Can anyone tell me -- addons that are services -- how u did

Discuss & post Update Pack addons here.
Post Reply
MrWoo
Posts: 39
Joined: Mon Aug 07, 2006 12:59 pm

Can anyone tell me -- addons that are services -- how u did

Post by MrWoo » Tue Sep 26, 2006 1:44 pm

I am digesting inf file structure. One directive allows you to install a service. Things such as firewalls and AV apps usually have a service running, and a filter driver, presumably to act as the layer of protection.

Anyway, in patched 2k/xp, the key HKLM,"CCS"\Enum\Root contains "LegacyDrivers", or non-pnp drivers. Which is what a lot of filter drivers are, nonpnp. This key, which is a virtual hive, is forbidden by default for any writing except by the system. Meaning you have to manually change the permissions. Not a great idea anyway if you are forgetful.

So, the directive for adding a service allows an addreg section associated with that service to the write to the key HKR,, which I am asuming is writing to the relative root, or the real hive. Usually these types of apps require a reboot, I believe so that the HKLM\"CCS" is rebuilt.

I notice that some of the addon packs here have entries in the services and enum\root keys. Namely CpuZ and Unlocker. Yet the INF files for those do not have directives for services. They do not even have registry entry values for HKLM\"CCS"\Services.

Cany anyone explain how they are being installed as services, and the driver being registered correctly, without the needed info in the INF?

Is this because they are in the setup of the OS itself? I could find not reference to why some would be services, some nothing more than a shortcut or context menu item.

Any clarification appreciated.

MrWoo

MrWoo
Posts: 39
Joined: Mon Aug 07, 2006 12:59 pm

Post by MrWoo » Tue Sep 26, 2006 6:02 pm

If you have an application, such as an AntiVirus program, and you wish to install from setup, you can write an INF that copies files, registers needed dll's and writes registry values. And of course shortcuts etc.

One problem I have been running into is when an app such as this uses a service to start up, it uses (I think) what is called a filter driver. These kind of drivers are attached to what is called a legacy device. The service is entered in HKLM,SYSTEM\CurrentControlSet\Services\ name of service

These services entries start up a driver. However, if you catch your install with a program such as InstallRite, you will note that there are new registry values in HKLM\SYSTEM\CurrentControlSet\Enum\Root\ device name.

This key is a virtual key, being made everytime you boot your computer. Also you will note CurrentControlSet001 and 002. These values from either CCS001 or CCS002 are built into the CCS when you boot up. CCS001 and CCS002 rotate boot order so that you have a "Last known good configuration" if you botch your registry.

Anyway, nothing is allowed to access CCS. Not drivers, applcation, not even administrator accounts. The only way to manipulate it (and by this, I mean merging a reg file,etc) is to set the key permissions using Regedit.

This left me with not knowing how to finalize the install of a service/driver.

I finally achieved this by using the [DefaultIntall.Services] section, something like this:

Code: Select all

[DefaultInstall.ntx86.Services]
AddService = AVdriver,,AVdrv.svc
AddService = AVupdater,,AVup.svc

[AVdrv.svc]
DisplayName = Anti_Virii
Description = The great AV app
ServiceType = 0x00000002
StartType =  0x0
ErrorControl = 0x1
ServiceBinary = %12%\AntiVirii.SYS
AddReg = AVdrv.reg

[AVdrv.reg]
HKR,,"Group",0,"Filter"

[AVup.svc]
DisplayName = Anti_Virri Updater
Description = Service for updating virus defs
ServiceType = 0x00000010
StartType = 0x2
ErrorControl = 0x1
ServiceBinary = %16422%\AV\Updater\upd.exe
AddReg = AVup.reg

[AVup.reg]
HKR,,"ObjectName",0,"LocalSystem"
This is pretty neat. Once you declare you are using a [DefaultInstall.Services] section, you give the AddService directive to use, one entry here for each directive you need. Then in the directive, you give the display name that will show in the registry, along with 4 mandatory values, ServiceType,StartType,ErrorControl and ServiceBinary. The online DDK will show you what the rest mean. Then you can use an AddReg directive and easily use the HKR key to add extra keyname/values to the service registry entry.

Note that the HKR only put's values in the services key it is attached to.

The OS will tell you to reboot. When you do, the system handles the insertion of the correct device values into the HKLM\SYSTEM\CCS\Enum keys, and you now have installed a service/driver from cd.

This still leaves my original question though. How exactly are the addon packs I have used from this website install the services and drivers without this kind of data in the INF file?

Moreso, will using this .Services directive muck up what the setup routine is doing?

Any takers?

MrWoo

Post Reply