web analytics

Service Control Manager

Options

codeling 1595 - 6639
@2018-06-14 10:09:00

Service Control Manager (SCM) is a special system process under the Windows operating systems, which starts, stops and interacts with Windows service processes.

This application lives in the system directory %WinDir%\System32 (32bit), or %WinDir%\SysWOW64 (64 bits)

@2018-06-14 10:11:21

Database of Installed Services

The SCM maintains a database of installed services in the registry. The database is used by the SCM and programs that add, modify, or configure services. The following is the registry key for this database:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

 

The HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services registry key for Windows Services

This key contains a subkey for each installed service and driver service. The name of the subkey is the name of the service, as specified by the CreateService() function when the service was installed by a service configuration program. An initial copy of the database is created when the system is installed. The database contains entries for the device drivers required during system boot. The database includes the following information about each installed service and driver service:

  1. The service type. This indicates whether the service executes in its own process or shares a process with other services. For driver services, this indicates whether the service is a kernel driver or a file system driver.
  2. The start type. This indicates whether the service or driver service is started automatically at system startup (auto-start service) or whether the SCM starts it when requested by a service control program (demand-start service). The start type can also indicate that the service or driver service is disabled, in which case it cannot be started.
  3. The error control level. This specifies the severity of the error if the service or driver service fails to start during system startup and determines the action that the startup program will take.
  4. The fully qualified path of the executable file. The filename extension is .EXE for services and .SYS for driver services.
  5. Optional dependency information used to determine the proper order for starting services or driver services. For services, this information can include a list of services that the SCM must start before it can start the specified service, the name of a load ordering group that the service is part of, and a tag identifier that indicates the start order of the service in its load ordering group. For driver services, this information includes a list of drivers that must be started before the specified driver.
  6. For services, an optional account name and password. The service program runs in the context of this account. If no account is specified, the service executes in the context of the LocalSystem account.
  7. For driver services, an optional driver object name (for example, \FileSystem\Rdr or \Driver\Xns), used by the I/O system to load the device driver. If no name is specified, the I/O system creates a default name based on the driver service name.
@2018-06-14 10:23:30

In the windows registry, CurrentControlSet is an alternating symbolic link to either ControlSet001 or ControlSet002. It always points to the ControlSet that is currently loaded.

ControlSet001 may be the last control set you booted with, while ControlSet002 could be what is known as the last known good control set, or the control set that last successfully booted Windows

Actual symbolic link match is in: HKEY_LOCAL_MACHINE\SYSTEM\Select\.

The most valuable and reliable control set is CurrentControlSet. If you need to modify system settings in the Registry, CurrentControlSet is the best subkey to choose because you know that it is the correct control set.

Comments

You must Sign In to comment on this topic.


© 2024 Digcode.com