Windows XP Service Function

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
#1
This is a follow-up to the “Windows XP Services” thread in the “T&T – Scripting” section of the forums.

Here is another method to determine if a service is Started or Stopped.

In this example, I have created a new function as follows;

Code:
isservice=`%@exec[sc query | find /i "SERVICE_NAME: %1"]`
To see if the Print Spooler is active, I do the following;

Code:
echo %@isservice[spooler]
which returns;

Code:
SERVICE_NAME: Spooler
0
This tells me that the Print Spooler is Started.

If I do the following to Stop the Print Spooler;

Code:
net stop spooler
and use the function again;

Code:
echo %@isservice[spooler]
it returns;
Code:
1
To get a list of all the functions that are currently running on your XP system, do the following;

Code:
sc query | find /i "SERVICE_NAME:"
On my XP system, this returned;

Code:
SERVICE_NAME: ALG
SERVICE_NAME: Ati HotKey Poller
SERVICE_NAME: AudioSrv
SERVICE_NAME: BITS
SERVICE_NAME: BOINC
SERVICE_NAME: Bonjour Service
SERVICE_NAME: Browser
SERVICE_NAME: CCALib8
SERVICE_NAME: DcomLaunch
SERVICE_NAME: Dhcp
SERVICE_NAME: dmserver
SERVICE_NAME: Eventlog
SERVICE_NAME: EventSystem
SERVICE_NAME: FastUserSwitchingCompatibility
SERVICE_NAME: FPAVServer
SERVICE_NAME: HidServ
SERVICE_NAME: hpqcxs08
SERVICE_NAME: hpqddsvc
SERVICE_NAME: HPSLPSVC
SERVICE_NAME: HTTPFilter
SERVICE_NAME: JavaQuickStarterService
SERVICE_NAME: lanmanserver
SERVICE_NAME: lanmanworkstation
SERVICE_NAME: Netman
SERVICE_NAME: Nla
SERVICE_NAME: PlugPlay
SERVICE_NAME: PolicyAgent
SERVICE_NAME: ProtectedStorage
SERVICE_NAME: RasMan
SERVICE_NAME: RemoteRegistry
SERVICE_NAME: RichVideo
SERVICE_NAME: RpcSs
SERVICE_NAME: SamSs
SERVICE_NAME: Schedule
SERVICE_NAME: seclogon
SERVICE_NAME: SENS
SERVICE_NAME: SharedAccess
SERVICE_NAME: ShellHWDetection
SERVICE_NAME: spkrmon
SERVICE_NAME: srservice
SERVICE_NAME: SSDPSRV
SERVICE_NAME: stisvc
SERVICE_NAME: TapiSrv
SERVICE_NAME: TermService
SERVICE_NAME: Themes
SERVICE_NAME: TrkWks
SERVICE_NAME: W32Time
SERVICE_NAME: WebClient
SERVICE_NAME: winmgmt
SERVICE_NAME: wscsvc
SERVICE_NAME: WZCSVC
The @isservice function can use any of these services as a parameter.

This function makes it easy to determine the status of my F-Prot Anti-virus program from a batch file;

Code:
echo %@isservice[fpavserver]
Hope you find the @isservice function useful.

Joe
 

samintz

Scott Mintz
May 20, 2008
1,204
11
Solon, OH, USA
#2
V10 introduced the SERVICES command and the @SERVICE function.

Display, stop, or start system services.

SERVICES [/P /R /S]
/P(ause) /S(top)
R(un)

@SERVICE[service,info] : Returns information about the specified service.

service - the service name to query
info - the information you want

1 The type of service. This will return one or more of the following
values:
1 Device driver
2 File system driver
16 The service runs in its own process
32 The service shares a process with other services
256 The service can interact with the desktop

2 The current state of the service. This will return one of the following
values:
1 The service is not running
2 The service is starting
3 The service is stopping
4 The service is running
5 The service continue is pending
6 The service pause is pending
7 The service is paused

3 Returns the check-point value the service increments to report its
progress during a lengthy start, stop, pause, or continue operation. This
value will be 0 if there is no pending operation.

