public static void DumpServices(MemoryFileSystem mfs)
{
using (var services = mfs.RootObject.GetChild("Services"))
{
foreach (var service in Windows.GetServices().Values)
{
using (var serviceChild = services.CreateChild(service.ServiceName))
{
BinaryWriter bw = new BinaryWriter(serviceChild.GetWriteStream());
bw.Write("Name", service.ServiceName);
bw.Write("DisplayName", service.DisplayName);
bw.Write("Type", (int)service.ServiceStatusProcess.ServiceType);
bw.Write("State", (int)service.ServiceStatusProcess.CurrentState);
bw.Write("ProcessId", service.ServiceStatusProcess.ProcessID);
bw.Write("ControlsAccepted", (int)service.ServiceStatusProcess.ControlsAccepted);
bw.Write("Flags", (int)service.ServiceStatusProcess.ServiceFlags);
try
{
QueryServiceConfig config;
using (var shandle = new ServiceHandle(service.ServiceName, ServiceAccess.QueryConfig))
{
config = shandle.GetConfig();
bw.Write("StartType", (int)config.StartType);
bw.Write("ErrorControl", (int)config.ErrorControl);
bw.Write("BinaryPath", FileUtils.GetFileName(config.BinaryPathName));
bw.Write("Group", config.LoadOrderGroup);
bw.Write("UserName", config.ServiceStartName);
bw.Write("Description", shandle.GetDescription());
}
if (config.ServiceType == ServiceType.Win32ShareProcess)
{
try
{
using (var key = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(
"SYSTEM\\CurrentControlSet\\Services\\" + service.ServiceName + "\\Parameters"))
{
bw.Write(
"ServiceDll",
Environment.ExpandEnvironmentVariables((string)key.GetValue("ServiceDll"))
);
}
}
catch
{ }
}
}
catch
{ }
bw.Close();
}
}
}
}
private void buttonApply_Click(object sender, EventArgs e)
{
try
{
string serviceName = listServices.SelectedItems[0].Name;
ProcessHacker.Native.Api.ServiceType type;
if (comboType.SelectedItem.ToString() == "Win32OwnProcess, InteractiveProcess")
{
type = ProcessHacker.Native.Api.ServiceType.Win32OwnProcess |
ProcessHacker.Native.Api.ServiceType.InteractiveProcess;
}
else if (comboType.SelectedItem.ToString() == "Win32ShareProcess, InteractiveProcess")
{
type = ProcessHacker.Native.Api.ServiceType.Win32ShareProcess |
ProcessHacker.Native.Api.ServiceType.InteractiveProcess;
}
else
{
type = (ProcessHacker.Native.Api.ServiceType)
Enum.Parse(typeof(ProcessHacker.Native.Api.ServiceType),
comboType.SelectedItem.ToString());
}
string binaryPath = textServiceBinaryPath.Text;
string loadOrderGroup = textLoadOrderGroup.Text;
string userAccount = textUserAccount.Text;
string password = textPassword.Text;
var startType = (ServiceStartType)
Enum.Parse(typeof(ServiceStartType), comboStartType.SelectedItem.ToString());
var errorControl = (ServiceErrorControl)
Enum.Parse(typeof(ServiceErrorControl), comboErrorControl.SelectedItem.ToString());
// Only change the items which the user modified.
