1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Windows XP Service Function

Discussion in 'T&T - Functions' started by Joe Caverly, Sep 4, 2009.

  1. Joe Caverly

    Joined:
    Aug 28, 2009
    Messages:
    680
    Likes Received:
    8
    This is a follow-up to the “Windows XP Services” thread in the “T&T – Scripting” section of the forums.

    Here is another method to determine if a service is Started or Stopped.

    In this example, I have created a new function as follows;

    Code:
    isservice=`%@exec[sc query | find /i "SERVICE_NAME: %1"]`
    
    To see if the Print Spooler is active, I do the following;

    Code:
    echo %@isservice[spooler]
    
    which returns;

    Code:
    SERVICE_NAME: Spooler
    0
    
    This tells me that the Print Spooler is Started.

    If I do the following to Stop the Print Spooler;

    Code:
    net stop spooler
    
    and use the function again;

    Code:
    echo %@isservice[spooler]
    
    it returns;
    Code:
    1
    
    To get a list of all the functions that are currently running on your XP system, do the following;

    Code:
    sc query | find /i "SERVICE_NAME:"
    
    On my XP system, this returned;

    Code:
    SERVICE_NAME: ALG
    SERVICE_NAME: Ati HotKey Poller
    SERVICE_NAME: AudioSrv
    SERVICE_NAME: BITS
    SERVICE_NAME: BOINC
    SERVICE_NAME: Bonjour Service
    SERVICE_NAME: Browser
    SERVICE_NAME: CCALib8
    SERVICE_NAME: DcomLaunch
    SERVICE_NAME: Dhcp
    SERVICE_NAME: dmserver
    SERVICE_NAME: Eventlog
    SERVICE_NAME: EventSystem
    SERVICE_NAME: FastUserSwitchingCompatibility
    SERVICE_NAME: FPAVServer
    SERVICE_NAME: HidServ
    SERVICE_NAME: hpqcxs08
    SERVICE_NAME: hpqddsvc
    SERVICE_NAME: HPSLPSVC
    SERVICE_NAME: HTTPFilter
    SERVICE_NAME: JavaQuickStarterService
    SERVICE_NAME: lanmanserver
    SERVICE_NAME: lanmanworkstation
    SERVICE_NAME: Netman
    SERVICE_NAME: Nla
    SERVICE_NAME: PlugPlay
    SERVICE_NAME: PolicyAgent
    SERVICE_NAME: ProtectedStorage
    SERVICE_NAME: RasMan
    SERVICE_NAME: RemoteRegistry
    SERVICE_NAME: RichVideo
    SERVICE_NAME: RpcSs
    SERVICE_NAME: SamSs
    SERVICE_NAME: Schedule
    SERVICE_NAME: seclogon
    SERVICE_NAME: SENS
    SERVICE_NAME: SharedAccess
    SERVICE_NAME: ShellHWDetection
    SERVICE_NAME: spkrmon
    SERVICE_NAME: srservice
    SERVICE_NAME: SSDPSRV
    SERVICE_NAME: stisvc
    SERVICE_NAME: TapiSrv
    SERVICE_NAME: TermService
    SERVICE_NAME: Themes
    SERVICE_NAME: TrkWks
    SERVICE_NAME: W32Time
    SERVICE_NAME: WebClient
    SERVICE_NAME: winmgmt
    SERVICE_NAME: wscsvc
    SERVICE_NAME: WZCSVC
    
    The @isservice function can use any of these services as a parameter.

    This function makes it easy to determine the status of my F-Prot Anti-virus program from a batch file;

    Code:
    echo %@isservice[fpavserver]
    
    Hope you find the @isservice function useful.

    Joe
     
  2. samintz

    samintz Scott Mintz

    Joined:
    May 20, 2008
    Messages:
    1,190
    Likes Received:
    11
    V10 introduced the SERVICES command and the @SERVICE function.

    Display, stop, or start system services.

    SERVICES [/P /R /S]
    /P(ause) /S(top)
    R(un)

    @SERVICE[service,info] : Returns information about the specified service.

    service - the service name to query
    info - the information you want

    1 The type of service. This will return one or more of the following
    values:
    1 Device driver
    2 File system driver
    16 The service runs in its own process
    32 The service shares a process with other services
    256 The service can interact with the desktop

    2 The current state of the service. This will return one of the following
    values:
    1 The service is not running
    2 The service is starting
    3 The service is stopping
    4 The service is running
    5 The service continue is pending
    6 The service pause is pending
    7 The service is paused

    3 Returns the check-point value the service increments to report its
    progress during a lengthy start, stop, pause, or continue operation. This
    value will be 0 if there is no pending operation.

    4 The control codes the service accepts and processes in its handler
    function. This will return a combination of the following values (you can
    check the return value with the @EVAL OR test):
    1 The service can be stopped
    2 The service can be paused and continued
    4 The service is notified when system shutdown occurs
    8 The service can reread its startup parameters without being
    stopped and restarted
    16 The service is a network component that can accept changes in
    its binding without being stopped and restarted
    32 The service is notified when the computer's hardware profile
    has changed
    64 The service is notified when the computer's power status has
    changed
    128 The service is notified when the computer's session status has
    changed
    256 The service can perform pre-shutdown tasks

    5 Returns the estimated time required for a pending start, stop, pause, or
    continue operation (in milliseconds).

    -Scott

    Joe Caverly <> wrote on 09/04/2009 08:37:29
    AM:


     
  3. Joe Caverly

    Joined:
    Aug 28, 2009
    Messages:
    680
    Likes Received:
    8
    Hi,
    Thanks, but I'm still using 4NT8.

    Joe

     
  4. gwgaston

    gwgaston Senior IT Security Consultant

    Joined:
    May 28, 2008
    Messages:
    40
    Likes Received:
    1
    Before plugins (and v10 as already mentioned) I had similar functions. Here are 2 old UDFs you might find useful (second one for remote systems) to see if a service is running:

    isSVCRunning=`%@if["A%@execstr[sc query %1 | ffind /f /k /m /t": 4 RUNNING"]" NEQ "A",Yes,No]`

    isRMTSVCRunning=`%@if["A%@execstr[sc \\%1 query %2 | ffind /f /k /m /t": 4 RUNNING"]" NEQ "A",Yes,No]`
     
  5. Steve Fabian

    Joined:
    May 20, 2008
    Messages:
    3,520
    Likes Received:
    4
    Joe Caverly wrote:
    | Hi,
    | Thanks, but I'm still using 4NT8.

    You can use the _services variable, the @services function, or the SERVICES
    command in Federico Romano's FEDUTILS plugin. Works well in 4nt8.
    --
    HTH, Steve
     
  6. gwgaston

    gwgaston Senior IT Security Consultant

    Joined:
    May 28, 2008
    Messages:
    40
    Likes Received:
    1
    I like Federico's plugin... but I had issues with his @services (and I'm sure I brought them up a few years back), so I rolled my own plugin for this.

    Trying to recall what those issues where. Here is one.... Anything that came after the call was lost. As in:

    c:\utils>echos.Before,& echos.%@service[tcpip,query], & echo.After
    Before,Running

    Notice how the comma nor the next echo were shown.
     

Share This Page