Winlogon Notify的Vista移植

最新推荐文章于 2025-01-11 18:05:45 发布

原创最新推荐文章于 2025-01-11 18:05:45 发布 · 4.8k 阅读

4 ·

CC 4.0 BY-SA版权

文章标签：

#service #command #null #exception #object #encoding

其他技术文章专栏收录该内容

26 篇文章

订阅专栏

本文探讨了Winlogon Notify在Vista系统中的移植问题，指出在.NET Framework 1.1中，由于ServiceBase类无法处理SERVICE_CONTROL_SESSIONCHANGE(14)消息，导致Logon、Logoff或用户切换事件的处理受限。而在.NET Framework 2.0中，通过OnSessionChange等函数，这些问题得到了解决，使得服务能够更好地适配Windows Vista及以后的系统。同时，文章提到了安装服务时可以使用SRVINSTW.EXE工具，以替代不便使用的instalutil.exe。

Winlogon notify的Vista移植

By MikeFeng

大家知道，在Windows XP和2000中，有个Winlogon notify的方法来接收logon，logoff事件。如果有些事情需要在登录注销时去做，那么使用notify技术可以很好的解决。但是，出于安全考虑，在vista下，原来的winlogon notify的功能被微软取消了。现在只能通过系统服务的方法来代替logon, logoff, sessionchange事件的接受与处理。在大部分情况下，这种方法可以当作把winlogon notify移植到vista的方法，并且这种方法是和原来的xp兼容的。但是有两个注意点：win2000是不支持sessionchange事件的，如果要将这个服务应用于win2000，将会出现莫名奇妙的问题。另外就是毕竟服务是在winlogon notify之后才起来的，如果这个logon/logoff/sessionchange事件必须在服务启动之前发生，那么就不能用这个方法了。

下面是一个用c++写的服务，它在logoff的时候写日志。这个服务可以用在xp,2000 SP4,vista中。但是处理SessionChange事件的服务只能用在xp,vista中。

// SimService.cpp
//

#pragma comment (lib,"Secur32")

#define _WIN32_WINNT    0x6000
#include <windows.h>
#include <iostream>
#include <winuser.h>

using namespace std;

#define SERVICE_NAME    "Vista Service For Logoff Event"

HANDLE terminateEvent    = NULL;

SERVICE_STATUS_HANDLE    serviceStatusHandle;
SERVICE_STATUS          MyServiceStatus;
HANDLE threadHandle        = NULL;

BOOL pauseService        = FALSE;
BOOL runningService        = FALSE;

BOOL InitService();
VOID terminate(DWORD error);
VOID ICSEventLogoff();
VOID ServiceMain(DWORD argc, LPTSTR *argv);
BOOL SendStatusToSCM(DWORD , DWORD , DWORD , DWORD , DWORD );
VOID HandlerEx(DWORD controlCode, DWORD dwEventType, LPVOID lpEventData, LPVOID lpContext);

void main(int argc, char* argv[])
{
    BOOL success;

    SERVICE_TABLE_ENTRY serviceTable[] =
    {
        { SERVICE_NAME, (LPSERVICE_MAIN_FUNCTION) ServiceMain},
        { NULL, NULL }
    };

    //
    // Register with the SCM
    //
    success = StartServiceCtrlDispatcher(serviceTable);
    if (!success)
        return;
}

// ServiceMain is called when the SCM wants to
// start the service. When it returns, the service
// has stopped. It therefore waits on an event
// just before the end of the function, and
// that event gets set when it is time to stop.
// It also returns on any error because the
// service cannot start if there is an error.
VOID ServiceMain(DWORD argc, LPTSTR *argv)
{
    BOOL success;

    DWORD dwNum = 0;

    MyServiceStatus.dwCurrentState       = SERVICE_RUNNING;

    serviceStatusHandle = RegisterServiceCtrlHandlerEx(SERVICE_NAME,
        (LPHANDLER_FUNCTION_EX)HandlerEx, NULL);

    if (!serviceStatusHandle) {terminate(GetLastError()); return;}

    // create the termination event
    terminateEvent = CreateEvent (0, TRUE, FALSE, 0);
    if (!terminateEvent) {terminate(GetLastError()); return;}

