svchost DLL注入

使用svchost注入DLL程序过程中，出现错误193:0xc1.

#include "pch.h"


DWORD __currentStatus;
SERVICE_STATUS_HANDLE __serviceHandle = nullptr;

int notifyServiceManager(DWORD status, DWORD exitCode, DWORD progress)
{
    __currentStatus = status;
    SERVICE_STATUS serviceStatus;
    serviceStatus.dwServiceType = SERVICE_WIN32_SHARE_PROCESS | SERVICE_INTERACTIVE_PROCESS;
    serviceStatus.dwCurrentState = status;
    serviceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN;
    serviceStatus.dwWin32ExitCode = exitCode;
    serviceStatus.dwServiceSpecificExitCode = 0;
    serviceStatus.dwCheckPoint = progress;
    serviceStatus.dwWaitHint = 0;
    return SetServiceStatus(__serviceHandle, &serviceStatus);
}

BOOL APIENTRY DllMain(HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
    switch (ul_reason_for_call)
    {
    case DLL_PROCESS_DETACH:
        // 将服务状态设置为SERVICE_CONTROL_STOP
        notifyServiceManager(SERVICE_CONTROL_STOP, 0, 0);
        break;

    default:
        break;
    }

    return TRUE;
}

DWORD WINAPI serviceThread(void* params)
{
    // 执行具体的服务代码，一般会是循环，需要判断SERVICE_STOP_PENDING和SERVICE_STOPPED状态
    do {
        // 执行具体的服务代码
    } while ((__currentStatus != SERVICE_STOP_PENDING) && (__currentStatus != SERVICE_STOPPED));
    return 0;
}

void __stdcall ServiceHandler(DWORD dwControl)
{
    switch (dwControl)
    {
    case SERVICE_CONTROL_STOP:
        // do something ...
        notifyServiceManager(SERVICE_STOP_PENDING, 0, 0);
        notifyServiceManager(SERVICE_STOPPED, 0, 0);
        break;

    case SERVICE_CONTROL_PAUSE:
        // do something ...
        notifyServiceManager(SERVICE_PAUSE_PENDING, 0, 1);
        notifyServiceManager(SERVICE_PAUSED, 0, 0);
        break;

    case SERVICE_CONTROL_CONTINUE:
        // do something ...
        notifyServiceManager(SERVICE_CONTINUE_PENDING, 0, 1);
        notifyServiceManager(SERVICE_RUNNING, 0, 0);
        break;

    case SERVICE_CONTROL_INTERROGATE:
        // do something ...
        notifyServiceManager(__currentStatus, 0, 0);
        break;

    default:
        // do something ...
        notifyServiceManager(__currentStatus, 0, 0);
        break;
    }
}

extern "C" __declspec(dllexport) void ServiceMain(int argc, wchar_t* argv[])
{
    MessageBox(NULL, TEXT("进入ServiceMain"), TEXT("DLL"), NULL);
    WCHAR svcname[MAX_PATH];
    wcsncpy_s(svcname, (wchar_t*)argv[0], sizeof svcname);
    __serviceHandle = RegisterServiceCtrlHandler(svcname, (LPHANDLER_FUNCTION)ServiceHandler);
    notifyServiceManager(SERVICE_START_PENDING, 0, 1);
    notifyServiceManager(SERVICE_RUNNING, 0, 0);

    HANDLE hThread = CreateThread(nullptr, 0, serviceThread, nullptr, 0, nullptr);
    if (hThread == nullptr)
    {
        // writeEventLog("error on create service thread.");
    }

    return;
}