admin/SimpleRemoter
1
0
Fork 0
mirror of https://github.com/yuanyuanxiang/SimpleRemoter.git synced 2026-01-22 07:14:15 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
9e4aeab1c74ce375e0e8503350873bf681f52122
SimpleRemoter/client/ServiceWrapper.c

516 lines
14 KiB
C
Raw Normal View History

Feature: Support client running as windows service
2025-11-23 18:13:39 +01:00
#include "ServiceWrapper.h"
#include "SessionMonitor.h"
#include <stdio.h>
#ifndef Mprintf
#ifdef _DEBUG
#define Mprintf printf
#else
#define Mprintf(format, ...)
#endif
#endif
// 外部声明
extern BOOL RunAsAgent(BOOL block);
// 静态变量
BOOL g_ServiceDirectMode = FALSE;
static SERVICE_STATUS g_ServiceStatus;
static SERVICE_STATUS_HANDLE g_StatusHandle = NULL;
static HANDLE g_StopEvent = INVALID_HANDLE_VALUE;
// 前向声明
static void WINAPI ServiceMain(DWORD argc, LPTSTR* argv);
static void WINAPI ServiceCtrlHandler(DWORD ctrlCode);
static void ServiceWriteLog(const char* message);
// 日志函数
static void ServiceWriteLog(const char* message) {
FILE* f;
SYSTEMTIME st;
f = fopen("C:\\GhostService.log", "a");
if (f) {
GetLocalTime(&st);
fprintf(f, "[%04d-%02d-%02d %02d:%02d:%02d] %s\n",
st.wYear, st.wMonth, st.wDay,
st.wHour, st.wMinute, st.wSecond,
message);
fclose(f);
}
}
BOOL ServiceWrapper_CheckStatus(BOOL* registered, BOOL* running,
char* exePath, size_t exePathSize)
{
SC_HANDLE hSCM = NULL;
SC_HANDLE hService = NULL;
BOOL result = FALSE;
SERVICE_STATUS_PROCESS ssp;
DWORD bytesNeeded = 0;
DWORD bufSize = 0;
LPQUERY_SERVICE_CONFIGA pConfig = NULL;
*registered = FALSE;
*running = FALSE;
if (exePath && exePathSize > 0) {
exePath[0] = '\0';
}
// 打开 SCM
hSCM = OpenSCManagerA(NULL, NULL, SC_MANAGER_CONNECT);
if (!hSCM) {
return FALSE;
}
// 打开服务
hService = OpenServiceA(
hSCM,
SERVICE_NAME,
SERVICE_QUERY_STATUS | SERVICE_QUERY_CONFIG);
if (!hService) {
CloseServiceHandle(hSCM);
return FALSE; // 未注册
}
*registered = TRUE;
result = TRUE;
// 获取服务状态
memset(&ssp, 0, sizeof(ssp));
if (QueryServiceStatusEx(
hService,
SC_STATUS_PROCESS_INFO,
(LPBYTE)&ssp,
sizeof(SERVICE_STATUS_PROCESS),
&bytesNeeded))
{
*running = (ssp.dwCurrentState == SERVICE_RUNNING);
}
// 获取 EXE 路径
if (exePath && exePathSize > 0) {
QueryServiceConfigA(hService, NULL, 0, &bufSize);
if (GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
pConfig = (LPQUERY_SERVICE_CONFIGA)malloc(bufSize);
if (pConfig) {
if (QueryServiceConfigA(hService, pConfig, bufSize, &bufSize)) {
strncpy(exePath, pConfig->lpBinaryPathName, exePathSize - 1);
exePath[exePathSize - 1] = '\0';
}
free(pConfig);
}
}
}
CloseServiceHandle(hService);
CloseServiceHandle(hSCM);
return result;
}
int ServiceWrapper_StartSimple(void)
{
SC_HANDLE hSCM = NULL;
SC_HANDLE hService = NULL;
BOOL ok;
int err;
// 打开SCM
hSCM = OpenSCManagerA(NULL, NULL, SC_MANAGER_CONNECT);
if (!hSCM) {
return (int)GetLastError();
}
// 打开服务并启动
hService = OpenServiceA(hSCM, SERVICE_NAME, SERVICE_START);
if (!hService) {
err = (int)GetLastError();
CloseServiceHandle(hSCM);
return err;
}
// 启动服务
ok = StartServiceA(hService, 0, NULL);
