Welcome to this video about Windows Services. In this video, we’ll cover the basics of Windows Services. In the next video, we’ll explore how to write a service.
What is a Windows Service?
The term “service” is commonly used in software, but here we’re discussing Windows services specifically. A Windows service is a process that provides functionality independently of any logged-in user. This allows a service to operate even when no user is logged in, commonly in environments like servers or cloud-based systems.
Examples of Windows Services:
- Web Server: Listens for TCP requests on specific ports (e.g., 80, 443).
- Database Server: Handles requests via TCP/IP ports, named pipes, etc., based on product configurations.
Service Control Manager (SCM)
The Service Control Manager (SCM) is a Windows component, essential for managing services. It allows you to start, stop, pause, resume, and interact with services based on their specific implementations.
Tools for Managing Services
- Services Applet: Accessed via the Start button, this tool provides a graphical interface showing information about all services on the system, including their display name, description, status, and startup type.
- System Explorer: Another tool that offers detailed service information in a table format, with additional sorting options by columns like process ID, binary path, account name, and privileges.
- Command line tools, like sc.exe and service-related Powershell commands.
Startup Types
- Manual: Service starts only when initiated manually.
- Automatic: Service starts automatically when the system boots.
- Automatic (Delayed): Service starts after a short delay (around 2 minutes) to avoid slowing down user login processes.
- Disabled: Service does not start unless the setting is changed.
- Trigger Start: Service starts only when a specific trigger event occurs (e.g., network connection established).
Logon and Permissions
Services can run under different Windows accounts, each with distinct privileges:
- Local System: High privileges with administrative capabilities.
- Network Service: Fewer privileges but can authenticate outside the machine.
- Local Service: Limited to local machine access with no network identity.
$1300
$1040 or $104 X 10 payments
Windows Internals Master
Broadens and deepens your understanding of the inner workings of Windows.
Managing Service Dependencies
The SCM also handles service dependencies, ensuring that required services are loaded first. Dependencies can be viewed in both the Services Applet and Process Explorer.
Process Explorer
In Process Explorer:
- Services hosted in a dedicated executable are common for third-party services.
- Windows uses a generic host, Svchost.exe, for many services to conserve resources by running multiple services in a single process.
Note on Resource Management: The consolidation of services in fewer processes conserves memory but poses risks, such as one service crash affecting others in the same process. Windows 10 version 1703 introduced improvements by allocating separate processes for most services on systems with over 3.5 GB of RAM.
Registry Location for Services
Service configurations are stored in the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services. This includes entries for both Windows services and kernel drivers.
Identifying Services and Drivers:
- Services have a “Type” value of 16 (10 hex) or higher.
- Kernel drivers have a “Type” value of 1 or 2 and usually reference a
.sysfile in their image path.
Using Command Line Tools
SC Tool
SC query <service_name>: Retrieves the state of a service.SC start <service_name>: Starts a service.SC stop <service_name>: Stops a service.
PowerShell
PowerShell offers cmdlets like Start-Service, Get-Service, and others, enabling filtering and advanced service management.
$1,478
$1182 or $120 X 10 payments
Windows Master Developer
Takes you from a “generic” C programmer to a master Windows programmer in user mode and kernel mode.
Summary and Next Steps
This video covered Windows services, tools to manage them, and essential configuration details. In the next video, we’ll dive into writing a service using C/C++, exploring the internal mechanics of service creation.
