用Delphi创建服务程序[3]

inc ecx
@@1: sub ebx,ecx
mov edi,esi
mov esi,edx
mov edx,edi
mov ecx,ebx
shr ecx,2
rep movsd
mov ecx,ebx
and ecx,3
rep movsb
stosb
mov eax,edx
pop ebx
pop esi
pop edi
end;

function strpcopy(dest: pchar; const source: string): pchar;
begin
result := strlcopy(dest, pchar(source), length(source));
end;

function installservice(const strservicename,strdisplayname,strdescription,strfilename: string):boolean;
var
//ss : tservicestatus;
//pstemp : pchar;
hscm,hscs:thandle;

srvdesc : pservicedescription;
desc : string;
//srvtype : dword;

lpserviceargvectors:pchar;
begin
result:=false;
//pstemp := nil;
//srvtype := service_win32_own_process and service_interactive_process;
hscm:=openscmanager(nil,nil,sc_manager_all_access);//连接服务数据库
if hscm=0 then exit;//messagebox(hhandle,pchar(syserrormessage(getlasterror)),'服务程序管理器',mb_iconerror+mb_topmost);


hscs:=createservice( //创建服务函数
hscm, // 服务控制管理句柄
pchar(strservicename), // 服务名称
pchar(strdisplayname), // 显示的服务名称
service_all_access, // 存取权利
service_win32_own_process or service_interactive_process,// 服务类型 service_win32_share_process
service_auto_start, // 启动类型
service_error_ignore, // 错误控制类型
pchar(strfilename), // 服务程序
nil, // 组服务名称
nil, // 组标识
nil, // 依赖的服务
nil, // 启动服务帐号
nil); // 启动服务口令
if hscs=0 then exit;//messagebox(hhandle,pchar(syserrormessage(getlasterror)),pchar(application.title),mb_iconerror+mb_topmost);

if assigned(changeserviceconfig2) then
begin
desc := copy(strdescription,1,1024);
getmem(srvdesc,sizeof(tservicedescription));
getmem(srvdesc^.lpdescription,length(desc) + 1);
try
strpcopy(srvdesc^.lpdescription, desc);
changeserviceconfig2(hscs,service_config_description,srvdesc);
finally
freemem(srvdesc^.lpdescription);
freemem(srvdesc);
end;
end;
lpserviceargvectors := nil;
if not startservice(hscs, 0, lpserviceargvectors) then //启动服务
exit; //messagebox(hhandle,pchar(syserrormessage(getlasterror)),pchar(application.title),mb_iconerror+mb_topmost);
closeservicehandle(hscs); //关闭句柄
result:=true;
end;

procedure uninstallservice(strservicename:string);
var
scmanager: sc_handle;
service: sc_handle;
status: tservicestatus;
begin
scmanager := openscmanager(nil, nil, sc_manager_all_access);
if scmanager = 0 then exit;
try
service := openservice(scmanager, pchar(strservicename), service_all_access);
controlservice(service, service_control_stop, status);
deleteservice(service);
closeservicehandle(service);
finally
closeservicehandle(scmanager);
end;
end;

end.

(5)如何暴力关闭一个服务程序,实现我们以前那个"nt工具箱"的功能?首先,根据进程名称来杀死进程是用以下函数:
uses tlhelp32;

function killtask(exefilename: string): integer;
const
process_terminate = $0001;
var
continueloop: bool;
fsnapshothandle: thandle;
fprocessentry32: tprocessentry32;
begin
result := 0;
fsnapshothandle := createtoolhelp32snapshot(th32cs_snapprocess, 0);
fprocessentry32.dwsize := sizeof(fprocessentry32);
continueloop := process32first(fsnapshothandle, fprocessentry32);

while integer(continueloop) <> 0 do
begin
if ((uppercase(extractfilename(fprocessentry32.szexefile)) =
uppercase(exefilename)) or (uppercase(fprocessentry32.szexefile) =
uppercase(exefilename))) then
result := integer(terminateprocess(
openprocess(process_terminate,
bool(0),
fprocessentry32.th32processid),
0));
continueloop := process32next(fsnapshothandle, fprocessentry32);
end;
closehandle(fsnapshothandle);
end;

但是对于服务程序,它会提示"拒绝访问".其实只要程序拥有debug权限即可:
function enabledebugprivilege: boolean;
function enableprivilege(htoken: cardinal; privname: string; benable: boolean): boolean;
var
tp: token_privileges;
dummy: cardinal;
begin
tp.privilegecount := 1;
lookupprivilegevalue(nil, pchar(privname), tp.privileges[0].luid);
if benable then
tp.privileges[0].attributes := se_privilege_enabled
else tp.privileges[0].attributes := 0;
adjusttokenprivileges(htoken, false, tp, sizeof(tp), nil, dummy);
result := getlasterror = error_success;
end;

var
htoken: cardinal;
begin
openprocesstoken(getcurrentprocess, token_adjust_privileges, htoken);
result:=enableprivilege(htoken, 'sedebugprivilege', true);
closehandle(htoken);
end;

使用方法:
enabledebugprivilege;//提升权限
killtask('xxxx.exe');//关闭该服务程序.