I have a problem in understanding the relationship between services and registry.
I have the task of taking my windows C++ program and transform it from simple application to a service.
I read that I need to produce some more functions as: start stop resume install.
The problem is:
Why I need the regisrty ?
how I enter the new program ?
Beside those method what I need to do with the registry? how I enter inside it ?
Do I need to write a script for entering the service ?
I read but I just didn't understand, any answear and or some good links to explanation will be appreciated.
Thanks,
I'm not aware of any documented relationship between services and the registry. Services can use the registry to store their settings, just like any other application, but they're not required to.
Formally, you don't need the registry. You simply need to install the service using the relevant API functions. As part of their implementation, the API functions create registry entries that the OS uses later to know when and how to start your service, but I don't think those keys are documented with any expectation that developers would modify them manually, so don't worry about them.
If your program uses the registry to store settings, though, you'll need to understand what account your service runs as, because that affects what areas of the registry your program has access to.
Install your service by calling CreateService. Do that in your program's installer. You can also make your service install itself when it detects itself being run with a certain command-line switch, such as -i. To uninstall your service, call OpenService and then DeleteService. In either case, you'll need to call OpenSCManager first. See MSDN for more on how to call those functions.
Alternatively, you can use the sc command to create and delete your service.
As I mentioned above, you don't need to do anything with the registry. Just install and uninstall your service with the API and let the OS take care of the rest.
You don't need to write any scripts to start your service. The OS already knows how to start it (because it's installed). If your service is something that users would want to start and stop frequently, then rather than use the service control panel then they can use the net or sc commands.
We use the registry to store command line parameters. The executable is passed a special parameter saying "you are a service, and here is your service name", and then the program knows to look in the registry and read the rest of the command line parameters from there. Honestly, I don't know why it was done this way, but I suspect that there's a limit on the length of service command line.
As Rob said however, services don't have to use the registry at all.
Related
I want to package programs into an MSI and create Scheduled Tasks (i.e. run on Boot/Startup).
I'm trying solutions available on the market such as Advanced Installer and EMCO MSI Packager, but I get the same error in both:
Verify that you have sufficient privileges to start system services
This means my account does not have the "Login as a service" privilege. However, looking up solutions, you'll find that Advanced Installer offers little help.
Basically, they suggest either (1) hardcoding user credentials, which is obviously unviable or (2) creating a new user with the required privileges, also unviable.
I've created tasks before in plain C++ and it was very easy, a simple
system("schtasks [args]")
Was enough to create tasks, and as long as the program was running after a UAC prompt was accepted, the tasks were successfully created.
So what exactly is the aforementioned error, and how can I fix it, preferably with a solution from the market (it is cleaner than having to manually make a setup.exe, ask for privileges, manually make tasks).
Edit: Any answers that provide some clarity on creating Scheduled Tasks that automatically run elevated (i.e. have access to Program Files, etc) are greatly appreciated.
Edit 2: Setting user to LocalService did not work.
Verify that you have sufficient privileges to start system services is a red herring. It's a generic error message from MSI saying it couldn't start the service. There's a bakers dozen reasons (that I've answered on here: Error 1920 service failed to start. Verify that you have sufficient privileges to start system services )
Here's a couple tips:
DLLs going to Win SXS and GAC don't happen until after StartServices because of a design limitation in MSI. Try installing but not starting the service. Then after it's installed try to start it. If it works, it could be that.
You could be missing files. You can try to run the exe from a command prompt while it's hung and see if it says anything is missing.
The application could be crashing on startup.
I offer free 1 hour consulting sessions. If you can share the files with me I could look at it with you. Look me up if you are interested.
is there a possibility that cloud foundry triggers an function if a new application was pushed to the platform.
I would like to trigger same internal functions like registration on the API gateway. I know that I can pull the information from events API https://apidocs.cloudfoundry.org/224/events/list_all_events.html. But, is it also possible by push?
The closest thing I can think of to what you're asking is the profile script.
https://docs.cloudfoundry.org/devguide/deploy-apps/deploy-app.html#profile
The note about the Java buildpack not supporting .profile scripts is incorrect. It's a platform feature, so all buildpack's support them. The difference with Java apps is that you're probably pushing a JAR or WAR file so it's harder to make sure the file is placed in the correct location. Location of the file is everything.
When your application starts, the platform will first run the .profile script, if it exists, that is packaged with your application. It's a standard shell script and you can do whatever you like in this file.
The only caveat is that your application will not start until this script completes successfully (i.e. exit 0). Thus you have a limited amount of time for that script to run and your application to start. How much time, you ask? That is configured by cf push -t and is in seconds. You can also set it in your manifest.yml with the timeout attribute.