4 The control codes the service accepts and processes in its handler
function. This will return a combination of the following values (you can
check the return value with the @EVAL OR test):
1 The service can be stopped
2 The service can be paused and continued
4 The service is notified when system shutdown occurs
8 The service can reread its startup parameters without being
stopped and restarted
16 The service is a network component that can accept changes in
its binding without being stopped and restarted
32 The service is notified when the computer's hardware profile
has changed
64 The service is notified when the computer's power status has
changed
128 The service is notified when the computer's session status has
changed
256 The service can perform pre-shutdown tasks

5 Returns the estimated time required for a pending start, stop, pause, or
continue operation (in milliseconds).

-Scott

Joe Caverly <> wrote on 09/04/2009 08:37:29
AM:


> This is a follow-up to the ?Windows XP Services? thread in the ?T&T
> ? Scripting? section of the forums.
>
> Here is another method to determine if a service is Started or Stopped.
>
> In this example, I have created a new function as follows;
>
>
> Code:
> ---------
> isservice=`%@exec[sc query | find /i "SERVICE_NAME: %1"]`
> ---------
> To see if the Print Spooler is active, I do the following;
>
>
> Code:
> ---------
> echo %@isservice[spooler]
> ---------
> which returns;
>
>
> Code:
> ---------
> SERVICE_NAME: Spooler
> 0
> ---------
> This tells me that the Print Spooler is Started.
>
> If I do the following to Stop the Print Spooler;
>
>
> Code:
> ---------
> net stop spooler
> ---------
> and use the function again;
>
>
> Code:
> ---------
> echo %@isservice[spooler]
> ---------
> it returns;
>
> Code:
> ---------
> 1
> ---------
> To get a list of all the functions that are currently running on
> your XP system, do the following;
>
>
> Code:
> ---------
> sc query | find /i "SERVICE_NAME:"
> ---------
> On my XP system, this returned;
>
>
> Code:
> ---------
> SERVICE_NAME: ALG
> SERVICE_NAME: Ati HotKey Poller
> SERVICE_NAME: AudioSrv
> SERVICE_NAME: BITS
> SERVICE_NAME: BOINC
> SERVICE_NAME: Bonjour Service
> SERVICE_NAME: Browser
> SERVICE_NAME: CCALib8
> SERVICE_NAME: DcomLaunch
> SERVICE_NAME: Dhcp
> SERVICE_NAME: dmserver
> SERVICE_NAME: Eventlog
> SERVICE_NAME: EventSystem
> SERVICE_NAME: FastUserSwitchingCompatibility
> SERVICE_NAME: FPAVServer
> SERVICE_NAME: HidServ
> SERVICE_NAME: hpqcxs08
> SERVICE_NAME: hpqddsvc
> SERVICE_NAME: HPSLPSVC
> SERVICE_NAME: HTTPFilter
> SERVICE_NAME: JavaQuickStarterService
> SERVICE_NAME: lanmanserver
> SERVICE_NAME: lanmanworkstation
> SERVICE_NAME: Netman
> SERVICE_NAME: Nla
> SERVICE_NAME: PlugPlay
> SERVICE_NAME: PolicyAgent
> SERVICE_NAME: ProtectedStorage
> SERVICE_NAME: RasMan
> SERVICE_NAME: RemoteRegistry
> SERVICE_NAME: RichVideo
> SERVICE_NAME: RpcSs
> SERVICE_NAME: SamSs
> SERVICE_NAME: Schedule
> SERVICE_NAME: seclogon
> SERVICE_NAME: SENS
> SERVICE_NAME: SharedAccess
> SERVICE_NAME: ShellHWDetection
> SERVICE_NAME: spkrmon
> SERVICE_NAME: srservice
> SERVICE_NAME: SSDPSRV
> SERVICE_NAME: stisvc
> SERVICE_NAME: TapiSrv
> SERVICE_NAME: TermService
> SERVICE_NAME: Themes
> SERVICE_NAME: TrkWks
> SERVICE_NAME: W32Time
> SERVICE_NAME: WebClient
> SERVICE_NAME: winmgmt
> SERVICE_NAME: wscsvc
> SERVICE_NAME: WZCSVC
> ---------
> The @isservice function can use any of these services as a parameter.
>
> This function makes it easy to determine the status of my F-Prot
> Anti-virus program from a batch file;
>
>
> Code:
> ---------
> echo %@isservice[fpavserver]
> ---------
> Hope you find the @isservice function useful.
>
> Joe
>
>
>
>
 
