Windows 服务应用程序介绍
Microsoft Windows 服务(即,以前的 NT 服务)使您能够创建在它们自己的 Windows 会话中可长时间运行的可执行应用程序。 这些服务可以在计算机启动时自动启动,可以暂停和重新启动而且不显示任何用户界面。 这些功能使服务非常适合在服务器上使用,每当需要使用不会影响在同一台计算机上工作的其他用户的功能时也适用。 还可以在不同于登录用户的特定用户帐户或默认计算机帐户的安全上下文中运行服务。
#include <windows.h>
#include <strsafe.h>
#include "sample.h"
#include "sdk.h"
#include "writelog.h"
int startagentM();
int fill(char *,char *,int *);
char *queryView (char *,char *,int *);
void freem(void *);
DWORD WINAPI eventthread(LPVOID arg);
#pragma comment(lib, "advapi32.lib")
#define SVCNAME TEXT("LuolTestService")
SERVICE_STATUS gSvcStatus;
SERVICE_STATUS_HANDLE gSvcStatusHandle;
HANDLE ghSvcStopEvent = NULL;
VOID SvcInstall(void);
VOID WINAPI SvcCtrlHandler( DWORD );
VOID WINAPI SvcMain( DWORD, LPTSTR * );
VOID ReportSvcStatus( DWORD, DWORD, DWORD );
VOID SvcInit( DWORD, LPTSTR * );
VOID SvcReportEvent( LPTSTR );
void WriteLog(const char *);
void __cdecl _tmain(int argc, TCHAR *argv[])
{
//这里不用,仅用于运行时候,需要输入参数install时(安装服务)
if( lstrcmpi( argv[1], TEXT("install")) == 0 )
{
SvcInstall();
return;
}
// TO_DO: Add any additional services for the process to this table.
SERVICE_TABLE_ENTRY DispatchTable[] =
{
{ SVCNAME, (LPSERVICE_MAIN_FUNCTION) SvcMain },
{NULL,NULL}
};
// This call returns when the service has stopped.
// The process should simply terminate when the call returns.
if (!StartServiceCtrlDispatcher( DispatchTable ))
{
SvcReportEvent(TEXT("StartServiceCtrlDispatcher"));
}
}
VOID SvcInstall()
{
SC_HANDLE schSCManager;
SC_HANDLE schService;
TCHAR szPath[MAX_PATH];
if( !GetModuleFileName( NULL, szPath, MAX_PATH ) )
{
printf("Cannot install service (%d)\n", GetLastError());
return;
}
// Get a handle to the SCM database.
schSCManager = OpenSCManager(
NULL, // local computer
NULL, // ServicesActive database
SC_MANAGER_ALL_ACCESS); // full access rights
if (NULL == schSCManager)
{
printf("OpenSCManager failed (%d)\n", GetLastError());
return;
}
// Create the service
schService = CreateService(
schSCManager, // SCM database
SVCNAME, // name of service
SVCNAME, // service name to display
SERVICE_ALL_ACCESS, // desired access
SERVICE_WIN32_OWN_PROCESS, // service type
SERVICE_DEMAND_START, // start type
SERVICE_ERROR_NORMAL, // error control type
szPath, // path to service's binary
NULL, // no load ordering group
NULL, // no tag identifier
NULL, // no dependencies
NULL, // LocalSystem account
NULL); // no password
if (schService == NULL)
{
printf("CreateService failed (%d)\n", GetLastError());
CloseServiceHandle(schSCManager);
return;
}
else printf("Service installed successfully\n");
CloseServiceHandle(schService);
CloseServiceHandle(schSCManager);
}
VOID WINAPI SvcMain( DWORD dwArgc, LPTSTR *lpszArgv )
{
// Register the handler function for the service
gSvcStatusHandle = RegisterServiceCtrlHandler(
SVCNAME,
SvcCtrlHandler);
if( !gSvcStatusHandle )
{
SvcReportEvent(TEXT("RegisterServiceCtrlHandler"));
return;
}
// These SERVICE_STATUS members remain as set here
gSvcStatus.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
gSvcStatus.dwServiceSpecificExitCode = 0;
// Report initial status to the SCM
ReportSvcStatus( SERVICE_START_PENDING, NO_ERROR, 3000 );
// Perform service-specific initialization and work.