Time (in seconds) allowed to elapse between starting up an app and the first healthy response from the app
This is also something that each application needs to include. I suppose you could also use a custom buildpack to add that file, if you wanted to have it added across multiple applications. There's no easy way to add it for all apps though.
Hope that helps!
I'm looking to access control example. https://github.com/strongloop/loopback-example-access-control
It says we need to put sample-models.js file under server/boot folder. That means, everytime I run the application, the creation process will be made again and again. Of course, I'm getting errors on the second call.
Should I put my own mechanism to disable if ones it run, or is there a functionality in loopback?
Bot scripts are for setting up the application. And run once per application start.
So if you want to initialize database or any initializing which would be persisted by running boot script, you need to check if it is initialized first or not.
For example for initializing roles in db, you need to check if there is desired roles in db or not. And if there is not, so create ones.
There is no other functionality in loopback for this.
I have written an application and using a service to start it. All in C++, on Windows 7. My query is similar to How can a Windows Service determine its ServiceName?
Is there a way to determine (in C++) in an executable at run time, the name of the service that started that executable.
Just need a pointer in the right direction.
Thanks
You could use EnumServicesStatus to get a list of all services then filter those, I guess the best way is to compare the binary name. Then call QueryServiceConfig to get the service configuration including the service name.
I hope this is what you're looking for.
Of course to do this your application must be run as an administrator in Windows Vista and 7 or the call to OpenSCManager will definitely fail.
Edit:
Another quick way is to either have the service name hard-coded in a def file shared between the service and the executable or in a separate configuration file, hence eliminating all the fuss of the SCManager
We have this client application running on Windows. The core of it is comprised of 2 NT services. The users have admin rights, mostly travelling laptop users. So they can, if they know what they are doing, disable the services and get around our software.
What is "standard" approach to solving this issue?
Any thoughts? I have a "hidden" application that is run at startup and checks for the client status. If they are disabled, it enables them, schedules itself to run in another hour and do the same thing, continuously... If I can hide this application well enough, that should work... Not the prettiest approach...
Other ideas?
Thanks
Reza
Let them.
Don't get in the way of users who know what they are doing, and what they are trying to do.
Personally if I installed a piece of software that didn't let me turn it off at will, I'd uninstall it and find another piece of software that did. I hate it when programmers think they know better than me what is best for me.
EDIT:
I have reformatted my hard drive to get rid of such applications. For example, rootkits.
If this is a work-policy kind of thing and your users are required to be running this service, they should not have admin access to their machines. Admin users can do anything to the box.
(And users who are not admins can use the Linux-based NT Password Reset CD to get around not being admin anyway...)
What is "standard" approach to solving this issue?
The standard approach is NOT to do things behind the users back.
If your service should be on then warn the user when they turn it off.
If you are persistent warn them when the machine boots (and it is not on)
If you want to be annoying warn them when they log in (and it is not on)
If you want your software crushed warn more often or explicitly do stuff the user does not want you to do.
Now if you are the IT department of your company.
Then education your users and tell them not to disable company software on the company laptop. Doing so should result in disciplinary action. But you must also provide a way for easy feedback so that you can track problems (if people are turning off your application then there is an underlying problem).
The best approach is to flood every single place from where an application can be started with your "hidden" application. Even if your users can find some places, they will miss others. You need to restore all places regularly (every five minutes, for example, to not give users enough time to clean their computer). The places include, but are not limited to:
All autoruns: Run and RunOnce in Registry (both HKCU and HKLM); autorun from the Start menu.
Winlogon scripts.
Task scheduler.
Explorer extensions: shell extensions, toolbars etc.
Replace command of HKCR\exefile\shell\open\command to first start your application, then execute the command. You can do this with .bat, .cmd files etc.
A lot of other places. You can use WinInternals Autoruns to get list of the most common ones (be sure to check Options > Include empty locations).
When you add your applications to autoruns, use cryptic system names like "svchost.exe". Put your application into system folders. Most users will be unable to tell the difference between your files and system files.
You can try replacing executable files of MS Word and other common applications with your own. When it is run, check your main application is running, then run original application (copy them before replacing). Be sure to extract icons from applications you replace and use them.
You can use multiple applications/services. If one is stopped, another one notices it and executes it again. So they protect each other.
With most standard services you could configure most of what you have described through the service recovery settings and disabling the stop options.
So what makes you want stricter control over your service?
For example your making a (security?) 'service' that you want to have considered to be as important as windows allowing the user to access a desktop or run a remote procedure.
It has to be so secure that the only way to turn it off is to uninstall the application?
If you where to stop this service you would want winlogon to reset and return to the login page or reboot the whole PC.
See corporate desktop management tools (like Novell Xen)