err = ok ? ERROR_SUCCESS : (int)GetLastError();
CloseServiceHandle(hService);
CloseServiceHandle(hSCM);
return err;
}
int ServiceWrapper_Run(void)
{
DWORD err;
char buffer[256];
SERVICE_TABLE_ENTRY ServiceTable[2];
ServiceTable[0].lpServiceName = (LPSTR)SERVICE_NAME;
ServiceTable[0].lpServiceProc = (LPSERVICE_MAIN_FUNCTION)ServiceMain;
ServiceTable[1].lpServiceName = NULL;
ServiceTable[1].lpServiceProc = NULL;
ServiceWriteLog("========================================");
ServiceWriteLog("ServiceWrapper_Run() called");
if (StartServiceCtrlDispatcher(ServiceTable) == FALSE) {
err = GetLastError();
sprintf(buffer, "StartServiceCtrlDispatcher failed: %d", (int)err);
ServiceWriteLog(buffer);
return (int)err;
}
return ERROR_SUCCESS;
}
static void WINAPI ServiceMain(DWORD argc, LPTSTR* argv)
{
HANDLE hThread;
(void)argc;
(void)argv;
ServiceWriteLog("ServiceMain() called");
g_StatusHandle = RegisterServiceCtrlHandler(
SERVICE_NAME,
ServiceCtrlHandler
);
if (g_StatusHandle == NULL) {
ServiceWriteLog("RegisterServiceCtrlHandler failed");
return;
}
ZeroMemory(&g_ServiceStatus, sizeof(g_ServiceStatus));
g_ServiceStatus.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
g_ServiceStatus.dwCurrentState = SERVICE_START_PENDING;
g_ServiceStatus.dwControlsAccepted = 0;
g_ServiceStatus.dwWin32ExitCode = 0;
g_ServiceStatus.dwServiceSpecificExitCode = 0;
g_ServiceStatus.dwCheckPoint = 0;
g_ServiceStatus.dwWaitHint = 0;
SetServiceStatus(g_StatusHandle, &g_ServiceStatus);
g_StopEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
if (g_StopEvent == NULL) {
ServiceWriteLog("CreateEvent failed");
g_ServiceStatus.dwCurrentState = SERVICE_STOPPED;
g_ServiceStatus.dwWin32ExitCode = GetLastError();
SetServiceStatus(g_StatusHandle, &g_ServiceStatus);
return;
}
g_ServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP;
g_ServiceStatus.dwCurrentState = SERVICE_RUNNING;
g_ServiceStatus.dwWin32ExitCode = 0;
g_ServiceStatus.dwCheckPoint = 0;
SetServiceStatus(g_StatusHandle, &g_ServiceStatus);
ServiceWriteLog("Service is now running");
hThread = CreateThread(NULL, 0, ServiceWrapper_WorkerThread, NULL, 0, NULL);
if (hThread) {
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
CloseHandle(g_StopEvent);
g_ServiceStatus.dwControlsAccepted = 0;
g_ServiceStatus.dwCurrentState = SERVICE_STOPPED;
g_ServiceStatus.dwWin32ExitCode = 0;
g_ServiceStatus.dwCheckPoint = 3;
SetServiceStatus(g_StatusHandle, &g_ServiceStatus);
ServiceWriteLog("Service stopped");
}
static void WINAPI ServiceCtrlHandler(DWORD ctrlCode)
{
switch (ctrlCode) {
case SERVICE_CONTROL_STOP:
ServiceWriteLog("SERVICE_CONTROL_STOP received");
if (g_ServiceStatus.dwCurrentState != SERVICE_RUNNING)
break;
g_ServiceStatus.dwControlsAccepted = 0;
g_ServiceStatus.dwCurrentState = SERVICE_STOP_PENDING;
g_ServiceStatus.dwWin32ExitCode = 0;
g_ServiceStatus.dwCheckPoint = 4;
g_ServiceStatus.dwWaitHint = 0;
SetServiceStatus(g_StatusHandle, &g_ServiceStatus);
SetEvent(g_StopEvent);
break;
case SERVICE_CONTROL_INTERROGATE:
SetServiceStatus(g_StatusHandle, &g_ServiceStatus);