SvcInit( dwArgc, lpszArgv );
}
//
// Purpose:
// The service code
//
// Parameters:
// dwArgc - Number of arguments in the lpszArgv array
// lpszArgv - Array of strings. The first string is the name of
// the service and subsequent strings are passed by the process
// that called the StartService function to start the service.
//
// Return value:
// None
//
VOID SvcInit( DWORD dwArgc, LPTSTR *lpszArgv)
{
// TO_DO: Declare and set any required variables.
// Be sure to periodically call ReportSvcStatus() with
// SERVICE_START_PENDING. If initialization fails, call
// ReportSvcStatus with SERVICE_STOPPED.
// Create an event. The control handler function, SvcCtrlHandler,
// signals this event when it receives the stop control code.
ghSvcStopEvent = CreateEvent(
NULL, // default security attributes
TRUE, // manual reset event
FALSE, // not signaled
NULL); // no name
if ( ghSvcStopEvent == NULL)
{
ReportSvcStatus( SERVICE_STOPPED, NO_ERROR, 0 );
return;
}
// Report running status when initialization is complete.
ReportSvcStatus( SERVICE_RUNNING, NO_ERROR, 0 );
//以下是安全代理的代码
WriteLog("代理开始\n");
if(agentInit ("config.xml",fill,queryView,freem) != 0)
{
WriteLog("代理执行错误\n");
}
WriteLog("代理执行完毕\n");
startagentM();
WriteLog("线程组装完毕\n");
startAgent (); //程序阻塞在这里
WriteLog("代理结束\n");
// TO_DO: Perform work until service stops.
while(1)
{
// Check whether to stop the service.
WaitForSingleObject(ghSvcStopEvent, INFINITE);
ReportSvcStatus( SERVICE_STOPPED, NO_ERROR, 0 );
return;
}
}
//
// Purpose:
// Sets the current service status and reports it to the SCM.
//
// Parameters:
// dwCurrentState - The current state (see SERVICE_STATUS)
// dwWin32ExitCode - The system error code
// dwWaitHint - Estimated time for pending operation,
// in milliseconds
//
// Return value:
// None
//
VOID ReportSvcStatus( DWORD dwCurrentState,
DWORD dwWin32ExitCode,
DWORD dwWaitHint)
{
static DWORD dwCheckPoint = 1;
// Fill in the SERVICE_STATUS structure.
gSvcStatus.dwCurrentState = dwCurrentState;
gSvcStatus.dwWin32ExitCode = dwWin32ExitCode;
gSvcStatus.dwWaitHint = dwWaitHint;
if (dwCurrentState == SERVICE_START_PENDING)
gSvcStatus.dwControlsAccepted = 0;
else gSvcStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP;
if ( (dwCurrentState == SERVICE_RUNNING) ||
(dwCurrentState == SERVICE_STOPPED) )
gSvcStatus.dwCheckPoint = 0;
else gSvcStatus.dwCheckPoint = dwCheckPoint++;
// Report the status of the service to the SCM.
SetServiceStatus( gSvcStatusHandle, &gSvcStatus );
}
//
// Purpose:
// Called by SCM whenever a control code is sent to the service
// using the ControlService function.
//
// Parameters:
// dwCtrl - control code
//
// Return value:
// None
//
VOID WINAPI SvcCtrlHandler( DWORD dwCtrl )
{
// Handle the requested control code.
switch(dwCtrl)
{
case SERVICE_CONTROL_STOP:
ReportSvcStatus(SERVICE_STOP_PENDING, NO_ERROR, 0);
// Signal the service to stop.
