Share via

3.1.4.23 RCreateServiceA (Opnum 24)

  • Article

The RCreateServiceA method creates the service record in the SCM database.

 DWORD RCreateServiceA(
   [in] SC_RPC_HANDLE hSCManager,
   [in, string, range(0, SC_MAX_NAME_LENGTH)] 
     LPSTR lpServiceName,
   [in, string, unique, range(0, SC_MAX_NAME_LENGTH)] 
     LPSTR lpDisplayName,
   [in] DWORD dwDesiredAccess,
   [in] DWORD dwServiceType,
   [in] DWORD dwStartType,
   [in] DWORD dwErrorControl,
   [in, string, range(0, SC_MAX_PATH_LENGTH)] 
     LPSTR lpBinaryPathName,
   [in, string, unique, range(0, SC_MAX_NAME_LENGTH)] 
     LPSTR lpLoadOrderGroup,
   [in, out, unique] LPDWORD lpdwTagId,
   [in, unique, size_is(dwDependSize)] 
     LPBYTE lpDependencies,
   [in, range(0, SC_MAX_DEPEND_SIZE)] 
     DWORD dwDependSize,
   [in, string, unique, range(0, SC_MAX_ACCOUNT_NAME_LENGTH)] 
     LPSTR lpServiceStartName,
   [in, unique, size_is(dwPwSize)] 
     LPBYTE lpPassword,
   [in, range(0, SC_MAX_PWD_SIZE)] 
     DWORD dwPwSize,
   [out] LPSC_RPC_HANDLE lpServiceHandle
 );

hSCManager: An SC_RPC_HANDLE (section 2.2.4) data type that defines the handle to the SCM database created using one of the open methods specified in section 3.1.4. The SC_MANAGER_CREATE_SERVICE access right MUST have been granted to the caller when the RPC context handle was created.

lpServiceName: A pointer to a null-terminated ANSI string that specifies the name of the service to install. This MUST not be null.

The forward slash, back slash, comma, and space characters are illegal in service names.

lpDisplayName: A pointer to a null-terminated ANSI string that contains the display name by which user interface programs identify the service.

dwDesiredAccess: A value that specifies the access to the service. This MUST be one of the values specified in section 3.1.4.

The following generic access types also can be specified.

dwServiceType: A value that specifies the type of service. This MUST be one or a combination of the following values.

Value

Meaning

SERVICE_KERNEL_DRIVER

0x00000001

A driver service. These are services that manage devices on the system.

SERVICE_FILE_SYSTEM_DRIVER

0x00000002

A file system driver service. These are services that manage file systems on the system.

SERVICE_WIN32_OWN_PROCESS

0x00000010

Service that runs in its own process.

SERVICE_WIN32_SHARE_PROCESS

0x00000020

Service that shares a process with other services.

SERVICE_INTERACTIVE_PROCESS

0x00000100

The service can interact with the desktop.

dwStartType: A value that specifies when to start the service. This MUST be one of the following values.

Value

Meaning

SERVICE_BOOT_START

0x00000000

Starts the driver service when the system boots up. This value is valid only for driver services.

SERVICE_SYSTEM_START

0x00000001

Starts the driver service when the system boots up. This value is valid only for driver services. The services marked SERVICE_SYSTEM_START are started after all SERVICE_BOOT_START services have been started.

SERVICE_AUTO_START

0x00000002

Starts the service automatically during system startup.

SERVICE_DEMAND_START

0x00000003

The SCM starts the service when a process calls the StartService function. For more information, see [MSDN-STARTSERVICE].

SERVICE_DISABLED

0x00000004

Service cannot be started.

dwErrorControl: A value that specifies the severity of the error if the service fails to start and determines the action that the SCM takes. This MUST be one of the following values.

Value

Meaning

SERVICE_ERROR_IGNORE

0x00000000

The SCM ignores the error and continues the startup operation.

SERVICE_ERROR_NORMAL

0x00000001

The SCM logs the error, but continues the startup operation.

SERVICE_ERROR_SEVERE

0x00000002

The SCM logs the error. If the last-known good configuration is being started, the startup operation continues. Otherwise, the system is restarted with the last-known good configuration.

SERVICE_ERROR_CRITICAL

0x00000003

The SCM SHOULD log the error if possible. If the last-known good configuration is being started, the startup operation fails. Otherwise, the system is restarted with the last-known good configuration.

lpBinaryPathName: A pointer to a null-terminated ANSI string that contains the fully qualified path to the service binary file. The path MAY include arguments. If the path contains a space, it MUST be quoted so that it is correctly interpreted. For example, "d:\\my share\\myservice.exe" is specified as "\"d:\\my share\\myservice.exe\"".

lpLoadOrderGroup: A pointer to a null-terminated ANSI string that names the load-ordering group of which this service is a member.