break;
default:
break;
}
}
// 服务工作线程
DWORD WINAPI ServiceWrapper_WorkerThread(LPVOID lpParam)
{
SessionMonitor monitor;
int heartbeatCount = 0;
char buf[128];
(void)lpParam; // 未使用参数
if (g_ServiceDirectMode) {
// 直接模式在服务进程中运行SYSTEM权限
ServiceWriteLog("Running in DIRECT mode (SYSTEM)");
RunAsAgent(FALSE);
WaitForSingleObject(g_StopEvent, INFINITE);
return ERROR_SUCCESS;
}
ServiceWriteLog("========================================");
ServiceWriteLog("Worker thread started");
ServiceWriteLog("Service will launch agent in user sessions");
// 初始化会话监控器
SessionMonitor_Init(&monitor);
if (!SessionMonitor_Start(&monitor)) {
ServiceWriteLog("ERROR: Failed to start session monitor");
SessionMonitor_Cleanup(&monitor);
return ERROR_SERVICE_SPECIFIC_ERROR;
}
ServiceWriteLog("Session monitor started successfully");
ServiceWriteLog("Agent will be launched automatically");
// 主循环,只等待停止信号
// SessionMonitor 会在后台自动:
// 1. 监控会话
// 2. 在用户会话中启动 agent.exe
// 3. 监视代理进程,如果退出自动重启
while (WaitForSingleObject(g_StopEvent, 10000) != WAIT_OBJECT_0) {
heartbeatCount++;
if (heartbeatCount % 6 == 0) { // 每60秒记录一次
sprintf(buf, "Service heartbeat - uptime: %d minutes", heartbeatCount);
ServiceWriteLog(buf);
}
}
ServiceWriteLog("Stop signal received");
ServiceWriteLog("Stopping session monitor...");
SessionMonitor_Stop(&monitor);
SessionMonitor_Cleanup(&monitor);
ServiceWriteLog("Worker thread exiting");
ServiceWriteLog("========================================");
return ERROR_SUCCESS;
}
void ServiceWrapper_Install(void)
{
SC_HANDLE schSCManager;
SC_HANDLE schService;
char szPath[MAX_PATH];
SERVICE_DESCRIPTION sd;
SERVICE_STATUS status;
DWORD err;
schSCManager = OpenSCManager(
NULL,
NULL,
SC_MANAGER_ALL_ACCESS
);
if (schSCManager == NULL) {
Mprintf("ERROR: OpenSCManager failed (%d)\n", (int)GetLastError());
Mprintf("Please run as Administrator\n");
return;
}
if (!GetModuleFileName(NULL, szPath, MAX_PATH)) {
Mprintf("ERROR: GetModuleFileName failed (%d)\n", (int)GetLastError());
CloseServiceHandle(schSCManager);
return;
}
Mprintf("Installing service...\n");
Mprintf("Executable path: %s\n", szPath);
schService = CreateService(
schSCManager,
SERVICE_NAME,
SERVICE_DISPLAY,
SERVICE_ALL_ACCESS,
SERVICE_WIN32_OWN_PROCESS,
SERVICE_AUTO_START,
SERVICE_ERROR_NORMAL,
szPath,
NULL, NULL, NULL, NULL, NULL
);
if (schService == NULL) {
err = GetLastError();
if (err == ERROR_SERVICE_EXISTS) {
Mprintf("INFO: Service already exists\n");
// 打开已存在的服务
schService = OpenService(schSCManager, SERVICE_NAME, SERVICE_ALL_ACCESS);
if (schService) {
Mprintf("SUCCESS: Service is already installed\n");
CloseServiceHandle(schService);
}
}
else if (err == ERROR_ACCESS_DENIED) {
Mprintf("ERROR: Access denied. Please run as Administrator\n");
}
else {
Mprintf("ERROR: CreateService failed (%d)\n", (int)err);
}
CloseServiceHandle(schSCManager);
return;
}
Mprintf("SUCCESS: Service created successfully\n");
// 设置服务描述
sd.lpDescription = (LPSTR)SERVICE_DESC;
if (ChangeServiceConfig2(schService, SERVICE_CONFIG_DESCRIPTION, &sd)) {
