Quickest way to find out if a certain named service is running (windows xp, 2000, 2003)

Hi

Is there a quick way to find out if a certain named service is running (hidden or not).  Can someone tell me the steps so I can find more info?  (Pseudo code or some good links would help out alot)

using C++, or C  NOT using shareware

I would want this to work on Windows 2000, XP, and 2003.

Thanks
ryno71
ryno71Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jkrCommented:
You can do that using

BOOL IsServiceRunning(LPCTSTR pszName)
{

    SC_HANDLE hSCM = OpenSCManager(NULL, NULL, SC_MANAGER_CONNECT);
    SC_HANDLE hService = OpenService(hSCM, pszName, SERVICE_QUERY_STATUS);
    SERVICE_STATUS ss;

    QueryServiceStatus(hService, &ss);

    // Close the service and the SCM.
    CloseServiceHandle(hService);
    CloseServiceHandle(hSCM);

    if (ss.dwCurrentState == SERVICE_RUNNING) return TRUE;

    return FALSE;
}

If you are referring to "regular" applications, see http://support.microsoft.com/kb/175030/en-us ("How To Enumerate Applications Using Win32 APIs")
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jkrCommented:
BTW, see also http://www.microsoft.com/msj/0298/service.aspx ("Manipulate Windows NT Services by Writing a Service Control Program")
0
ryno71Author Commented:
jkr

Thanks for the quick response.  I saw the other for regualr applications.. found a few good examples too, but I've been told that I need to find a service that could be hidden to stop two of the same from running at the same time...

The above wouldn't handle differerent people from running it .. if I wanted that I would need service name, and display name?  BUT if I was only going to run it on a server as admin wouldn't matter then either would it?

Dumb question but I've been what would I need to set in SC_MANAGER_CONNECT,SERVICE_QUERY_STATUS.
I know that hSCM is the service handle and the hService to the actual service I am looking for?

And what do you set in Service_Status?

Since I increased the amount of questons to you posting I raised up the points.  I'll open another if there are more things I need ask.

ryno71
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

ryno71Author Commented:
jkr

Can I assume that the Service_status is set when the service is created?

SC_MANAGER_Connect is need to connect to the Service Control Manager only...  

same goes for SERVICE_QUERY_STATUS  looks like...

ryno71


0
jkrCommented:
>>Can I assume that the Service_status is set when the service is created?

You can definitely assume that you will get a proper result when the service you are querying is installed on the system.
0
ryno71Author Commented:
A person with an admin rights would be able to see all processes right?  Say if I opened a service or you did.  Just trying to make sur eI can see the process as I might have many different people loggin onto the server remotely and want to ensure one process.

thanks
ryno71
0
jkrCommented:
I don't get your question - could you elaborate?
0
ryno71Author Commented:

It shouldn't matter who kicks off the service right?  If I have admin privleges (windows) I should be able too see all services with the above right?  Or will I have to do an enumerate type of thing?

Thanks
ryno71
0
jkrCommented:
>>It shouldn't matter who kicks off the service right?

No, since services are *always* started by the SCM ;o)

The above checks for a *single* service whose name is known. If you want to query all services, use
 DWORD cbBytesNeeded, dwServicesReturned,
     dwResumeHandle = 0;
 LPQUERY_SERVICE_CONFIG pqsc;
 EnumServicesStatus(hSCManager, SERVICE_WIN32,
                    SERVICE_STATE_ALL, NULL, 0,
                    &cbBytesNeeded, &dwServicesReturned,
                    &dwResumeHandle);
 pess = malloc(cbBytesNeeded);
 EnumServicesStatus(hSCManager, SERVICE_WIN32,
                    SERVICE_STATE_ALL, pess,
                    cbBytesNeeded, &cbBytesNeeded,
                    &dwServicesReturned,  
                    &dwResumeHandle);
 for (DWORD dw = 0; dw < dwServicesReturned; dw++) {
    // Refer to the members inside pess, for example
    printf("%s\n", pess[dw].lpDisplayName);
 }
 free(pess);

as listed in the above MSJ article.
0
ryno71Author Commented:
Thanks jkr

Just wanted to make sure.  If I want to find one named service I'd not have to enumerate but just do something similiar to the first example

Thanks again!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
C++

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.