Ideas for Hooking a Windows Service

May 10, 2009 at 12:38 AM

I have a legacy windows service that I need to hook upon its startup.  Without correcting a value being read by the service, the service terminate immediately.  The solution here would seem to be to hook the service in the same way that CreateAndInject() operates with at-will process creation.

However, I don't have a complete understanding of how services are hosted, execute and launched.  And, I don't see a method to hook a windows service in the same way that one can hook a newly created process.

Can anyone share their ideas for how to hook an arbitrary windows service prior to or upon startup of that service?

-Jonathan

May 15, 2009 at 9:32 PM
> Can anyone share their ideas for how to hook an arbitrary windows
> service prior to or upon startup of that service?

Just a random untested idea: remove the service and instead write your
own little executable that executes the service executable via a
CreateAndInject. Then install your own executable as a service.

If that is not feasible, I guess you might have to go into kernel mode.

Ben Schwehn