Background process for Windows9x
Add time: 01-1-6 afternoon 04:47:20
Shanghai Xianxia Road Shante Company Software Center Huang Fei
---- 1. Background process
---- There is a powerful service manager in WindowsNT, which manages a part of the background process that implements important features, such as ftp.http.ras. Network Message, etc., these background processes are called services, they can Loading at the system starts, you can run at a higher priority, which can be said to be a very close to the system's core device driver. Under Windows 95, Microsoft does not provide such a highly centralized manager, but We can see through the PVIEW comes with the VC, and there is also a secret background process, such as SYSTRAY, power management, and more. In fact, these is the background process of Windows95 management, and Windows95 does not provide service manager, replaced by A simple registration interface, can be similar to WINDOWS95 SERVICE (but strictly speaking, Windows95 is no service), the same, through this registration interface, we can make your own program to start with the system Operation, finally stopped with the system, and the operating system is combined together, realize many unique features. Carefully analyze the Windows 95 interface, and discovery, in Windows97 and the latest Windows 98 The same is effective. Through this mechanism, successful implementation of unmanned duty monitoring under Windows95.98. The following is the analysis result of this interface and some preparation knowledge.
---- 2. Process Database (PDB) Introduction
---- In the core data structure of Windows, there is an important process management structure called the process database. It is located in the public memory stack of Kernel32, which can get the pointer to this structure via getCurrentProcessId (...), the following is part The composition of the PDB is directly related to this article. The service flag byte at the PDB offset 21h. By analyzing the following pseudo code, we can clearly see the so-called receiving service process under Windows 95 or Windows 98, just put it This flag word is set to 1 in the corresponding PDB.
Offset length description
==============================================
00h DWORD TYPE / / KERNEL32 object type
04h dword creference // reference count
08h DWORD UN1 // unknown
0CH DWORD PSOMEEVENT / / Point to K32OBJ_EVENT pointer
10h DWORD TERMINATIONSTATUS / / Event Sign or Return Value
14h DWORD UN2 // unknown
...
21h Byte Flags1 // Service tag,
// "1" is a service process,
// "0" ordinary process
...
24h DWORD PPSP // DOS PSP pointer
...
==============================================
---- 3. Implementation
---- (1) The simple service interface provided in Windows 95 is a 32-bit API: RegisterServiceProcess, because the author has to reverse this API due to the exact interpretation of this API in the ONLINE HELP of VC . Analysis, the following is the pseudo code of the API in the kernel32.dll in Windows 95. We can clearly see how the Window95 is doing, in fact, it is very simple. Bool RegisterServiceProcess
(DWORD DWPROCESSID, DWORD DWTYPE)
{
Handle dwpid;
IF (dwprocessid == NULL)
DWPID = dwcurrentprocessid;
// Get Global Kernel32 Variable
Else
// Call Some Kernel Functions
IF ((dwpid = checkpid (dwprocessid) == NULL)
Return False;
IF (dwtype == 1)
{
* (BYTE *) (DWPID 0x21) | = 0x01;
Return True;
}
IF (dwtype == 0)
{
* (BYTE *) (DWPID 0x21) & = 0xfe;
Return True;
}
Return False;
}
The following is the function of the function:
Bool RegisterServiceProcess (DWORD DWPID, DWORD DWTYPE)
Parameters: DWPID: Process ID, NULL represents the current process
DWTYPE: RSP_SIMPLE_SERVICE is registration
Rsp_unregister_service is unregistered
Return Value: True: Call success
FALSE: Call failed
---- (2) In addition, in order to let the service process will start after boot, Windows95's Registry provides loading method: in Key "MyComputer / HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Runservices] Add your own The application command line can be loaded automatically. Of course, if you have a machine that doesn't have this key, you can build one.
---- 4. Case
---- The lower surface is a real case, all code has passed the Windows95. Windows98 beta3 test, which can be added to the self-employed item.