SetEvent(ghSvcStopEvent);
ReportSvcStatus(gSvcStatus.dwCurrentState, NO_ERROR, 0);
return;
case SERVICE_CONTROL_INTERROGATE:
break;
default:
break;
}
}
//
// Purpose:
// Logs messages to the event log
//
// Parameters:
// szFunction - name of function that failed
//
// Return value:
// None
//
// Remarks:
// The service must have an entry in the Application event log.
//
VOID SvcReportEvent(LPTSTR szFunction)
{
HANDLE hEventSource;
LPCTSTR lpszStrings[2];
TCHAR Buffer[80];
hEventSource = RegisterEventSource(NULL, SVCNAME);
if( NULL != hEventSource )
{
StringCchPrintf(Buffer, 80, TEXT("%s failed with %d"), szFunction, GetLastError());
lpszStrings[0] = SVCNAME;
lpszStrings[1] = Buffer;
ReportEvent(hEventSource, // event log handle
EVENTLOG_ERROR_TYPE, // event type
0, // event category
SVC_ERROR, // event identifier
NULL, // no security identifier
2, // size of lpszStrings array
0, // no binary data
lpszStrings, // array of strings
NULL); // no binary data
DeregisterEventSource(hEventSource);
}
}
int fill(char *operatecode,char *policy,int *error)
{
//std::cout<<"fill operatecode:"<<operatecode<<" policy:"<<policy<<std::endl;
//printf("fill operatecode:%s policy:%s\n", operatecode,policy);
if(strcmp(operatecode,"SDMI_1.00") == 0)
{
WriteLog("添加设置系统接口参数的代码\n");
}
else if(strcmp(operatecode,"VirusScan_1.00")==0){
//在此执行病毒扫描操作
WriteLog("执行扫描\n");
}
else
{
WriteLog("其他\n");
}
*error = 0;
return 0;
}
void freem(void *p)
{
delete[] p;
}
char *queryView (char *operatecode,char *operateparam,int *error)
{
char *view = NULL;
if(strcmp(operatecode,"sys-info_1.00") == 0)
{
WriteLog("发送sys-info_1.00\n");
//在此生成设备信息视图
view = (char *)calloc(10240,1);
strcat(view,"<?xml version=\"1.0\" encoding=\"GBK\"?>");
strcat(view,"<ViewData name=\"sys-info\" version=\"1.00\">");
strcat(view,"<AdditionalData meaning=\"设备系统信息\" type=\"xml\">");
strcat(view,"<xml>");
strcat(view,"<serial-num>92b48c03a48ad78a</serial-num>");
strcat(view,"<hardware-version>千兆入侵检测</hardware-version>");
strcat(view,"<software-version>3.0.0.1</software-version>");
strcat(view,"<manufacturer>联想网御</manufacturer>");
strcat(view,"<current-time>2000-03-09T15:31:00+08:00</current-time>");
strcat(view,"</xml>");
strcat(view,"</AdditionalData>");
strcat(view,"</ViewData>");
*error = 0;
}
if(strcmp(operatecode,"health-index_1.00") == 0)
{
WriteLog("发送health-index_1.00\n");
//在此生成设备信息视图
view = (char *)calloc(10240,1);
strcat(view,"<?xml version=\"1.0\" encoding=\"GBK\"?>");
strcat(view,"<!DOCTYPE ViewData SYSTEM \"health-index_1.00.dtd\">");
strcat(view,"<ViewData name=\"health-index\" version=\"1.00\">");
strcat(view,"<AdditionalData meaning=\"系统健康指数\" type=\"xml\">");
strcat(view,"<xml>");
strcat(view,"<cpu-usage>80</cpu-usage>");
strcat(view,"<mem-usage>247596/785328</mem-usage>");
strcat(view,"<disk-usage>12833/20000</disk-usage>");
strcat(view,"<service-status>");
strcat(view,"<item name=\"主动防御\" state =\"normal\" reason =\"\" />");
strcat(view,"</service-status>");
strcat(view,"</xml>");
strcat(view,"</AdditionalData>");
strcat(view,"</ViewData>");
*error = 0;
}
return view;
}
int startagentM()
{
//假设fill, queryView函数已经声明并实现
//初始化安全代理,创建安全代理实例
//在此加入读取配置文件,设置事件上报启用等开关
//.................
