Re: How can I tell if I'm running as a service
From: Old Fart (oldfart_at_newsgroups.nospam)
Date: 08/11/04
- Next message: Alexander Grigoriev: "Re: how to generate a huge file IMMEDIATELY?"
- Previous message: Mohun Biswas: "Re: comparing PE files with CRC/checksum"
- In reply to: William DePalo [MVP VC++]: "Re: How can I tell if I'm running as a service"
- Next in thread: Chuck Chopp: "Re: How can I tell if I'm running as a service"
- Reply: Chuck Chopp: "Re: How can I tell if I'm running as a service"
- Reply: poltrone: "Re: How can I tell if I'm running as a service"
- Reply: Aaron Margosis [MS]: "Re: How can I tell if I'm running as a service"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 11 Aug 2004 08:32:32 -0700
I'm not entirely comfortable with this approach. In particular, my reading
of the meaning of SECURITY_SERVICE_RID is that the account is authorized to
run services, not necessarily that the process is running as a service.
Also, the code is so ugly that I'd feel compelled to completely rewrite it.
One approach that occurred to me would be to check to see if the parent
process was services.exe. My main discomfort here is relying on the
particular name "services.exe". Any suggestions on a better way to
determine if a particular process is the service manager?
Then, I also noticed that I could trace the lineage of service processes all
the way back to process 0. On the other hand, I could not do that for my
user mode processes. So, another possibility would be to try to trace back
to process 0. If I could not get to process 0, then I'm not a service. If
I can, then I might be a service and I'll call StartServiceCtrlDispatcher
and see whether or not it fails.
Any comments on the relative merits of these three approaches (including the
process token approach)? Any better ideas?
"William DePalo [MVP VC++]" <willd.no.spam@mvps.org> wrote in message
news:e%23tVRh0fEHA.3988@tk2msftngp13.phx.gbl...
> "Old Fart" <oldfart@newsgroups.nospam> wrote in message
> news:ulg1rOzfEHA.396@TK2MSFTNGP12.phx.gbl...
> > Can someone suggest a fast way to tell whether or not my application is
> > being started as a service? (Please do not suggest using command line
> > parameters.)
>
> You may want to take a look at the heuristic demonstrated here:
>
> http://win32.mvps.org/security/is_svc.html
>
> Regards,
> Will
>
>
- Next message: Alexander Grigoriev: "Re: how to generate a huge file IMMEDIATELY?"
- Previous message: Mohun Biswas: "Re: comparing PE files with CRC/checksum"
- In reply to: William DePalo [MVP VC++]: "Re: How can I tell if I'm running as a service"
- Next in thread: Chuck Chopp: "Re: How can I tell if I'm running as a service"
- Reply: Chuck Chopp: "Re: How can I tell if I'm running as a service"
- Reply: poltrone: "Re: How can I tell if I'm running as a service"
- Reply: Aaron Margosis [MS]: "Re: How can I tell if I'm running as a service"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