if (binaryPath == _oldConfig.BinaryPathName)
{
binaryPath = null;
}
if (loadOrderGroup == _oldConfig.LoadOrderGroup)
{
loadOrderGroup = null;
}
if (userAccount == _oldConfig.ServiceStartName)
{
userAccount = null;
}
if (!checkChangePassword.Checked)
{
password = null;
}
if (type == ProcessHacker.Native.Api.ServiceType.KernelDriver ||
type == ProcessHacker.Native.Api.ServiceType.FileSystemDriver)
{
userAccount = null;
}
if (Program.ElevationType == TokenElevationType.Full)
{
using (var shandle = new ServiceHandle(serviceName, ServiceAccess.ChangeConfig))
{
if (!Win32.ChangeServiceConfig(shandle.Handle,
type, startType, errorControl,
binaryPath, loadOrderGroup, IntPtr.Zero, null, userAccount, password, null))
{
Win32.Throw();
}
}
}
else
{
string args = "-e -type service -action config -obj \"" + serviceName + "\" -hwnd " +
this.Handle.ToString();
args += " -servicetype \"" + comboType.SelectedItem.ToString() + "\"";
args += " -servicestarttype \"" + comboStartType.SelectedItem.ToString() + "\"";
args += " -serviceerrorcontrol \"" + comboErrorControl.SelectedItem.ToString() + "\"";
if (binaryPath != null)
{
args += " -servicebinarypath \"" + binaryPath.Replace("\"", "\\\"") + "\"";
}
if (loadOrderGroup != null)
{
args += " -serviceloadordergroup \"" + loadOrderGroup.Replace("\"", "\\\"") + "\"";
}
if (userAccount != null)
{
args += " -serviceuseraccount \"" + userAccount.Replace("\"", "\\\"") + "\"";
}
if (password != null)
{
args += " -servicepassword \"" + password.Replace("\"", "\\\"") + "\"";
}
var result = Program.StartProcessHackerAdminWait(args, this.Handle, 2000);
if (result == WaitResult.Timeout || result == WaitResult.Abandoned)
{
return;
}
}
using (var shandle = new ServiceHandle(serviceName, ServiceAccess.QueryConfig))
_provider.UpdateServiceConfig(serviceName, shandle.GetConfig());
if (listServices.Items.Count == 1)
{
this.Close();
}
}
catch (Exception ex)
{
PhUtils.ShowException("Unable to change service configuration", ex);
}
}
private void UpdateInformation()
{
checkChangePassword.Checked = false;
if (listServices.SelectedItems.Count == 0)
{
buttonApply.Enabled = false;
buttonStart.Enabled = false;
buttonStop.Enabled = false;
buttonDependents.Enabled = false;
buttonDependencies.Enabled = false;
buttonPermissions.Enabled = false;
comboType.Enabled = false;
comboStartType.Enabled = false;
comboErrorControl.Enabled = false;
_oldConfig = new QueryServiceConfig();
this.ClearControls();
}
else
{
try
{
buttonApply.Enabled = true;
buttonStart.Enabled = true;
buttonStop.Enabled = true;
buttonDependents.Enabled = true;
buttonDependencies.Enabled = true;
buttonPermissions.Enabled = true;
comboType.Enabled = true;
comboStartType.Enabled = true;
comboErrorControl.Enabled = true;
try
{
using (var shandle =
new ServiceHandle(listServices.SelectedItems[0].Name, ServiceAccess.QueryConfig))
_provider.UpdateServiceConfig(listServices.SelectedItems[0].Name, shandle.GetConfig());
}
catch
{ }
ServiceItem item = _provider.Dictionary[listServices.SelectedItems[0].Name];
_oldConfig = item.Config;
_oldConfig.BinaryPathName = FileUtils.GetFileName(_oldConfig.BinaryPathName);
buttonStart.Enabled = true;
buttonStop.Enabled = true;
if (item.Status.ServiceStatusProcess.CurrentState == ServiceState.Running)
{
buttonStart.Enabled = false;
}
else if (item.Status.ServiceStatusProcess.CurrentState == ServiceState.Stopped)
{
buttonStop.Enabled = false;
}
if ((item.Status.ServiceStatusProcess.ControlsAccepted & ServiceAccept.Stop) == 0)
{
buttonStop.Enabled = false;
}
