I wrote it long time ago and just discovered it in my drafts folder.<\/p>\n\n\n\n
Sc.exe<\/em> is a popular native OS program used to control services. We see\/use it pretty often but rarely look at its rich and less-known options. This post tries to map these options to APIs and control codes that are being used by sc.exe<\/em> to communicate with the services. <\/p>\n\n\n\n So, yes, it turns out that many of sc.exe<\/em> options are just a convenient wrapper for standard Windows Service functions. If you ever programmed and built at least one service process the commands offered by the sc.exe <\/em>will sound very familiar to you. We can create a service, we can start it, we can pause it, we can query its status and its many parameters, and we can stop it. We can finally remove it. And in-between we can send various control codes to it too. Pretty straightforward.<\/p>\n\n\n\n Let’s walk through all options one by one:<\/p>\n\n\n\n Now that we have this out of the way, I can reveal why I was attracted to looking at these config options in a first place. It is the bufsize=<\/em> command line argument I have never used before.<\/p>\n\n\n\n It lets you decide how large the buffer will be when a specific API or control code is being sent to the service. Make it too small, and you get an error. Make it too big, and it’s an error too. Interesting.<\/p>\n\n\n\n For instance, if you run sc query<\/em>, you will get a list of all services. If you run sc query bufsize= 100<\/em> though, the command will fail.<\/p>\n\n\n\n Plus, if there is a default hard-coded inside the sc.exe<\/em>, then will I, by making the service parameters always outside of the default size, make sc<\/em> fail to report unless I actually use the bufsize=<\/em> command line argument that is allocating buffer large enough to hold all the data?<\/p>\n\n\n\n Another interesting bit is that you can use sc control<\/em> command to determine the status of the service instead of sc query or sc qc e.g:<\/p>\n\n\n\n sc control SysmonDrv 4<\/p>\n\n\n\n shows:<\/p>\n\n\n\n SERVICE_NAME: SysmonDrv This is because control code 4 is actually SERVICE_CONTROL_INTERROGATE.<\/p>\n","protected":false},"excerpt":{"rendered":" I wrote it long time ago and just discovered it in my drafts folder. Sc.exe is a popular native OS program used to control services. We see\/use it pretty often but rarely look at its rich and less-known options. This … Continue reading
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0<\/p><\/blockquote>\n\n\n\n