---- head File:
// file: service.h
// the head file of "service.cpp"
// NOTE: 1. You Must USE C Compiler
// 2. The Platform Is Win32 (WinNT & WIN95)
#ifndef _Service_H
#define_service_h
/
// use for Win95 Service
// micros
#define rsp_simple_service 1
#define rsp_unregister_service 0
// Function Types for getProcAddress # define registerServiceProcess_profile
(DWORD (__stdcall *) (DWORD, DWORD))
// service fuctions in Win95
Bool W95ServiceRegister (DWORD DWTYPE);
BOOL W95StartService (DWORD DWTYPE);
#ENDIF
CPP file:
// file: service.cpp --- Implement The Service
#include "service.h"
/
// use for Win95 Service
Depending on the SERVICE Subpanuk:
/
// define: bool
W95ServiceRegister (DWORD DWTYPE)
// parameters: dwtype --- Flag to
Register or unregister the service
// RSP_SIMPLE_SERVICE Means Register
// rsp_unregister_service means unregister
// RETURN: TRUE --- CALL SUCCESS;
False --- Call Failer
BOOL W95SERVICEREGISTER (DWORD DWTYPE)
{
// Function Address defination
DWORD (__stdcall * hookregisterServiceProcess)
DWORD DWPROCESSID, DWORD DWTYPE);
// Get Address of Function
HookRegisterServiceProcess =
RegisterServiceProcess_Profile
GetProcaddress
(GetModuleHandle ("kernel32"),
Text ("RegisterServiceProcess")));
// register the win95 service
HookRegisterServiceProcess (NULL, DWTYPE) == 0)
Return False;
Return True;
}
---- Join the registry subpansequence:
#define service_name text ("service")
// define: BOOL W95StartService (DWORD DWTYPE)
// parameters: dwtype --- Flag to
Register or unregister the service
// RSP_SIMPLE_SERVICE Means Register
// rsp_unregister_service means unregister
// Return: True --- Call Success; false --- Call Failer
BOOL W95StartService (DWORD DWTYPE)
{
// Local Variables
TCHAR LPSZBUFF [256];
LPTSTR LPSZSTR = LPSZBUFF 128;
LPTSTR LPSZNAME = LPSZBUFF;
Handle hkey = null;
DWORD DWSTRCB = 0;
DWORD DWVALUETYPE = 0;
// get service name currentlylpszname = getcommandline ();
For (int i = _tcslen (lpszname) -1; i> = 0; I -)
{
IF ((LPSZNAME [I]! = ') && (LPSZNAME [I]! =')))
Break;
ELSE IF (LPSZNAME [I] == '")
LPSZNAME [I] = '/ 0';
}
IF (LPSZNAME [0] == '")
LPSZNAME = lpszname 1;
// registe as start up service
IF (REGOPENKEYEX (HKEY_LOCAL_MACHINE,
TEXT ("Software // Microsoft // Windows //
CurrentVersion // RunServices "),
0,
Key_Query_Value | Key_Set_Value,
& hkey)! = Error_Success)
{
IF (REGCREATEKEY (HKEY_LOCAL_MACHINE,
TEXT ("Software // Microsoft //
Windows // CurrentVersion // RunServices "),
& hkey)! = Error_Success)
{
// debugout ("RegcreateKey () Error!");
Return False;
}
}
DWVALUETYPE = REG_SZ;
DWSTRCB = 128;
// Take Value
IF (RegQueryValueex (HKEY,
Service_name,
0,
& dwvalueType,
(Lpbyte) LPSZSTR,
& dwstrcb) == Error_Success)
{
// Find this key value
IF (_TCSCMP (LPSZSTR, LPSZNAME) == 0)
{
// Remove the service
IF (dwtype == rP_unregister_service)
{
IF (Regdeletevalue (HKEY, Service_name)
== Error_Success)
{
RegcloseKey (HKEY);
Return True;
}
RegcloseKey (HKEY);
Return False;
}
// Already Exist Service
IF (dwtype == rP_simple_service)
{
// debugout ("Already Registed!");
RegcloseKey (HKEY);
Return True;
}
}
// not find it
} // no this value
// unregiste return
IF (dwtype == rP_unregister_service)
{
RegcloseKey (HKEY);
Return True;
}
// no this value thr
IF (dwtype == rP_simple_service)
{
DWSTRCB = 128;
// SET VALUEIF (RegSetValueex (HKEY,
Service_name,
0,
REG_SZ,
(Const Byte *) LPSZNAME,
DWSTRCB)! = Error_Success)
{
// debugout ("RegSetValueex () Error!");
RegcloseKey (HKEY);
Return False;
}
RegcloseKey (HKEY);
Return True;
}
// unknow type
RegcloseKey (HKEY);
Return False;
}
---- Main program:
// WinMain Function is The entry of the this program
Int apientry Winmain (Hinstance Hinstance,
Hinstance Hprevinstance,
LPSTR LPCMDLINE,
INT ncmdshow)
{
IF (W95ServiceRegister (RSP_SIMPLE_SERVICE))
{
W95StartService (RSP_SIMPLE_SERVICE);
}
MessageBox (Null, "Sample Service", "Service", MB_OK;
Unreferenced_parameter (Hinstance);
Unreferenced_parameter (lpcmdline);
Unreferenced_parameter (ncmdshow);
Unreferenced_Parameter (HPREVINSTANCE);
Return 0;
}
---- Run this program, wait until MessageBox pop-up, exit from Windows to the Logon status, you will see MessageBox keep open until the response or system shutdown. So you have to do Windows95 system-level background process, not necessarily If you want to write a VXD program that is easy to cause system confusion, in the case where the hardware part is allowed, I think the method described in this article is more convenient and effective.
