I've been trying to query services but I cant get them to work.the problem is the queryservicestatus function results return in a array of structures and when I try mov eax,(whateverstruct ptr [2].lpservicename) and messagebox I don't get anything.But when I do whateverstructlabel.lpservicename it works fine but just for the first returned service.Anyone know what the problem is?
Posted on 2003-12-05 12:29:15 by Webring
Since when does it return an array of structure?


The QueryServiceStatus function retrieves the current status of the specified service.

This function has been superseded by the QueryServiceStatusEx function. QueryServiceStatusEx returns the same information QueryServiceStatus returns, with the addition of the process identifier and additional information for the service.

BOOL QueryServiceStatus(
SC_HANDLE hService,

Handle to the service. This handle is returned by the OpenService or the CreateService function, and it must have the SERVICE_QUERY_STATUS access right. For more information, see Service Security and Access Rights.
Pointer to a SERVICE_STATUS structure that receives the status information.
Return Values
If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

The following error codes can be set by the service control manager. Other error codes can be set by the registry functions that are called by the service control manager.

Return Code Description
ERROR_ACCESS_DENIED The handle does not have the SERVICE_QUERY_STATUS access right.
ERROR_INVALID_HANDLE The handle is invalid.

The QueryServiceStatus function returns the most recent service status information reported to the service control manager. If the service just changed its status, it may not have updated the service control manager yet. Applications can find out the current service status by interrogating the service directly using the ControlService function with the SERVICE_CONTROL_INTERROGATE control code.

Example Code
For an example, see Starting a Service.

Client: Included in Windows XP, Windows 2000 Professional, and Windows NT Workstation.
Server: Included in Windows Server 2003, Windows 2000 Server, and Windows NT Server.
Header: Declared in Winsvc.h; include Windows.h.
Library: Use Advapi32.lib.
Posted on 2003-12-05 21:27:37 by roticv

I believe QueryServiceStatusEx needs to be handled in a similar manner to EnumServicesStatusEx. You need to preallocate enough memory to receive all the entries that will be returned in the SERVICE_STATUS_PROCESS and ENUM_SERVICE_STATUS_PROCESS structures. You can do this by calling the API twice, the first time with a buffer size/pointer of zero. GetLastError will return ERROR_MORE_DATA (for EnumServicesStatusEx) or ERROR_INSUFFICIENT_BUFFER (for QueryServiceStatusEx) and the pcbBytesNeeded parameter from either call will contain the number of bytes required to receive the remaining entries. Then you can allocate the required amount of memory and reissue the EnumServicesStatusEx / QueryServiceStatusEx call, this time with a correct buffer to hold all the service information.

If you like, there is an example of this here, check the Enum_Services proc in EnumServicesStatus.inc.


Posted on 2003-12-06 00:51:01 by Kayaker