Hi team,
I have created an ELAM driver ( definitely from sample code ) which is used to start my Windows service in order to prevent user to stop / start it. But , there is a use case where I need to stop/start from user mode application.
Kindly help me to how to do?
I’m curious, what sample did you use?
As for stopping it, I wonder if you specified dwControlsAccepted=SERVICE_ACCEPT_STOP when you called SetServiceStatus. In that case wouldn’t Microsoft’s default services.msc allow a user to stop it? Although, tbh allowing an ELAM service to be stopped from a user-mode process running with just the admin rights kinda defeats the purpose of ELAM.
I am using Microsoft sample ELAM driver.
As my Windows service is started in protected mode by ELAM driver, it is not allowing to stop the service by the user mode application even SERVCE_CCEPT_STOP specified in dwControlsAccepted.
What I understand from your suggestion is that first I will have to stop the ELAM driver through Admin rights and try to stop the service.
( I suspect it may need system restart )
Also, is it possible to expose any API in the driver for stop service and will it be invoked by the user mode application ?
Sure, you can try to stop it from the inside. I’ve never done that, but I would try to issue SetServiceStatus with dwCurrentState=SERVICE_STOPPED to self. After that the SCM will attempt to stop it. If that doesn’t work, try to spawn another PPL process (you have a driver, right) and issue the SetServiceStatus to your service from there. But again, my guess is that ELAM service is not supposed to be stopped.
Thank you for the suggestions. I will try the same.
I learned now that ELAM driver is not running continuously and is unloaded once the boot process is completed. Hence, I can not write any function inside the driver and can only stop inside the protected service.