The modern concept of almost any operating system at the moment implies the presence of an initialisation system or Windows Services. But why is it needed at all? And what tasks does it solve?
For the correct work of the system you need services that will provide the work of the network, file system, will interact with the infrastructure. Someone must run them, know in what order to do it, as well as when and under what conditions. This role could be taken by a kernel module or even the kernel itself, however, the need for constant changes in the composition of services and their configuration forced to abandon this idea and move the software to the user space.
Windows Service became an application services.exe, which allowed to implement the functionality of service orchestration. The kernel, after fully initialising itself and its components, launches a number of applications, including services.exe, which reads in a pre-formed config and launches system and user services according to certain conditions and in order.
It is literally the parent process for many of the processes running on the OS. Therefore, they can also be managed through a single snap panel for services.
How do I view services in Windows?
The easiest way is to use PowerShell with its pre-built cmdlets, a list of all of which can be viewed by invoking the cmdlet:
The list of cmdlets is sufficient to fully manage services in Windows. Let's consider their use on specific cases, for example, we need to quickly find a list of all services:
Or those that are currently in the ‘stopped’ state. For this purpose we can play with the Where-Object filter parameter, which will allow us to find all matching services by the service object property:
We can also view all running processes with an alternative command, where we change 'Stopped' to 'Running':
For a quick search you can also use other object fields, for example, if you know the approximate name of your service.
How to stop, start Windows services?
Use the cmdlet from the list presented earlier, which will allow you to perform a stop action on the Services object:
This error indicates that you do not have enough privileges to execute the command, so re-run PowerShell as Administrator Win+X → Terminal(Administrator)/Powershell(Administrator):
Similarly, you can suspend or start any of the services:
The suspend/continue action corresponds to the following commands:
But if we need to create our own Windows service to perform socket sniffing tasks, running as Administrator?
How do we create our own Windows service?
Services.exe which is an initialisation system uses units or a short service/application profile to automate their startup. Unlike Linux-like systems where communication with the service is done at the child process management level with signal processing, Windows Services requires internal processing of API requests.
If you have software pre-prepared using Windows API handlers, you can use the command:
Name = 'My_Service'
BinaryPathName = 'C:Windows\System32\svchost.exe'
DisplayName = 'New Service'
StartupType = 'Manual'
Description = 'This is a test service.'
}
New-Service @params
But a normal script or software, without handler functions inside, will simply fail to run. The services.exe process will not receive a response from the service:
For such cases, the NSSM or Non-Sucking Service Manager was developed, which becomes a binary proxy between you and Services.exe.
The way it works is that a Binary = nssm ‘App1’ ‘Arg1’ entry is registered in Windows services. This means that the API request will be passed to the nssm utility for control, and it will convert it into a normal signal and start controlling the child process:
Let's take a quick look at how you can create a service this way. First, install nssm from the developer's official site or use the package manager via terminal:
Afterwards, open a terminal and type the command:
$serviceName = 'My_servv'
$powershell = (Get-Command powershell).Source
$scriptPath = 'D:\service.ps1'
$arguments = '-ExecutionPolicy Bypass -NoProfile -File "{0}"'. -f $scriptPath
& $nssm install $serviceName $powershell $arguments
& $nssm status $serviceName
Start-Service $serviceName
And after that it is necessary to write a command to check if the service is running:
As you can see the result of the launch showed that the service is in Running state and is able to process user requests.
As a result of not complicated manipulations we got a running service that communicates through the nssm mediator, which is able to manage units and process API requests. Such mechanism of the initialisation system allows to start automatically not only the services for which it is initially intended, but also other software to ensure the OS operability.