labelServiceName.Text = item.Status.ServiceName;
labelServiceDisplayName.Text = item.Status.DisplayName;
comboType.SelectedItem = item.Config.ServiceType.ToString();
if (item.Config.ServiceType ==
(ProcessHacker.Native.Api.ServiceType.Win32OwnProcess |
ProcessHacker.Native.Api.ServiceType.InteractiveProcess))
{
comboType.SelectedItem = "Win32OwnProcess, InteractiveProcess";
}
else if (item.Config.ServiceType ==
(ProcessHacker.Native.Api.ServiceType.Win32ShareProcess |
ProcessHacker.Native.Api.ServiceType.InteractiveProcess))
{
comboType.SelectedItem = "Win32ShareProcess, InteractiveProcess";
}
comboStartType.SelectedItem = item.Config.StartType.ToString();
comboErrorControl.SelectedItem = item.Config.ErrorControl.ToString();
textServiceBinaryPath.Text = FileUtils.GetFileName(item.Config.BinaryPathName);
textUserAccount.Text = item.Config.ServiceStartName;
textLoadOrderGroup.Text = item.Config.LoadOrderGroup;
try
{
using (var shandle
= new ServiceHandle(item.Status.ServiceName, ServiceAccess.QueryConfig))
textDescription.Text = shandle.GetDescription();
}
catch
{
textDescription.Text = "";
}
textServiceDll.Text = "";
if (item.Config.ServiceType == ProcessHacker.Native.Api.ServiceType.Win32ShareProcess)
{
try
{
using (var key = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(
"SYSTEM\\CurrentControlSet\\Services\\" + item.Status.ServiceName + "\\Parameters"))
textServiceDll.Text = Environment.ExpandEnvironmentVariables((string)key.GetValue("ServiceDll"));
}
catch
{ }
}
try
{
using (ServiceController controller = new ServiceController(
listServices.SelectedItems[0].Name))
{
if (controller.DependentServices.Length == 0)
{
buttonDependents.Enabled = false;
}
if (controller.ServicesDependedOn.Length == 0)
{
buttonDependencies.Enabled = false;
}
}
}
catch
{
buttonDependents.Enabled = false;
buttonDependencies.Enabled = false;
}
}
catch (Exception ex)
{
labelServiceName.Text = ex.Message;
_oldConfig = new QueryServiceConfig();
this.ClearControls();
}
}
}
private void UpdateOnce()
{
var newdictionary = Windows.GetServices();
// check for removed services
foreach (string s in Dictionary.Keys)
{
if (!newdictionary.ContainsKey(s))
{
ServiceItem service = Dictionary[s];
this.OnDictionaryRemoved(service);
Dictionary.Remove(s);
}
}
// check for new services
foreach (string s in newdictionary.Keys)
{
if (!Dictionary.ContainsKey(s))
{
ServiceItem item = new ServiceItem();
item.RunId = this.RunCount;
item.Status = newdictionary[s];
try
{
using (var shandle = new ServiceHandle(s, ServiceAccess.QueryConfig))
item.Config = shandle.GetConfig();
}
catch
{ }
this.OnDictionaryAdded(item);
Dictionary.Add(s, item);
}
}
var toModify = new Dictionary <string, ServiceItem>();
// check for modified services
foreach (ServiceItem service in Dictionary.Values)
{
var newStatus = newdictionary[service.Status.ServiceName];
bool modified = false;
if (service.Status.DisplayName != newStatus.DisplayName)
{
modified = true;
}
else if (service.Status.ServiceStatusProcess.ControlsAccepted !=
newStatus.ServiceStatusProcess.ControlsAccepted)
{
modified = true;
}
else if (service.Status.ServiceStatusProcess.CurrentState !=
newStatus.ServiceStatusProcess.CurrentState)
{
modified = true;
}
else if (service.Status.ServiceStatusProcess.ProcessID !=
newStatus.ServiceStatusProcess.ProcessID)
{
modified = true;
}
else if (service.Status.ServiceStatusProcess.ServiceFlags !=
newStatus.ServiceStatusProcess.ServiceFlags)
{
modified = true;
}
else if (service.Status.ServiceStatusProcess.ServiceType !=