    // Start the service itself
    success = InitService();
    if (!success) {terminate(GetLastError()); return;}

    // The service is now running.
    // Notify SCM of progress
    MyServiceStatus.dwControlsAccepted =  SERVICE_ACCEPT_STOP
        | SERVICE_ACCEPT_SHUTDOWN
        | SERVICE_ACCEPT_PAUSE_CONTINUE;
    success = SendStatusToSCM(SERVICE_RUNNING, 0, 0, 0, 0);
    if (!success) {terminate(GetLastError()); return;}

    MyServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP
        | SERVICE_ACCEPT_SHUTDOWN
        | SERVICE_ACCEPT_PAUSE_CONTINUE
        | SERVICE_ACCEPT_SESSIONCHANGE;
    success = SendStatusToSCM(SERVICE_RUNNING, 0, 0, 0, 0);

    // Wait for stop signal, and then terminate
    WaitForSingleObject (terminateEvent, INFINITE);

    terminate(0);
}

// This function consolidates the activities of
// updating the service status with SetServiceStatus.
BOOL SendStatusToSCM(DWORD dwCurrentState,
                     DWORD dwWin32ExitCode,
                     DWORD dwServiceSpecificExitCode,
                     DWORD dwCheckPoint,
                     DWORD dwWaitHint)
{
    BOOL success;

    DWORD dwNum = 0;

    // Fill in all of the SERVICE_STATUS fields
    MyServiceStatus.dwServiceType = SERVICE_WIN32;
    MyServiceStatus.dwCurrentState = dwCurrentState;

    // Set the control codes the service can receive from SCM.
    // Make sure that the code contains SERVICE_ACCEPT_SESSIONCHANGE.
    // So service will can accept winlogon message.
    /*if (dwCurrentState == SERVICE_START_PENDING)
        MyServiceStatus.dwControlsAccepted = 0;
    else
        MyServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN|
        SERVICE_ACCEPT_PAUSE_CONTINUE | SERVICE_ACCEPT_SESSIONCHANGE; */

    // if a specific exit code is defined, set up
    // the win32 exit code properly
    if (dwServiceSpecificExitCode == 0)
        MyServiceStatus.dwWin32ExitCode = dwWin32ExitCode;
    else
        MyServiceStatus.dwWin32ExitCode = ERROR_SERVICE_SPECIFIC_ERROR;

    MyServiceStatus.dwServiceSpecificExitCode = dwServiceSpecificExitCode;
    MyServiceStatus.dwCheckPoint = dwCheckPoint;
    MyServiceStatus.dwWaitHint = dwWaitHint;

    // Pass the status record to the SCM
    success = SetServiceStatus (serviceStatusHandle, &MyServiceStatus);
    return success;
}

DWORD ServiceThread(LPDWORD param)
{
    while(1)
    {
        Sleep(1000);
    }
    return 0;
}

// Initializes the service. Start a new thread
BOOL InitService()
{
    DWORD id = 0;
    int iTime = 0;

    // Start the service's thread
    while(NULL == threadHandle && iTime++ < 10)
    {
        threadHandle = CreateThread(0, 0,
            (LPTHREAD_START_ROUTINE) ServiceThread,//callback function.
            0, 0, &id );
    }

    if (threadHandle==0)
        return FALSE;
    else
    {
        runningService = TRUE;
        return TRUE;
    }
}

