hello,
i make a service,but what can i do to make the service can not be
stopped or deleted except me,someone made the service depends on the
rpc,etc.
by the way,my question about how to track all the irp still not be
resolved,does someone can help me?
best regards
ding hao
Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn/
DQoNCg0KDQoNCklmIHlvdSB3YW50IGEgc2VydmljZSB0aGF0IGNhbid0IGJlIHN0b3BwZWQgYnkg
IkFkbWluaXN0cmF0b3IiLCB0aGVuIHlvdSdyZQ0KcHJvYmFibHkgbm90IGdvaW5nIHRvIGdldCB2
ZXJ5IGZhciwgYXMgdGhpcyBpcyBub3QgaG93IE5UIHdhcyBkZXNpZ25lZCB0bw0Kb3BlcmF0ZWQu
IElmIHlvdSBhcmUgIkFkbWluaXN0cmF0b3IiLCB0aGVuIHlvdSBnb3QgcG93ZXIgdG8gZG8gd2hh
dGV2ZXIgeW91DQpsaWtlLg0KDQpXaGF0IEVYQUNUTFkgYXJlIHlvdSB0cnlpbmcgdG8gYWNoaWV2
ZT8NCg0KLS0NCk1hdHMNCg0KYm91bmNlLTE5NTk4Mi0xNDA3OUBsaXN0cy5vc3IuY29tIHdyb3Rl
IG9uIDEyLzEzLzIwMDQgMDI6MTA6NTcgUE06DQoNCj4gaGVsbG8sDQo+ICAgICBpIG1ha2UgYSBz
ZXJ2aWNlLGJ1dCB3aGF0IGNhbiBpIGRvIHRvIG1ha2UgdGhlIHNlcnZpY2UgY2FuIG5vdCBiZQ0K
PiBzdG9wcGVkIG9yIGRlbGV0ZWQgZXhjZXB0IG1lLHNvbWVvbmUgbWFkZSB0aGUgc2VydmljZSBk
ZXBlbmRzIG9uIHRoZQ0KPiBycGMsZXRjLg0KPiAgICAgYnkgdGhlIHdheSxteSBxdWVzdGlvbiBh
Ym91dCBob3cgdG8gdHJhY2sgYWxsIHRoZSBpcnAgc3RpbGwgbm90IGJlDQo+IHJlc29sdmVkLGRv
ZXMgc29tZW9uZSBjYW4gaGVscCBtZT8NCj4gICAgIGJlc3QgcmVnYXJkcw0KPiAgICAgZGluZyBo
YW8NCj4NCj4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX18NCj4gw+K30c/C1NggTVNOIEV4cGxvcmVyOiAgIGh0dHA6Ly9leHBs
b3Jlci5tc24uY29tL2xjY24vDQo+DQo+DQo+IC0tLQ0KPiBRdWVzdGlvbnM/IEZpcnN0IGNoZWNr
IHRoZSBLZXJuZWwgRHJpdmVyIEZBUSBhdCBodHRwOi8vd3d3Lg0KPiBvc3JvbmxpbmUuY29tL2Fy
dGljbGUuY2ZtP2lkPTI1Ng0KPg0KPiBZb3UgYXJlIGN1cnJlbnRseSBzdWJzY3JpYmVkIHRvIG50
ZGV2IGFzOiBtYXRzLnBldGVyc3NvbkAzZGxhYnMuY29tDQo+IFRvIHVuc3Vic2NyaWJlIHNlbmQg
YSBibGFuayBlbWFpbCB0byBsZWF2ZS1udGRldi0xNDA3OUNAbGlzdHMub3NyLmNvbQ0KDQo+IEZv
cndhcmRTb3VyY2VJRDpOVDAwMDA5NTVB
How can you guarantee that someone will help you?
Pay them.
Geez… when did we start getting nasty with people just because their
English is a bit spotty. All he was asking was whether anyone knew the
answer, and he was even trying to be polite…
BTW, Mats is right in the long run… it’s not too hard to prevent
someone from stopping your (kernel mode) service while it’s running
(there are many ways including the brute-force not-recommended approach
of failing to register an Unload routine… it may also work to fail
query-removes). However, nothing you do can prevent an Administrator
from disabling your service and rebooting.
The reason Mats asks what you’re trying to achieve is that there’s often
a better approach to solving the real problem…
Benson Margulies wrote:
How can you guarantee that someone will help you?
Pay them.
–
…/ray..
Please remove “.spamblock” from my email address if you need to contact
me outside the newsgroup.
I disagree. The OP had reposted the same question several times by the
time I posted my snide remark. Various respondents had offered various
options, and the OP just kept asking for someone else to solve the
entire problem for him or her. If that was all a misunderstanding due to
English issues, I’m sorry, but it didn’t read that way to me.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ray Trent
Sent: Monday, December 13, 2004 5:51 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] How to make the service can’t be stopped or deleted?
Geez… when did we start getting nasty with people just because their
English is a bit spotty. All he was asking was whether anyone knew the
answer, and he was even trying to be polite…
BTW, Mats is right in the long run… it’s not too hard to prevent
someone from stopping your (kernel mode) service while it’s running
(there are many ways including the brute-force not-recommended approach
of failing to register an Unload routine… it may also work to fail
query-removes). However, nothing you do can prevent an Administrator
from disabling your service and rebooting.
The reason Mats asks what you’re trying to achieve is that there’s often
a better approach to solving the real problem…
Benson Margulies wrote:
How can you guarantee that someone will help you?
Pay them.
–
…/ray..
Please remove “.spamblock” from my email address if you need to contact
me outside the newsgroup.
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@dchbk.us
To unsubscribe send a blank email to xxxxx@lists.osr.com
Great question. I didn’t know the answer – I’m just a writer – so I asked
our service devs.
You can make a service unstoppable by using the security descriptors on the
service to deny access to the service.
To set the security descriptors, use SetServiceObjectSecurity and set the
values in the SECURITY_DESCRIPTOR structure. The function and the structure
are described in the Platform SDK on MSDN.
You *can* use this method to deny access to admins, but it’s definitely NOT
recommended.
Hope this helps,
June Blender (MSFT)
DDK Tool Docs
xxxxx@microsoft.com
“shark marian” wrote in message
news:xxxxx@ntdev…
> hello,
> i make a service,but what can i do to make the service can not be
> stopped or deleted except me,someone made the service depends on the
> rpc,etc.
> by the way,my question about how to track all the irp still not be
> resolved,does someone can help me?
> best regards
> ding hao
>
> _________________________________________________________________
> Ãâ·ÑÏÂÔØ MSN Explorer: http://explorer.msn.com/lccn/
>
June Blender (MSFT) wrote:
You *can* use this method to deny access to admins, but it's definitely NOT
recommended.
../ray..
Please remove ".spamblock" from my email address if you need to contact
me outside the newsgroup.
One approach I used ( in the past ) is a separate logon based on admin configuration, and make sure the dispatch points (SCM’s call ) for pausing, stopping(s) etc are ignored if logon fails. I might not be robust, but just …
-pro