Kayaker
September 2nd, 2003, 01:05
Hi all,
As was mentioned, there seems to be an increased interest in the topics of Win2K system services and driver programming in general, and I've been working on some stuff that might be of some use. Doug has discussed debugging the OpenSCManager via EnumServiceStatus and its tortuous path to NdrClientCall2, only to disappear into oblivion...
I wanted to look a little closer at the associated ENUM_SERVICE_STATUS_PROCESS structure which contains the name and information about a service and its status, to see what might be uncovered. So I developed a test app which enumerates all the Win32 and Driver Services running on a system and returns each field with descriptive flags from the two Service Control Manager structures, ENUM_SERVICE_STATUS_PROCESS and SERVICE_STATUS_PROCESS.
A right click menu on the listview allows for starting or stopping a service. This is not meant to be a full fledged Service Control Manager, just an exploration into the code required to handle the SCM and an informational package. Starting or stopping some services may produce unpredictable results, but DeleteService is never called so important registry entries are not removed.
There is an included file JunkTest.exe which loads a kernel KMD driver I wrote for testing. These files are a complete example of writing and debugging a KMD in MASM that might be useful to some. All commented source code and notes is included for both projects and the programs are compiled with debug information and include the NMS files. While the KMD code is a distillation from several sources of information, the MASM KmdKit1.2 from Four-F and much study is required for anyone interested in programming KMDs.
There still needs to be study in how SERVICE_WIN32 services are handled differently from kernel SERVICE_DRIVER services, and how other system calls such as NdrClientCall2 are used to gather the information returned in the SERVICE_STATUS_PROCESS structure, as part of the
user<->subsystem communication system. Lol, for now it was just a funky project
Have fun with it and let me know if there are any problems.
------------------------
I'm happy to include an unpublished KMD tutorial from Clandestiny around which I initially based my KMD development and shamelessly ripped code. It's a nice summary of what you need to know to get started along with many linked function descriptions ripped from the DDK for those without. I will up the attachment in the next post.
Kernel Mode Driver Tutorial: Part I: “The Skeleton KMD”
by Clandestiny
Anyone familiar with VxD programming will find that many of the basic concepts are similar and carry over to KMD writing, the main difference being the rash of new and often undocumented functions. To go beyond the basics and the DDK there are these 3 books and newsgroups that are indispensible.
Programming the Microsoft Windows Driver Model 2nd - WalterOney
Prentice Hall - The Windows 2000 Device Driver Book - Guide For Programmers 2Ed
Undocumented WinNT - Prasad Dabak et al.
microsoft.public.win32.programmer.kernel
microsoft.public.development.device.drivers
comp.os.ms-windows.programmer.vxd
Good luck,
Kayaker
attached OpenSCM_Controller.zip w/ KMD example source 250K
As was mentioned, there seems to be an increased interest in the topics of Win2K system services and driver programming in general, and I've been working on some stuff that might be of some use. Doug has discussed debugging the OpenSCManager via EnumServiceStatus and its tortuous path to NdrClientCall2, only to disappear into oblivion...
I wanted to look a little closer at the associated ENUM_SERVICE_STATUS_PROCESS structure which contains the name and information about a service and its status, to see what might be uncovered. So I developed a test app which enumerates all the Win32 and Driver Services running on a system and returns each field with descriptive flags from the two Service Control Manager structures, ENUM_SERVICE_STATUS_PROCESS and SERVICE_STATUS_PROCESS.
A right click menu on the listview allows for starting or stopping a service. This is not meant to be a full fledged Service Control Manager, just an exploration into the code required to handle the SCM and an informational package. Starting or stopping some services may produce unpredictable results, but DeleteService is never called so important registry entries are not removed.
There is an included file JunkTest.exe which loads a kernel KMD driver I wrote for testing. These files are a complete example of writing and debugging a KMD in MASM that might be useful to some. All commented source code and notes is included for both projects and the programs are compiled with debug information and include the NMS files. While the KMD code is a distillation from several sources of information, the MASM KmdKit1.2 from Four-F and much study is required for anyone interested in programming KMDs.
There still needs to be study in how SERVICE_WIN32 services are handled differently from kernel SERVICE_DRIVER services, and how other system calls such as NdrClientCall2 are used to gather the information returned in the SERVICE_STATUS_PROCESS structure, as part of the
user<->subsystem communication system. Lol, for now it was just a funky project

Have fun with it and let me know if there are any problems.
------------------------
I'm happy to include an unpublished KMD tutorial from Clandestiny around which I initially based my KMD development and shamelessly ripped code. It's a nice summary of what you need to know to get started along with many linked function descriptions ripped from the DDK for those without. I will up the attachment in the next post.
Kernel Mode Driver Tutorial: Part I: “The Skeleton KMD”
by Clandestiny
Anyone familiar with VxD programming will find that many of the basic concepts are similar and carry over to KMD writing, the main difference being the rash of new and often undocumented functions. To go beyond the basics and the DDK there are these 3 books and newsgroups that are indispensible.
Programming the Microsoft Windows Driver Model 2nd - WalterOney
Prentice Hall - The Windows 2000 Device Driver Book - Guide For Programmers 2Ed
Undocumented WinNT - Prasad Dabak et al.
microsoft.public.win32.programmer.kernel
microsoft.public.development.device.drivers
comp.os.ms-windows.programmer.vxd
Good luck,
Kayaker
attached OpenSCM_Controller.zip w/ KMD example source 250K