If you open up Task Manager or Process Explorer on your system, you will see many services running. But how much of an impact can a service have on your system, especially if it is ‘corrupted’ by malware? Today’s SuperUser Q&A post has the answers to a curious reader’s questions.
如果在系统上打开“任务管理器”或“进程资源管理器”,则会看到许多服务正在运行。 但是,一项服务会对您的系统产生多大的影响,尤其是当该服务被恶意软件“破坏”时? 今天的“超级用户问答”帖子回答了好奇的读者的问题。
Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.
今天的“问答”环节由SuperUser提供,它是Stack Exchange的一个分支,该社区是由社区驱动的Q&A网站分组。
问题 (The Question)
SuperUser reader Forivin wants to know how much impact a service can have on a Windows system, especially if it is ‘corrupted’ by malware:
超级用户阅读器Forivin想要了解服务对Windows系统的影响,特别是如果该服务被恶意软件“破坏”:
What kind malware/spyware could someone put into a service that does not have its own process on Windows? I mean services that use svchost.exe for example, like this:
有人可以将哪种恶意软件/间谍软件放入在Windows中没有自己的进程的服务中? 我的意思是例如使用svchost.exe的服务,如下所示:
Could a service spy on my keyboard input? Take screenshots? Send and/or receive data over the internet? Infect other processes or files? Delete files? Kill processes?
服务可以监视我的键盘输入吗? 截图吗? 通过互联网发送和/或接收数据? 感染其他进程或文件? 删除文件? 杀死进程?
How much impact could a service have on a Windows installation? Are there any limits to what a malware ‘corrupted’ service could do?
服务对Windows安装有多大影响? 恶意软件“损坏”的服务可以做什么?
答案 (The Answer)
SuperUser contributor Keltari has the answer for us:
超级用户贡献者Keltari为我们提供了答案:
What is a service?
什么是服务?
A service is an application, no more, no less. The advantage is that a service can run without a user session. This allows things like databases, backups, the ability to login, etc. to run when needed and without a user logged in.
服务就是一个应用程序,更多,更多。 优点是服务可以在没有用户会话的情况下运行。 这样,就可以在需要时运行数据库,备份,登录等功能,而无需用户登录。
What is svchost?
什么是svchost ?
- According to Microsoft: “svchost.exe is a generic host process name for services that run from dynamic-link libraries”. Could we have that in English please? 根据Microsoft的说法:“ svchost.exe是从动态链接库运行的服务的通用主机进程名称”。 我们可以用英语吗?
- Some time ago, Microsoft started moving all of the functionality from internal Windows services into .dll files instead of .exe files. From a programming perspective, this makes more sense for reusability…but the problem is that you can not launch a .dll file directly from Windows, it has to be loaded up from a running executable (exe). Thus the svchost.exe process was born. 不久前,Microsoft开始将所有功能从内部Windows服务移到.dll文件而不是.exe文件中。 从编程的角度来看,这对于可重用性更有意义……但是问题是您不能直接从Windows启动.dll文件,必须从运行的可执行文件(exe)加载该文件。 这样svchost.exe进程就诞生了。
So, essentially a service which uses svchost is just calling a .dll and can do pretty much anything with the right credentials and/or permissions.
因此,本质上,使用svchost的服务只是调用.dll,并且可以使用正确的凭据和/或权限执行几乎所有操作。
If I remember correctly, there are viruses and other malware that do hide behind the svchost process, or name the executable svchost.exe to avoid detection.
如果我没记错的话,svchost进程背后确实隐藏有病毒和其他恶意软件,或者将可执行文件svchost.exe命名为避免检测。
Have something to add to the explanation? Sound off in the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.
有什么补充说明吗? 在评论中听起来不错。 是否想从其他精通Stack Exchange的用户那里获得更多答案? 在此处查看完整的讨论线程 。
翻译自: https://www.howtogeek.com/189554/what-can-a-service-do-on-windows/