D
DioProcess

Service Management

Ring 3

Enumerate, control, and manage Windows services via the Service Control Manager (SCM).

Overview

The Services tab provides complete Windows service management, allowing you to enumerate all installed services, start/stop them, and create or delete service entries. This is implemented in the service crate.

Features

Service Enumeration

Lists all services with their name, display name, status (Running/Stopped/Pending), start type (Auto/Manual/Disabled), binary path, description, and PID (if running).

Service Control

Start and stop services directly from the UI. Status updates reflect in real-time.

Service Creation

Create new service entries with custom name, display name, binary path, and start type.

Service Deletion

Remove service entries from the system (requires service to be stopped first).

ServiceInfo Structure

Each service is represented by the following structure:

crates/service/src/lib.rs
pub struct ServiceInfo {
    pub name: String,           // Internal service name
    pub display_name: String,   // Human-readable name
    pub status: ServiceStatus,  // Running, Stopped, StartPending, etc.
    pub start_type: StartType,  // Auto, Manual, Disabled, Boot, System
    pub binary_path: String,    // Path to service executable
    pub description: String,    // Service description
    pub pid: Option<u32>,       // Process ID if running
}

pub enum ServiceStatus {
    Running,
    Stopped,
    StartPending,
    StopPending,
    ContinuePending,
    PausePending,
    Paused,
}

pub enum StartType {
    Boot,       // Loaded by boot loader
    System,     // Started by IoInitSystem
    Auto,       // Started automatically at boot
    Manual,     // Started on demand
    Disabled,   // Cannot be started
}

API Functions

FunctionDescription
enumerate_services()Returns Vec<ServiceInfo> of all installed services
start_service(name)Starts a stopped service
stop_service(name)Stops a running service
create_service(name, display, path, start_type)Creates a new service entry in SCM
delete_service(name)Removes a service entry (must be stopped)

Implementation Details

Service management uses the Windows Service Control Manager API:

Algorithm
// Enumeration
1. OpenSCManagerW(NULL, NULL, SC_MANAGER_ENUMERATE_SERVICE)
2. EnumServicesStatusExW() with SERVICE_WIN32 | SERVICE_DRIVER
3. For each service:
   - OpenServiceW() with SERVICE_QUERY_CONFIG
   - QueryServiceConfigW() for binary path and start type
   - QueryServiceConfig2W(SERVICE_CONFIG_DESCRIPTION) for description
   - CloseServiceHandle()
4. CloseServiceHandle(scm)

// Start/Stop
1. OpenSCManagerW() with SC_MANAGER_CONNECT
2. OpenServiceW(name) with SERVICE_START or SERVICE_STOP
3. StartServiceW() or ControlService(SERVICE_CONTROL_STOP)
4. CloseServiceHandle()

// Create
1. OpenSCManagerW() with SC_MANAGER_CREATE_SERVICE
2. CreateServiceW(name, display, SERVICE_WIN32_OWN_PROCESS, start_type, ...)
3. CloseServiceHandle()

// Delete
1. OpenServiceW() with DELETE
2. DeleteService()
3. CloseServiceHandle()

UI Features

  • Search filter — Filter services by name, display name, or binary path
  • Sorting — Click column headers to sort ascending/descending
  • Context menu — Right-click for Start, Stop, Delete options
  • Create Service dialog — Modal for creating new services
  • CSV export — Export current filtered list to CSV
  • Auto-refresh — Service status updates every 3 seconds
  • Keyboard shortcuts — F5 (refresh), Escape (close menu)

Use Cases

  • • Enumerate and analyze installed security products (AV/EDR services)
  • • Start/stop services for debugging and testing
  • • Create kernel driver services programmatically
  • • Identify suspicious or malicious services by binary path
  • • Monitor service PIDs for further analysis in Process tab