// Log..
void Log(LPCTSTR msg)
{
#define LOGFILE_PATH TEXT("C:/Log.txt")
    HANDLE h = CreateFile(LOGFILE_PATH,
        GENERIC_WRITE, FILE_SHARE_READ, 0, OPEN_ALWAYS, 0, 0);

    if (GetFileSize(h,NULL)==0)
    {
        byte b[2]={0xFF,0xFE};
        DWORD cb = 2;
        WriteFile(h, b, 2, &cb, 0);
    }
    if (INVALID_HANDLE_VALUE != h)
    {
        if (INVALID_SET_FILE_POINTER != SetFilePointer(h, 0, 0, FILE_END)) {
            DWORD cb = lstrlen(msg) * sizeof *msg;
            WriteFile(h, msg, cb, &cb, 0);
        }
        CloseHandle(h);
    }
}

// Dispatches events received from the SCM
VOID HandlerEx(DWORD controlCode,
               DWORD dwEventType,
               LPVOID lpEventData,
               LPVOID lpContext)
{
    DWORD currentState = 0;
    BOOL success;

    DWORD dwNum = 0;
    CHAR *tszWrite = NULL;

    switch(controlCode)
    {
    case SERVICE_CONTROL_STOP:
        // Stop the service
        MyServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP
            | SERVICE_ACCEPT_SHUTDOWN
            | SERVICE_ACCEPT_PAUSE_CONTINUE;
        success = SendStatusToSCM(SERVICE_STOP_PENDING, NO_ERROR, 0, 1, 5000);
        runningService=FALSE;
        SetEvent(terminateEvent);
        return;

    case SERVICE_CONTROL_PAUSE:
        // Pause the service
        if (runningService && !pauseService)
        {
            success = SendStatusToSCM(SERVICE_PAUSE_PENDING, NO_ERROR, 0, 1, 1000);
            pauseService = TRUE;
            SuspendThread(threadHandle);
            currentState = SERVICE_PAUSED;
        }
        break;

    case SERVICE_CONTROL_CONTINUE:
        // Resume from a pause
        if (runningService && pauseService)
        {
            success = SendStatusToSCM(SERVICE_CONTINUE_PENDING, NO_ERROR, 0, 1, 1000);
            pauseService=FALSE;
            ResumeThread(threadHandle);
            currentState = SERVICE_RUNNING;
        }
        break;

    case SERVICE_CONTROL_SESSIONCHANGE:
        switch(dwEventType)
        {
        case WTS_SESSION_LOGOFF:
            // Logoff
            Log("Logoff event happened!");
            break;
        default:
            break;

        }
        break;

    case SERVICE_CONTROL_SHUTDOWN:
        // Do nothing in a shutdown. Could do cleanup
        // here but it must be very quick.
        return;

    default:
        break;
    }
    SendStatusToSCM(currentState, NO_ERROR, 0, 0, 0);
}

//
// Handle an error and stop service.
//
VOID terminate(DWORD error)
{
    // Close terminateEvent.
    if (terminateEvent) CloseHandle(terminateEvent);

    // Send a message to the SCM to stop service.
    if (serviceStatusHandle)
        SendStatusToSCM(SERVICE_STOPPED, error, 0, 0, 0);

    // Close thread.
    if (threadHandle) CloseHandle(threadHandle);
}

另外在.net framework 1.1中，我们是没有办法支持OnSessionChange事件的，而在.net framework 2.0中的ServiceBase有了更好的扩展性，可以支持OnSessionChange。

使用Reflector观察.Net Framework 1.1.4322。打开%WINDIR%/Microsoft.NET/Framework/v1.1.4322/System.ServiceProcess.dll，查看System.ServiceProcess.ServiceBase类。它有以下两个私有成员函数，相当于C++ Service中的给RegisterServiceCtrlHandlerEx传递的回调函数(LPHANDLER_FUNCTION_EX)

private int ServiceCommandCallbackEx(int command, int eventType, IntPtr eventData, IntPtr eventContext)

{

if (command != 13)

{

this.ServiceCommandCallback(command);

}

else

{

try

{

PowerBroadcastStatus powerStatus = (PowerBroadcastStatus) eventType;

bool flag = this.OnPowerEvent(powerStatus);

this.WriteEventLogEntry(Res.GetString("PowerEventOK"));

if (!flag)

