先说一下nt服务的特点:
1.随系统的启动而启动
2.隐蔽性比较好,一般的手动方式不能删除
3.只适用于nt内核的os
win98下的请参考registerserviceprocess api,这个api函数将进程注册为一个服务模式的进程.
下面是我写好的class,你只要在这个程序中用这个包含这个.h文件就可以了。
======================
service.h
// service.h: interface for the cservice class.
//
//////////////////////////////////////////////////////////////////////
#if !defined(afx_service_h__6ed74430_7123_484d_8cbd_a8e15381a869__included_)
#define afx_service_h__6ed74430_7123_484d_8cbd_a8e15381a869__included_
#if _msc_ver > 1000
#pragma once
#endif // _msc_ver > 1000
#include "winsvc.h"
class cservice
{
public:
void init_service_table_entry();
cservice();
virtual ~cservice();
void installservice();
static void winapi servicemain(dword dwargc, lptstr *lpszargv);
static void winapi beginsrv(dword opcode);
//
//static service_status_handle hservicestatus;
//static sc_handle scm,svc;
//static service_status servicestatus;
};
#endif // !defined(afx_service_h__6ed74430_7123_484d_8cbd_a8e15381a869__included_)
////////////////////////////
service.cpp
// service.cpp: implementation of the cservice class.
//
//////////////////////////////////////////////////////////////////////
#include "stdafx.h"
#include "service.h"
#ifdef _debug
#undef this_file
static char this_file[]=__file__;
#define new debug_new
#endif
//////////////////////////////////////////////////////////////////////
// construction/destruction
//////////////////////////////////////////////////////////////////////
service_status_handle hservicestatus;
sc_handle scm,svc;
service_status servicestatus;
cservice::cservice()
{
}
cservice::~cservice()
{
}
void winapi cservice::beginsrv(dword opcode)
{
switch(opcode)
{
case service_control_stop:
servicestatus.dwcurrentstate =service_stopped;
setservicestatus (hservicestatus,&servicestatus);
break;
case service_control_continue:
servicestatus.dwcurrentstate = service_running;
setservicestatus (hservicestatus,&servicestatus);
break;
case service_control_pause:
servicestatus.dwcurrentstate = service_paused;
setservicestatus (hservicestatus,&servicestatus);
break;
case service_control_interrogate:
break;
}
setservicestatus (hservicestatus,&servicestatus);
}
void cservice::init_service_table_entry()
{
service_table_entry ste[2];
ste[0].lpservicename="virusservice";//service name
ste[0].lpserviceproc=servicemain; //service function name
// the last one must be null
ste[1].lpservicename=null;
ste[1].lpserviceproc=null;
startservicectrldispatcher(ste);
installservice();
}
void winapi cservice::servicemain(dword dwargc, lptstr *lpszargv)
{
servicestatus.dwservicetype = service_win32;
servicestatus.dwcurrentstate = service_start_pending;
servicestatus.dwcontrolsaccepted = service_accept_stop|service_accept_pause_continue;
servicestatus.dwservicespecificexitcode = 0;
servicestatus.dwwin32exitcode = 0;
servicestatus.dwcheckpoint = 0;
servicestatus.dwwaithint = 0;
registerservicectrlhandler("virusservice",beginsrv);
servicestatus.dwcurrentstate = service_running;
servicestatus.dwcheckpoint = 0;
servicestatus.dwwaithint = 0;
setservicestatus(hservicestatus,&servicestatus);
servicestatus.dwcurrentstate = service_running;
servicestatus.dwcheckpoint = 0;
servicestatus.dwwaithint = 0;
setservicestatus(hservicestatus,&servicestatus); //set service status
}
void cservice::installservice()
{
//get the modulefilename
char currentpath[128];
getmodulefilename(null,currentpath,128);
char* p = strrchr(currentpath,'\\'); //检测最后是否以"\\"结尾,如果是,删除。
if (*p) //返回当前文件的路径
*p = 0;
lpctstr lpsysfilename;
lpsysfilename=(lpctstr)lstrcat(currentpath,"\\test.exe");