Specify NULL or an empty string if the service does not belong to a load-ordering group.

lpdwTagId: A pointer to a variable that receives a tag value. The value is unique to the group specified in the lpLoadOrderGroup parameter.

lpDependencies: A pointer to an array of null-separated names of services or load ordering groups that MUST start before this service. The array is doubly null-terminated. Load ordering group names are prefixed with a "+" character (to distinguish them from service names). If the pointer is NULL or if it points to an empty string, the service has no dependencies. Cyclic dependency between services is not allowed. The character set is ANSI. Dependency on a service means that this service can only run if the service it depends on is running. Dependency on a group means that this service can run if at least one member of the group is running after an attempt to start all members of the group.

dwDependSize: The size, in bytes, of the string specified by the lpDependencies parameter.

lpServiceStartName: A pointer to a null-terminated ANSI string that specifies the name of the account under which the service runs.

lpPassword: A pointer to a null-terminated ANSI string that contains the password of the account whose name was specified by the lpServiceStartName parameter.

dwPwSize: The size, in bytes, of the password specified by the lpPassword parameter.

lpServiceHandle: An LPSC_RPC_HANDLE (section 2.2.4) data type that defines the handle to the newly created service record.

Return Values: The method returns 0x00000000 (ERROR_SUCCESS) on success; otherwise, it returns one of the following error codes.

Return value/code

Description

5

ERROR_ACCESS_DENIED

The SC_MANAGER_CREATE_SERVICE access right had not been granted to the caller when the RPC context handle was created.

6

ERROR_INVALID_HANDLE

The handle specified is invalid.

13

ERROR_INVALID_DATA

The data is invalid.

87

ERROR_INVALID_PARAMETER

A parameter that was specified is invalid.

123

ERROR_INVALID_NAME

The specified service name is invalid.

1057

ERROR_INVALID_SERVICE_ACCOUNT

The user account name specified in the lpServiceStartName parameter does not exist.

1059

ERROR_CIRCULAR_DEPENDENCY

A circular service dependency was specified.

1072

ERROR_SERVICE_MARKED_FOR_DELETE

The service record with a specified name already exists, and RDeleteService has been called for it.

1073

ERROR_SERVICE_EXISTS

The service record with the ServiceName matching the specified lpServiceName already exists.

1078

ERROR_DUPLICATE_SERVICE_NAME

The service record with the same DisplayName or the same ServiceName as the passed-in lpDisplayName already exists in the service control manager database.

1115

ERROR_SHUTDOWN_IN_PROGRESS

The system is shutting down.

In response to this request from the client, for a successful operation the server MUST use the service name specified in the lpServiceName parameter to create a new service record in the SCM database and use the values from the appropriate parameters of the client request to update the attributes of this newly created service record.

The server MUST treat the lpPassword as a clear-text password if the client is using RPC over TCP, ncacn_ip_tcp (as specified in [MS-RPCE]). See section 2.1.2 Client.

The server MUST treat the lpPassword as encrypted and decrypt it, if the client is using a RPC over NP, ncacn_np (as specified in [MS-RPCE]). The server MUST first retrieve a session key as specified in [MS-CIFS] (section 3.5.4.4). An RPC server application requests the session key of a client and then uses the routine as specified in [MS-LSAD] (section 5.1.2) to decrypt the password.

If the service is created successfully, the server MUST return a handle to the service in the lpServiceHandle parameter with the access rights associated with this handle as specified in the dwDesiredAccess parameter of the client request.

The server MUST use the process described in Conversion Between ANSI and Unicode String Formats (section 3.1.7) to convert a string to the appropriate format.

If the service is created successfully, the server MUST increment the HandleCount field of the service record.

The only valid combinations of values for dwServiceType are SERVICE_INTERACTIVE_PROCESS and SERVICE_WIN32_OWN_PROCESS or SERVICE_INTERACTIVE_PROCESS and SERVICE_WIN32_SHARE_PROCESS. If the value of dwServiceType has more than one bit set and the combination of bits is not equal to SERVICE_INTERACTIVE_PROCESS and SERVICE_WIN32_OWN_PROCESS or SERVICE_INTERACTIVE_PROCESS and SERVICE_WIN32_SHARE_PROCESS, the server MUST fail the method and return the error ERROR_INVALID_PARAMETER.

If lpBinaryPathName contains arguments, the server MUST pass these arguments to the service entry point.

If lpdwTagId has a valid value and lpLoadOrderGroup is either NULL or an empty string, then the server MUST return ERROR_INVALID_PARAMETER.