Chapter 4
As you learned in Chapter 3, a Service Control Program (SCP) is an application that communicates with a Service Control Manager (SCM) running on the local machine or on a remote machine. I usually think of an SCP as an application that controls services by starting, stopping, pausing, or continuing them. However, an SCP can do much more: it can manipulate a SCM's database by adding services, removing services, and enumerating the installed services. The SCP can also change a service's configuration. In this chapter, I'll examine the various ways an SCP can communicate with the SCM. Note that the SCM can also be used to start and stop device drivers. Many of the functions discussed in this chapter apply to both services and device drivers; however, I will concentrate on services and avoid any discussion applying to device drivers.
When you write a service, you typically also create an application that administrators use to control that service. This administrative application should control the service by using the various functions described throughout this chapter. This application should also help the administrator deal with other aspects of the service, such as configuring it (described in Chapter 5) and publishing it in Active Directory. Ideally, this administration application is implemented as a snap-in for the Microsoft Management Console (MMC) or with a Web-based console.
The first step in communicating with the SCM of a machine is to call OpenSCManager:
SC_HANDLE OpenSCManager( PCTSTR pszMachineName, PCTSTR pszDatabaseName, DWORD dwDesiredAccess); |
This function establishes a communication channel with the SCM on the machine identified by the pszMachineName parameter; pass NULL to open the SCM on the local machine. The pszDatabaseName parameter identifies which database to open; you should always pass either SERVICES_ACTIVE_DATABASE or NULL for this parameter. The dwDesiredAccess parameter tells the function what you intend to do with the SCM database. Table 4-1 indicates what access rights are available.
Table 4-1. Access right values for OpenSCManager's dwDesiredAccess parameter that specify access to the SCM
Access Rights | Description |
---|---|
SC_MANAGER_ALL_ACCESS | Includes STANDARD_RIGHTS_REQUIRED in addition to all the access types listed in this table. |
SC_MANAGER_CONNECT | Allows connecting to the SCM. This access is always implied, even if not explicitly specified. |
SC_MANAGER_CREATE_SERVICE | Enables calling of CreateService to add a service to the SCM database. |
SC_MANAGER_ENUMERATE_SERVICE | Enables calling of EnumServicesStatus to get the list of services in the SCM database and each service's status. |
SC_MANAGER_LOCK | Enables calling of LockServiceDatabase to stop the SCM from starting any more services. |
SC_MANAGER_QUERY_LOCK_STATUS | Enables calling of QueryServiceLockStatus to find out which user (if any) has locked the SCM database. |
Windows secures the SCM by providing the following default access:
OpenSCManager returns an SC_HANDLE that you pass to other functions so that you can manipulate the SCM's database. When you are finished accessing the SCM database, you must close the handle by passing it to CloseServiceHandle:
BOOL CloseServiceHandle(SC_HANDLE hSCManager); |