internal RunningService(string name, string display_name, SERVICE_STATUS_PROCESS status)
{
Name = name;
DisplayName = display_name;
ServiceType = status.dwServiceType;
Status = status.dwCurrentState;
ProcessId = status.dwProcessId;
ControlsAccepted = status.dwControlsAccepted;
Win32ExitCode = status.dwWin32ExitCode;
ServiceSpecificExitCode = status.dwServiceSpecificExitCode;
CheckPoint = status.dwCheckPoint;
WaitHint = status.dwWaitHint;
ServiceFlags = status.dwServiceFlags;
ServiceDll = string.Empty;
ImagePath = string.Empty;
CommandLine = string.Empty;
ServiceHostType = string.Empty;
using (RegistryKey key = OpenKeySafe(Registry.LocalMachine, $@"SYSTEM\CurrentControlSet\Services\{Name}"))
{
if (key != null)
{
CommandLine = ReadStringFromKey(key, null, "ImagePath");
ImagePath = Win32Utils.GetImagePathFromCommandLine(CommandLine);
string[] args = Win32Utils.ParseCommandLine(CommandLine);
if (ServiceType.HasFlagSet(ServiceType.Win32ShareProcess))
{
for (int i = 0; i < args.Length - 1; ++i)
{
if (args[i] == "-k")
{
ServiceHostType = args[i + 1];
break;
}
}
}
ServiceDll = ReadStringFromKey(key, "Parameters", "ServiceDll");
if (string.IsNullOrEmpty(ServiceDll))
{
ServiceDll = ReadStringFromKey(key, null, "ServiceDll");
}
UserName = ReadStringFromKey(key, null, "ObjectName");
}
}
_service_information = new Lazy <ServiceInformation>(GetServiceInformation);
}
internal ServiceInformation(string machine_name, string name, SecurityDescriptor sd,
IEnumerable <ServiceTriggerInformation> triggers, ServiceSidType sid_type,
ServiceLaunchProtectedType launch_protected, IEnumerable <string> required_privileges,
SafeStructureInOutBuffer <QUERY_SERVICE_CONFIG> config, bool delayed_auto_start)
{
Name = name;
SecurityDescriptor = sd;
Triggers = triggers;
SidType = sid_type;
LaunchProtected = launch_protected;
RequiredPrivileges = required_privileges;
if (config == null)
{
BinaryPathName = string.Empty;
LoadOrderGroup = string.Empty;
Dependencies = new string[0];
DisplayName = string.Empty;
ServiceStartName = string.Empty;
return;
}
var result = config.Result;
ServiceType = result.dwServiceType;
StartType = result.dwStartType;
ErrorControl = result.dwErrorControl;
BinaryPathName = result.lpBinaryPathName.GetString();
LoadOrderGroup = result.lpLoadOrderGroup.GetString();
TagId = result.dwTagId;
Dependencies = result.lpLoadOrderGroup.GetMultiString();
DisplayName = result.lpDisplayName.GetString();
ServiceStartName = result.lpServiceStartName.GetString();
DelayedAutoStart = delayed_auto_start;
MachineName = machine_name ?? string.Empty;
ImagePath = string.Empty;
ServiceDll = string.Empty;
ServiceHostType = string.Empty;
ServiceMain = string.Empty;
// TODO: Maybe try and query using remote registry service?
if (!string.IsNullOrEmpty(MachineName))
{
return;
}
ImagePath = Win32Utils.GetImagePathFromCommandLine(BinaryPathName);
using (RegistryKey key = OpenKeySafe(Registry.LocalMachine, $@"SYSTEM\CurrentControlSet\Services\{Name}"))
{
if (key != null)
{
UserName = ReadStringFromKey(key, null, "ObjectName");
ServiceDll = ReadStringFromKey(key, "Parameters", "ServiceDll");
if (string.IsNullOrEmpty(ServiceDll))
{
ServiceDll = ReadStringFromKey(key, null, "ServiceDll");
}
if (!string.IsNullOrEmpty(ServiceDll))
{
string[] args = Win32Utils.ParseCommandLine(BinaryPathName);
for (int i = 0; i < args.Length - 1; ++i)
{
if (args[i] == "-k")
{
ServiceHostType = args[i + 1];
break;
}
}
ServiceMain = ReadStringFromKey(key, "Parameters", "ServiceMain");
if (string.IsNullOrEmpty(ServiceMain))
{
ServiceMain = "ServiceMain";
}
}
}
}
}