Hi, to make things clear, how to check if a Win32 exe is currently running as a NT service: 1.) Check if the SID (security ID) of the current process is "S-1-5-18", i.e. the so called LOCALSYSTEM account. This changes if you configure your service (in the services control panel) to run on a different account. 2.) Check if the parent process of your service is "services.exe", the service control manager. 3.) Check if the parent process of this parent process is "winlogon.exe".
I always use all three checks (a little bit paranoid) but it is sufficient to check the SID. You can bypass the 2nd and 3rd checks by passing NULL, thus: IsService(NULL,NULL,"<SID string>") At least, the 3rd parameter must be fixed at link time or check #1 will fail at run time. Just pass the same SID that you are using in the installation procedure of your service. The default account is always LOCALSYSTEM. As an alternative, you can just check if the parent process of your process is "services.exe", the Service Control Manager. All NT services run on behalf of the SCM. This is static on all Windows versions running services. Rgs, Ingo. -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Richard Levitte - VMS Whacker Gesendet: Sonntag, 10. August 2003 11:39 An: [EMAIL PROTECTED]; [EMAIL PROTECTED] Betreff: Re: AW: AW: BUG: CreateToolhelp32Snapshot, check if running as NT service In message <[EMAIL PROTECTED]> on Sun, 10 Aug 2003 02:25:38 +0200, "Ingo A. Kubbilun" <[EMAIL PROTECTED]> said: ingo> Jeff: ingo> ingo> In fact, it is sufficient to call the supplied function as ingo> described in my last mail: ingo> IsService(EXENAME_SERVICES,EXENAME_WINLOGON,SYSTEM_SID) ingo> The three arguments are just three #define's (refer to svccheck.h). ingo> The function's prototype requires three params because I cloned the ingo> stuff from another project I'm currently working on. ingo> For your convenience, you can also add another #define: ingo> ingo> #define _IsService ingo> IsService(EXENAME_SERVICES,EXENAME_WINLOGON,SYSTEM_SID) ingo> ingo> and use the macro "_IsService" instead. If you need another ingo> solution, please let me know. Hmm, are EXENAME_SERVICES, EXENAME_WINLOGIN and SYSTEM_SID independent of the windows version and so on that you happen to build it no? If not, your solution has the flaw that it will check with parameters that were set when OpenSSL was built, not the correct parameters of an actual run. -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
