System Services

This section provides comprehensive documentation on the core system services provided by the Windows operating system. These services are fundamental to the operation of applications and the system itself, managing resources, processes, and interactions at a low level.

Overview of Windows System Services

Windows system services are background processes that can be started automatically when the operating system boots up, or manually by a user or administrator. They perform a variety of essential tasks, such as:

Managing hardware devices (e.g., Print Spooler, Plug and Play)
Providing network connectivity (e.g., TCP/IP Protocol Driver, DHCP Client)
Handling security and authentication (e.g., Security Account Manager, Local Security Authority)
Managing system processes and resources (e.g., Windows Management Instrumentation)
Interacting with the user interface (e.g., Desktop Window Manager Session Manager)

Key System Services APIs

The following are some of the most critical APIs and components related to system services:

Service Control Manager (SCM)

The Service Control Manager is a fundamental system component responsible for controlling and communicating with Windows services. It allows applications to start, stop, query, and configure services.

Core SCM Functions:

OpenSCManager: Connects to the service control manager.
CreateService: Creates a new service entry in the service control manager's database.
StartService: Starts a specified service.
ControlService: Sends a control code to a specified service.
QueryServiceStatus: Retrieves the status of a specified service.
CloseServiceHandle: Closes a handle to the service control manager or a service.

Process Management APIs

Interacting with and managing processes is a core system service. These APIs allow for the creation, termination, and monitoring of processes.

Key Process APIs:

CreateProcess: Creates a new process and its primary thread.
TerminateProcess: Terminates a specified process.
OpenProcess: Opens a handle to an existing process object.
EnumProcesses: Retrieves a list of process identifiers for all running processes on the local computer.

Registry API

The Windows Registry is a hierarchical database that stores low-level settings for the operating system and for applications that opt to use the registry to store configuration information.

Registry Functions:

RegOpenKeyEx: Opens a specified registry key.
RegQueryValueEx: Retrieves the type and data for a specified registry value.
RegSetValueEx: Sets the data and extended properties of a specified registry value.
RegCloseKey: Closes a handle to an open registry key.

Example: Checking Service Status

The following C++ code snippet demonstrates how to check the status of a specific Windows service using the SCM APIs.


#include <windows.h>
#include <iostream>

int main() {
    SC_HANDLE schSCManager;
    SC_HANDLE schService;
    SERVICE_STATUS ssStatus;

    // Connect to the Service Control Manager
    schSCManager = OpenSCManager(
        NULL,                    // Local machine
        NULL,                    // ServicesActive database
        SC_MANAGER_ALL_ACCESS);  // Full access

    if (schSCManager == NULL) {
        std::cerr << "OpenSCManager failed: " << GetLastError() << std::endl;
        return 1;
    }

    // Open the service
    schService = OpenService(
        schSCManager,              // SCM handle
        L"Spooler",                // Service name (e.g., Print Spooler)
        SERVICE_QUERY_STATUS);     // Access rights

    if (schService == NULL) {
        std::cerr << "OpenService failed: " << GetLastError() << std::endl;
        CloseServiceHandle(schSCManager);
        return 1;
    }

    // Query the service status
    if (ControlService(schService, SERVICE_CONTROL_INTERROGATE, &ssStatus)) {
        std::cout << "Service Status: ";
        switch (ssStatus.dwCurrentState) {
            case SERVICE_STOPPED:
                std::cout << "STOPPED" << std::endl;
                break;
            case SERVICE_START_PENDING:
                std::cout << "START PENDING" << std::endl;
                break;
            case SERVICE_STOP_PENDING:
                std::cout << "STOP PENDING" << std::endl;
                break;
            case SERVICE_RUNNING:
                std::cout << "RUNNING" << std::endl;
                break;
            case SERVICE_CONTINUE_PENDING:
                std::cout << "CONTINUE PENDING" << std::endl;
                break;
            case SERVICE_PAUSE_PENDING:
                std::cout << "PAUSE PENDING" << std::endl;
                break;
            case SERVICE_PAUSED:
                std::cout << "PAUSED" << std::endl;
                break;
            default:
                std::cout << "Unknown state" << std::endl;
                break;
        }
    } else {
        std::cerr << "ControlService failed: " << GetLastError() << std::endl;
    }

    // Clean up
    CloseServiceHandle(schService);
    CloseServiceHandle(schSCManager);

    return 0;
}

Common System Service APIs
API Function	Description	Module
`CreateProcess`	Creates a new process and its primary thread.	Kernel32.dll
`OpenSCManager`	Connects to a service control manager database on a specified computer.	Advapi32.dll
`RegOpenKeyEx`	Opens a handle to the specified registry key.	Advapi32.dll
`GetSystemInfo`	Retrieves information about the current system.	Kernel32.dll
`GetComputerName`	Retrieves the NetBIOS name of the local computer.	Kernel32.dll