#3
Hi,
Thanks, but I'm still using 4NT8.

Joe

V10 introduced the SERVICES command and the @SERVICE function.

Display, stop, or start system services.

SERVICES [/P /R /S]
/P(ause) /S(top)
R(un)

@SERVICE[service,info] : Returns information about the specified service.

service - the service name to query
info - the information you want

1 The type of service. This will return one or more of the following
values:
1 Device driver
2 File system driver
16 The service runs in its own process
32 The service shares a process with other services
256 The service can interact with the desktop

2 The current state of the service. This will return one of the following
values:
1 The service is not running
2 The service is starting
3 The service is stopping
4 The service is running
5 The service continue is pending
6 The service pause is pending
7 The service is paused

3 Returns the check-point value the service increments to report its
progress during a lengthy start, stop, pause, or continue operation. This
value will be 0 if there is no pending operation.

4 The control codes the service accepts and processes in its handler
function. This will return a combination of the following values (you can
check the return value with the @EVAL OR test):
1 The service can be stopped
2 The service can be paused and continued
4 The service is notified when system shutdown occurs
8 The service can reread its startup parameters without being
stopped and restarted
16 The service is a network component that can accept changes in
its binding without being stopped and restarted
32 The service is notified when the computer's hardware profile
has changed
64 The service is notified when the computer's power status has
changed
128 The service is notified when the computer's session status has
changed
256 The service can perform pre-shutdown tasks

5 Returns the estimated time required for a pending start, stop, pause, or
continue operation (in milliseconds).

-Scott

Joe Caverly <> wrote on 09/04/2009 08:37:29
AM:
 

gwgaston

Senior IT Security Consultant
May 28, 2008
40
1
SC
#4
Before plugins (and v10 as already mentioned) I had similar functions. Here are 2 old UDFs you might find useful (second one for remote systems) to see if a service is running:

isSVCRunning=`%@if["A%@execstr[sc query %1 | ffind /f /k /m /t": 4 RUNNING"]" NEQ "A",Yes,No]`

isRMTSVCRunning=`%@if["A%@execstr[sc \\%1 query %2 | ffind /f /k /m /t": 4 RUNNING"]" NEQ "A",Yes,No]`
 
#5
Joe Caverly wrote:
| Hi,
| Thanks, but I'm still using 4NT8.

You can use the _services variable, the @services function, or the SERVICES
command in Federico Romano's FEDUTILS plugin. Works well in 4nt8.
--
HTH, Steve
 

gwgaston

Senior IT Security Consultant
May 28, 2008
40
1
SC
#6
You can use the _services variable, the @services function, or the SERVICES
command in Federico Romano's FEDUTILS plugin. Works well in 4nt8.
--
HTH, Steve
I like Federico's plugin... but I had issues with his @services (and I'm sure I brought them up a few years back), so I rolled my own plugin for this.

Trying to recall what those issues where. Here is one.... Anything that came after the call was lost. As in:

c:\utils>echos.Before,& echos.%@service[tcpip,query], & echo.After
Before,Running

Notice how the comma nor the next echo were shown.