//下面是创建事件上报线程
#ifndef WIN32
pthread_t rthread;
pthread_create(&rthread, NULL, eventthread, NULL);
pthread_detach(rthread);
#else
CreateThread(NULL, 0, eventthread, NULL, 0, NULL);
#endif
//启动安全管理代理服务线程
return 0;
}
#ifndef WIN32
void* eventthread(void* arg)
#else
DWORD WINAPI eventthread(LPVOID arg)
#endif
{
int i=0;
while(true){
char *view = NULL;
view = (char *)calloc(10240,1);
int a=1;
Sleep(10000);
//组装安全事件xml字符串
strcat(view,"<?xml version=\"1.0\" encoding=\"GBK\"?>");
strcat(view,"<ViewData name=\"ReportEvent\" version=\"1.00\">");
strcat(view,"<AdditionalData meaning=\"上报安全事件\" type=\"xml\">");
strcat(view,"<xml>");
strcat(view,"<ReportEvent>");
strcat(view,"<Event>");
//一条安全事件
//填入设备标识
strcat(view,"<item key = \"alert.detect_time\" val =\"2011-09-19T15:37:31+08:00\"/>");
strcat(view,"<item key = \"alert.classification.ident\" val = \"2\"/>");
strcat(view,"<item key = \"alert.classification.subident\" val = \"12\"/>");
//事件详细描述
strcat(view,"<item key = \"alert.classification.text\" val = \"这里是流量测试,我自己发的消息!\"/>");
strcat(view,"<item key = \"alert.source_0.node.address_0.address\" val = \"192.0.0.200\"/>");
strcat(view,"<item key = \"alert.source_0.node.address_0.mac\" val = \"255.255.2.4\"/>");
strcat(view,"<item key = \"alert.source_0.service.port\" val = \"13300\"/>");
strcat(view,"<item key = \"alert.target_0.node.address_0.address\" val = \"192.0.0.203\"/>");
strcat(view,"<item key = \"alert.target_0.node.address_0.mac\" val = \"255.255.2.3\"/>");
strcat(view,"<item key = \"alert.target_0.service.port\" val = \"13300\"/>");
strcat(view,"<item key = \"alert.target_0.service.iport\" val = \"123\"/>");
strcat(view,"<item key = \"alert.target_0.service.protocol\" val = \"UDP\"/>");
strcat(view,"<item key = \"alert.audit.happentime\" val = \"2011-09-19T15:37:31+08:00\"/>");
strcat(view,"<item key = \"alert.audit.endtime\" val = \"2011-09-19T15:37:31+08:00\"/>");
strcat(view,"<item key = \"alert.count\" val = \"1\"/>");
//事件等级
strcat(view,"<item key = \"alert.assessment.impact.severity\" val = \"middle\"/>");
strcat(view,"<item key = \"alert.assessment.action_0.category\" val = \"justatest\"/>");
strcat(view,"</Event>");
strcat(view,"</ReportEvent>");
strcat(view,"</xml>");
strcat(view,"</AdditionalData>");
strcat(view,"</ViewData>");
//上报事件
int i=reportEvent(view);
WriteLog("发送reportEvent发送:");
if(i==0){
WriteLog("发送成功0\n");
}
if(i==-1){
WriteLog("事件过多,错误代码-1\n");
}
if(i==-2){
WriteLog("xml格式错误,错误代码-2\n");
}
if(i==-4){
WriteLog("发送reportEvent失败,错误代码-4\n");
}
if(i==-5){
WriteLog("事件为空,错误代码-5\n");
}
}
#ifndef WIN32
return NULL;
#else
return 0;
#endif
}