{

return 0x424d5144;

}

catch (Exception exception)

{

this.WriteEventLogEntry(Res.GetString("PowerEventFailed", new object[] { exception.ToString() }), EventLogEntryType.Error);

}

return 0;

}

private unsafe void ServiceCommandCallback(int command)

{

fixed (NativeMethods.SERVICE_STATUS* service_statusRef = &this.status)

{

if (command == 4)

{

NativeMethods.SetServiceStatus(this.statusHandle, service_statusRef);

}

else if (((this.status.currentState != 5) && (this.status.currentState != 2)) && ((this.status.currentState != 3) && (this.status.currentState != 6)))

{

switch (command)

{

case 1:

{

int currentState = this.status.currentState;

if ((this.status.currentState == 7) || (this.status.currentState == 4))

{

this.status.currentState = 3;

NativeMethods.SetServiceStatus(this.statusHandle, service_statusRef);

this.status.currentState = currentState;

new DeferredHandlerDelegate(this.DeferredStop).BeginInvoke(null, null);

}

goto Label_0259;

}

case 2:

if (this.status.currentState == 4)

{

this.status.currentState = 6;

NativeMethods.SetServiceStatus(this.statusHandle, service_statusRef);

new DeferredHandlerDelegate(this.DeferredPause).BeginInvoke(null, null);

}

goto Label_0259;

case 3:

if (this.status.currentState == 7)

{

this.status.currentState = 5;

NativeMethods.SetServiceStatus(this.statusHandle, service_statusRef);

try

{

this.OnContinue();

this.WriteEventLogEntry(Res.GetString("ContinueSuccessful"));

}

catch (Exception exception)

{

this.WriteEventLogEntry(Res.GetString("ContinueFailed", new object[] { exception.ToString() }), EventLogEntryType.Error);

this.status.currentState = 7;

goto Label_0259;

}

this.status.currentState = 4;

NativeMethods.SetServiceStatus(this.statusHandle, service_statusRef);

}

goto Label_0259;

case 5:

try

{

this.OnShutdown();

this.WriteEventLogEntry(Res.GetString("ShutdownOK"));

}

catch (Exception exception2)

{

this.WriteEventLogEntry(Res.GetString("ShutdownFailed", new object[] { exception2.ToString() }), EventLogEntryType.Error);

}

goto Label_0259;

}

try

{

this.OnCustomCommand(command);

this.WriteEventLogEntry(Res.GetString("CommandSuccessful"));

}

catch (Exception exception3)

{

this.WriteEventLogEntry(Res.GetString("CommandFailed", new object[] { exception3.ToString() }), EventLogEntryType.Error);

}

Label_0259:;

}

从上面的代码可以知道，只有当服务控制码command不等于13的时候，我们才有机会用ServiceCommandCallback对其进行处理。而这种处理只能获得控制码command，对于SERVICE_CONTROL_SESSIONCHANGE(14)的消息来说，ServiceBase类没有办法获得到底是Logon,Logoff或是用户切换时候发生的。
因此对于以下C++代码是没有办法移植到Framework 1.1 上的:

VOID HandlerEx(DWORD controlCode,

DWORD dwEventType,

LPVOID lpEventData,

LPVOID lpContext)

{

...

case SERVICE_CONTROL_SESSIONCHANGE:

switch(dwEventType)

{

case WTS_SESSION_LOGOFF:

// Logoff

ICSEventLogoff();

break;

default:

break;

}

break;

...

}

在.Net Framework 2.0的ServiceBase中，回调函数在接受服务控制命令command之外，还将所有其他参数都传给了用户可以自由扩展的回调函数，多了OnSessionChange等包装好的函数，因此就没有这个问题了。同样，我们不用将这个服务用于不支持sessionchange的Win2000上。以下是C#写的服务：

using System;

using System.ServiceProcess;

using System.Text;

using System.IO;

namespace ServiceTest

{

public partial class Service1 : ServiceBase

{

public Service1()

{

InitializeComponent();

}