您的位置:首页 > 运维架构

【原创】驱动加载之OpenSCManager

2015-08-10 11:23 316 查看 
SC_HANDLE WINAPI OpenSCManager(


_In_opt_ LPCTSTR lpMachineName,


_In_opt_ LPCTSTR lpDatabaseName,


_In_ DWORD dwDesiredAccess


);


函数作用:以一定的权限,在指定的计算机打开指定的SCM数据库
参数:
1. lpMachineName:目标计算机名,NULL表示本地计算机
2. lpDatabaseName:服务管理程序系统组件数据库,可以设为SERVICES_ACTIVE_DATABASE,如果为NULL,表示默认打开SERVICES_ACTIVE_DATABASE数据库
3. dwDesiredAccess:对SCM的权限,可以是以下这一些:

Access rightDescription
SC_MANAGER_ALL_ACCESS (0xF003F)Includes STANDARD_RIGHTS_REQUIRED, in addition to all access rights in this table.
SC_MANAGER_CREATE_SERVICE (0x0002)Required to call the CreateService function to create a service object and add it to the database.
SC_MANAGER_CONNECT (0x0001)Required to connect to the service control manager.
SC_MANAGER_ENUMERATE_SERVICE (0x0004)Required to call the EnumServicesStatus or EnumServicesStatusEx function to list the services that are in the database.

Required to call the NotifyServiceStatusChange function to receive notification when any service is created or deleted.

SC_MANAGER_LOCK (0x0008)Required to call the LockServiceDatabase function to acquire a lock on the database.
SC_MANAGER_MODIFY_BOOT_CONFIG (0x0020)Required to call the NotifyBootConfigStatus function.
SC_MANAGER_QUERY_LOCK_STATUS (0x0010)Required to call the QueryServiceLockStatus function to retrieve the lock status information for the database.
或者上面权限的组合:

Access rightDescription
GENERIC_READSTANDARD_RIGHTS_READSC_MANAGER_ENUMERATE_SERVICESC_MANAGER_QUERY_LOCK_STATUS
GENERIC_WRITESTANDARD_RIGHTS_WRITESC_MANAGER_CREATE_SERVICESC_MANAGER_MODIFY_BOOT_CONFIG
GENERIC_EXECUTESTANDARD_RIGHTS_EXECUTESC_MANAGER_CONNECTSC_MANAGER_LOCK
GENERIC_ALLSC_MANAGER_ALL_ACCESS
一个有适当权限的普通程序能够打开SCM句柄,供OpenService, EnumServicesStatusEx, 和 QueryServiceLockStatus函数使用;
只有拥有Administrator权限的程序打开的SCM句柄,才可用于CreateServiceLockServiceDatabase函数
不同用户拥有不同的权限,在获取所需要的权限前,要检查程序所拥有的权限:

AccountAccess rights
Remote authenticated usersSC_MANAGER_CONNECT
Local authenticated users (including LocalService and NetworkService)SC_MANAGER_CONNECTSC_MANAGER_ENUMERATE_SERVICESC_MANAGER_QUERY_LOCK_STATUSSTANDARD_RIGHTS_READ
LocalSystemSC_MANAGER_CONNECTSC_MANAGER_ENUMERATE_SERVICESC_MANAGER_MODIFY_BOOT_CONFIGSC_MANAGER_QUERY_LOCK_STATUSSTANDARD_RIGHTS_READ
AdministratorsSC_MANAGER_ALL_ACCESS
返回值:
成功,返回指定SCM数据库的句柄;失败返回NULL,错误码可通过调用GetLastError获得。

Return codeDescription
ERROR_ACCESS_DENIEDThe requested access was denied.

ERROR_DATABASE_DOES_NOT_EXISTThe specified database does not exist.

说明:
(1)在获取SCM的相关权限前,系统会对程序进行一定的权限检查,是否符合权限要求
(2)当程序在连接其他计算机上的服务时,程序没有适当的权限,那么OpenSCManager将会调用失败,. To connect to a service remotely, call the LogonUser function with LOGON32_LOGON_NEW_CREDENTIALS and then call ImpersonateLoggedOnUser before calling OpenSCManager.为了远程链接一个服务,可以用LOGON32_LOGON_NEW_CREDENTIALS调用LogonUser函数然后再调用ImpersonateLoggedOnUser
(3)只有拥有Administrator权限的程序打开的SCM句柄,才可用于CreateServiceLockServiceDatabase函数
(4)OpenSCManager函数返回的句柄只能由调用它的进程使用,可以调用CloseServiceHandle函数来关掉这个句柄。

本文链接:/article/7044978.html
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航