..-----------------------------------------..
..       svchost.exe     ..
.._________________________________________..


1. 

   ,            (w2k,  xp),
        .     
     .            
      ,    ...  
     .        -     . ,
    :)

           ,      .   
   ,  .

         ( ,   )  
   .      ,          .
        rsdn.ru   .

    ,    -       ,
       .       
         ,      "svchost.exe",      
           .       
      ?  MSDN  ,      .  
       =)


2.  svchost.exe

   ,        .  
     (    )          
      "HKLM\System\CurrentControlSet\Services".     
   ,    "ImagePath"    
   "%SystemRoot%\system32\svchost.exe -k netsvcs",       .
      ,    .         
      "netsvcs"     svchost`.  
          "Parameters\ServiceDLL".  
              -    
   .       ServiceMain.

               svchost`      
   "HKLM\Software\Microsoft\Windows NT\CurrentVersion\SvcHost".      
        REG_MULTI_SZ,    
    .           
     "svchost.exe".           C-A-D, 
          .

     REG_MULTI_SZ  -     .   
     "\0".       "\0\0".  .. 
   ",    " :
	
   "hello\0mother\0fucker\0\0"


3.  

        .     ,   
    dll    ServiceMain.    
       ,  ()  9000   
        "hello\n".

           ,    .  ,
        "SERVICE_STATUS",    "dwServiceType"
      "SERVICE_WIN32_SHARE_PROCESS". ,   
   ,       stop,     
   "dwControlsAccepted"      "SERVICE_ACCEPT_STOP",   
              .    
     .    =)

      .

         "SERVICE_WIN32_SHARE_PROCESS",
   "SERVICE_AUTO_START", "SERVICE_ERROR_IGNORE", .. ,    
           ,    
           .     
   "%SystemRoot%\\System32\\svchost.exe -k netsvcs", ..  
     netsvcs.

       "HKLM\System\CurrentControlSet\Services\"
       "Description" -     ( 
           ChangeServiceConfig2).

   ,     ,   "Parameters"   
     dll.      .     
    ,             - "ServiceDll" 
      . ,  .         
      "%SystemRoot%\\System32\\Services.dll"         
           .       
     . ,  CopyFile()   .

       -         .
   ..              "HKLM\Software\Microsoft\Windows NT\
   CurrentVersion\SvcHost"        ,   
      "-k"       .     
   ,         REG_MULTI_SZ.

   ...       :)


4. 

       .       ,   
          - .  
     ,      .

      ,          svchost`
     :
   
   -     "tasklist /svc"    .
   -      . Svchost.exe   9000
      (   ).


5. 

   ,       ,     
   ...            .  ,   ..
   "" ,          ,  
             
   ,      .

          ?  ...   ,   
       =)

   ..          
     :)  .

   .2.     MSVC++ 6.0