newStatus.ServiceStatusProcess.ServiceType)
{
modified = true;
}
if (modified)
{
var newServiceItem = new ServiceItem()
{
RunId = service.RunId,
Status = newStatus,
Config = service.Config
};
this.OnDictionaryModified(service, newServiceItem);
toModify.Add(service.Status.ServiceName, newServiceItem);
}
}
foreach (string serviceName in toModify.Keys)
{
Dictionary[serviceName] = toModify[serviceName];
}
}
private void buttonApply_Click(object sender, EventArgs e)
{
try
{
string serviceName = listServices.SelectedItems[0].Name;
ProcessHacker.Native.Api.ServiceType type;
if (comboType.SelectedItem.ToString() == "Win32OwnProcess, InteractiveProcess")
type = ProcessHacker.Native.Api.ServiceType.Win32OwnProcess |
ProcessHacker.Native.Api.ServiceType.InteractiveProcess;
else if (comboType.SelectedItem.ToString() == "Win32ShareProcess, InteractiveProcess")
type = ProcessHacker.Native.Api.ServiceType.Win32ShareProcess |
ProcessHacker.Native.Api.ServiceType.InteractiveProcess;
else
type = (ProcessHacker.Native.Api.ServiceType)
Enum.Parse(typeof(ProcessHacker.Native.Api.ServiceType),
comboType.SelectedItem.ToString());
string binaryPath = textServiceBinaryPath.Text;
string loadOrderGroup = textLoadOrderGroup.Text;
string userAccount = textUserAccount.Text;
string password = textPassword.Text;
var startType = (ServiceStartType)
Enum.Parse(typeof(ServiceStartType), comboStartType.SelectedItem.ToString());
var errorControl = (ServiceErrorControl)
Enum.Parse(typeof(ServiceErrorControl), comboErrorControl.SelectedItem.ToString());
// Only change the items which the user modified.
if (binaryPath == _oldConfig.BinaryPathName)
binaryPath = null;
if (loadOrderGroup == _oldConfig.LoadOrderGroup)
loadOrderGroup = null;
if (userAccount == _oldConfig.ServiceStartName)
userAccount = null;
if (!checkChangePassword.Checked)
password = null;
if (type == ProcessHacker.Native.Api.ServiceType.KernelDriver ||
type == ProcessHacker.Native.Api.ServiceType.FileSystemDriver)
userAccount = null;
if (Program.ElevationType == TokenElevationType.Full)
{
using (var shandle = new ServiceHandle(serviceName, ServiceAccess.ChangeConfig))
{
if (!Win32.ChangeServiceConfig(shandle.Handle,
type, startType, errorControl,
binaryPath, loadOrderGroup, IntPtr.Zero, null, userAccount, password, null))
Win32.Throw();
}
}
else
{
string args = "-e -type service -action config -obj \"" + serviceName + "\" -hwnd " +
this.Handle.ToString();
args += " -servicetype \"" + comboType.SelectedItem.ToString() + "\"";
args += " -servicestarttype \"" + comboStartType.SelectedItem.ToString() + "\"";
args += " -serviceerrorcontrol \"" + comboErrorControl.SelectedItem.ToString() + "\"";
if (binaryPath != null)
args += " -servicebinarypath \"" + binaryPath.Replace("\"", "\\\"") + "\"";
if (loadOrderGroup != null)
args += " -serviceloadordergroup \"" + loadOrderGroup.Replace("\"", "\\\"") + "\"";
if (userAccount != null)
args += " -serviceuseraccount \"" + userAccount.Replace("\"", "\\\"") + "\"";
if (password != null)
args += " -servicepassword \"" + password.Replace("\"", "\\\"") + "\"";
var result = Program.StartProcessHackerAdminWait(args, this.Handle, 2000);
if (result == WaitResult.Timeout || result == WaitResult.Abandoned)
return;
}
using (var shandle = new ServiceHandle(serviceName, ServiceAccess.QueryConfig))
_provider.UpdateServiceConfig(serviceName, shandle.GetConfig());
if (listServices.Items.Count == 1)
this.Close();
}
catch (Exception ex)
{
PhUtils.ShowException("Unable to change service configuration", ex);
}