Mprintf("SUCCESS: Service description set\n");
}
// 立即启动服务
Mprintf("Starting service...\n");
if (StartService(schService, 0, NULL)) {
Mprintf("SUCCESS: Service started successfully\n");
// 等待服务启动
Sleep(2000);
// 检查服务状态
if (QueryServiceStatus(schService, &status)) {
if (status.dwCurrentState == SERVICE_RUNNING) {
Mprintf("SUCCESS: Service is running\n");
}
else {
Mprintf("WARNING: Service state: %d\n", (int)status.dwCurrentState);
}
}
}
else {
err = GetLastError();
if (err == ERROR_SERVICE_ALREADY_RUNNING) {
Mprintf("INFO: Service is already running\n");
}
else {
Mprintf("WARNING: StartService failed (%d)\n", (int)err);
Mprintf("You can start it manually using: net start %s\n", SERVICE_NAME);
}
}
CloseServiceHandle(schService);
CloseServiceHandle(schSCManager);
Mprintf("\n=== Installation Complete ===\n");
Mprintf("Service installed successfully!\n");
Mprintf("\n");
Mprintf("IMPORTANT: This is a single-executable design.\n");
Mprintf("The service will launch '%s -agent' in user sessions.\n", szPath);
Mprintf("\n");
Mprintf("Logs will be written to:\n");
Mprintf(" - C:\\GhostService.log (service logs)\n");
Mprintf(" - C:\\SessionMonitor.log (session monitor logs)\n");
Mprintf("\n");
Mprintf("Commands:\n");
Mprintf(" To verify: sc query %s\n", SERVICE_NAME);
Mprintf(" To start: net start %s\n", SERVICE_NAME);
Mprintf(" To stop: net stop %s\n", SERVICE_NAME);
}
void ServiceWrapper_Uninstall(void)
{
SC_HANDLE schSCManager;
SC_HANDLE schService;
SERVICE_STATUS status;
int waitCount;
DWORD err;
schSCManager = OpenSCManager(
NULL,
NULL,
SC_MANAGER_ALL_ACCESS
);
if (schSCManager == NULL) {
Mprintf("ERROR: OpenSCManager failed (%d)\n", (int)GetLastError());
Mprintf("Please run as Administrator\n");
return;
}
schService = OpenService(
schSCManager,
SERVICE_NAME,
SERVICE_STOP | DELETE
);
if (schService == NULL) {
Mprintf("ERROR: OpenService failed (%d)\n", (int)GetLastError());
Mprintf("Service may not be installed\n");
CloseServiceHandle(schSCManager);
return;
}
Mprintf("Stopping service...\n");
if (ControlService(schService, SERVICE_CONTROL_STOP, &status)) {
Mprintf("Waiting for service to stop");
Sleep(1000);
waitCount = 0;
while (QueryServiceStatus(schService, &status) && waitCount < 30) {
if (status.dwCurrentState == SERVICE_STOP_PENDING) {
Mprintf(".");
Sleep(1000);
waitCount++;
}
else {
break;
}
}
Mprintf("\n");
if (status.dwCurrentState == SERVICE_STOPPED) {
Mprintf("SUCCESS: Service stopped\n");
}
else {
Mprintf("WARNING: Service may not have stopped completely\n");
}
}
else {
err = GetLastError();
if (err == ERROR_SERVICE_NOT_ACTIVE) {
Mprintf("INFO: Service was not running\n");
}
else {
Mprintf("WARNING: Failed to stop service (%d)\n", (int)err);
}
}
Mprintf("Deleting service...\n");
if (DeleteService(schService)) {
Mprintf("SUCCESS: Service uninstalled successfully\n");
}
else {
Mprintf("ERROR: DeleteService failed (%d)\n", (int)GetLastError());
}
CloseServiceHandle(schService);
CloseServiceHandle(schSCManager);
Mprintf("\n=== Uninstallation Complete ===\n");
}
Reference in New Issue Copy Permalink