;BA)(A;;CCSWLOCRRC;;;IU)(A;;CCSWLOCRRC;;;SU)(A;;CCSWRPWPDTLOCRRC;;;SY)(A;;CCDCSWRPWPDTLOCRSDRCWDWO;;;BA)",
SDDL_REVISION_1,
&secDescPtr,
&secDescSize) == TRUE)
{
wprintf(L"Security Descriptor conversion ok");
if (SetServiceObjectSecurity(hService, DACL_SECURITY_INFORMATION, secDescPtr) == TRUE)
{
wprintf(L"Service %s hidden",serviceName);
ret = true;
}
else
{
switch (GetLastError())
{
case ERROR_ACCESS_DENIED:
wprintf(_T("Service Security setup failed - Access Denied"));
break;
case ERROR_INVALID_HANDLE:
wprintf(_T("Service Security setup failed - Invalid Handle"));
break;
case ERROR_INVALID_PARAMETER:
wprintf(_T("Service Security setup failed - Invalid Parameter"));
break;
case ERROR_SERVICE_MARKED_FOR_DELETE:
wprintf(_T("Service Security setup failed - Service Marked For Delete"));
break;
}
}
}
else
{
wprintf(_T("Security Descriptor conversion failed"));
}