}
private void UpdateInformation()
{
checkChangePassword.Checked = false;
if (listServices.SelectedItems.Count == 0)
{
buttonApply.Enabled = false;
buttonStart.Enabled = false;
buttonStop.Enabled = false;
buttonDependents.Enabled = false;
buttonDependencies.Enabled = false;
buttonPermissions.Enabled = false;
comboType.Enabled = false;
comboStartType.Enabled = false;
comboErrorControl.Enabled = false;
_oldConfig = new QueryServiceConfig();
this.ClearControls();
}
else
{
try
{
buttonApply.Enabled = true;
buttonStart.Enabled = true;
buttonStop.Enabled = true;
buttonDependents.Enabled = true;
buttonDependencies.Enabled = true;
buttonPermissions.Enabled = true;
comboType.Enabled = true;
comboStartType.Enabled = true;
comboErrorControl.Enabled = true;
try
{
using (var shandle =
new ServiceHandle(listServices.SelectedItems[0].Name, ServiceAccess.QueryConfig))
_provider.UpdateServiceConfig(listServices.SelectedItems[0].Name, shandle.GetConfig());
}
catch
{ }
ServiceItem item = _provider.Dictionary[listServices.SelectedItems[0].Name];
_oldConfig = item.Config;
_oldConfig.BinaryPathName = FileUtils.GetFileName(_oldConfig.BinaryPathName);
buttonStart.Enabled = true;
buttonStop.Enabled = true;
if (item.Status.ServiceStatusProcess.CurrentState == ServiceState.Running)
buttonStart.Enabled = false;
else if (item.Status.ServiceStatusProcess.CurrentState == ServiceState.Stopped)
buttonStop.Enabled = false;
if ((item.Status.ServiceStatusProcess.ControlsAccepted & ServiceAccept.Stop) == 0)
buttonStop.Enabled = false;
labelServiceName.Text = item.Status.ServiceName;
labelServiceDisplayName.Text = item.Status.DisplayName;
comboType.SelectedItem = item.Config.ServiceType.ToString();
if (item.Config.ServiceType ==
(ProcessHacker.Native.Api.ServiceType.Win32OwnProcess |
ProcessHacker.Native.Api.ServiceType.InteractiveProcess))
comboType.SelectedItem = "Win32OwnProcess, InteractiveProcess";
else if (item.Config.ServiceType ==
(ProcessHacker.Native.Api.ServiceType.Win32ShareProcess |
ProcessHacker.Native.Api.ServiceType.InteractiveProcess))
comboType.SelectedItem = "Win32ShareProcess, InteractiveProcess";
comboStartType.SelectedItem = item.Config.StartType.ToString();
comboErrorControl.SelectedItem = item.Config.ErrorControl.ToString();
textServiceBinaryPath.Text = FileUtils.GetFileName(item.Config.BinaryPathName);
textUserAccount.Text = item.Config.ServiceStartName;
textLoadOrderGroup.Text = item.Config.LoadOrderGroup;
try
{
using (var shandle
= new ServiceHandle(item.Status.ServiceName, ServiceAccess.QueryConfig))
textDescription.Text = shandle.GetDescription();
}
catch
{
textDescription.Text = string.Empty;
}
textServiceDll.Text = string.Empty;
if (item.Config.ServiceType == ProcessHacker.Native.Api.ServiceType.Win32ShareProcess)
{
try
{
using (var key = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(
"SYSTEM\\CurrentControlSet\\Services\\" + item.Status.ServiceName + "\\Parameters"))
textServiceDll.Text = Environment.ExpandEnvironmentVariables((string)key.GetValue("ServiceDll"));
}
catch
{ }
}
try
{
using (ServiceController controller = new ServiceController(
listServices.SelectedItems[0].Name))
{
if (controller.DependentServices.Length == 0)
buttonDependents.Enabled = false;
if (controller.ServicesDependedOn.Length == 0)
buttonDependencies.Enabled = false;
}
}
catch
{
buttonDependents.Enabled = false;
buttonDependencies.Enabled = false;
}
}
catch (Exception ex)
{
labelServiceName.Text = ex.Message;
_oldConfig = new QueryServiceConfig();
this.ClearControls();
}
}
}