Esempio n. 1
0
        internal ServiceInformation(string machine_name, string name, SecurityDescriptor sd,
                                    IEnumerable <ServiceTriggerInformation> triggers, ServiceSidType sid_type,
                                    ServiceLaunchProtectedType launch_protected, IEnumerable <string> required_privileges,
                                    SafeStructureInOutBuffer <QUERY_SERVICE_CONFIG> config, bool delayed_auto_start)
        {
            Name = name;
            SecurityDescriptor = sd;
            Triggers           = triggers;
            SidType            = sid_type;
            LaunchProtected    = launch_protected;
            RequiredPrivileges = required_privileges;

            if (config == null)
            {
                BinaryPathName   = string.Empty;
                LoadOrderGroup   = string.Empty;
                Dependencies     = new string[0];
                DisplayName      = string.Empty;
                ServiceStartName = string.Empty;
                return;
            }

            var result = config.Result;

            ServiceType      = result.dwServiceType;
            StartType        = result.dwStartType;
            ErrorControl     = result.dwErrorControl;
            BinaryPathName   = result.lpBinaryPathName.GetString();
            LoadOrderGroup   = result.lpLoadOrderGroup.GetString();
            TagId            = result.dwTagId;
            Dependencies     = result.lpLoadOrderGroup.GetMultiString();
            DisplayName      = result.lpDisplayName.GetString();
            ServiceStartName = result.lpServiceStartName.GetString();
            DelayedAutoStart = delayed_auto_start;
            MachineName      = machine_name ?? string.Empty;
            ImagePath        = string.Empty;
            ServiceDll       = string.Empty;
            ServiceHostType  = string.Empty;
            ServiceMain      = string.Empty;

            // TODO: Maybe try and query using remote registry service?
            if (!string.IsNullOrEmpty(MachineName))
            {
                return;
            }
            ImagePath = Win32Utils.GetImagePathFromCommandLine(BinaryPathName);
            using (RegistryKey key = OpenKeySafe(Registry.LocalMachine, $@"SYSTEM\CurrentControlSet\Services\{Name}"))
            {
                if (key != null)
                {
                    UserName   = ReadStringFromKey(key, null, "ObjectName");
                    ServiceDll = ReadStringFromKey(key, "Parameters", "ServiceDll");
                    if (string.IsNullOrEmpty(ServiceDll))
                    {
                        ServiceDll = ReadStringFromKey(key, null, "ServiceDll");
                    }

                    if (!string.IsNullOrEmpty(ServiceDll))
                    {
                        string[] args = Win32Utils.ParseCommandLine(BinaryPathName);
                        for (int i = 0; i < args.Length - 1; ++i)
                        {
                            if (args[i] == "-k")
                            {
                                ServiceHostType = args[i + 1];
                                break;
                            }
                        }

                        ServiceMain = ReadStringFromKey(key, "Parameters", "ServiceMain");
                        if (string.IsNullOrEmpty(ServiceMain))
                        {
                            ServiceMain = "ServiceMain";
                        }
                    }
                }
            }
        }