svchost from A to Zinc part3
 Walied (waleedassar) <waliedassar gmail com> |
Saturday, September 4 2010 16:59.46 CDT |
In the beginning of this post, i want to remind you with the difference between 2 variables that you should be aware of.
1)ServiceNames is a global variable that points at the REG_MULTI_SZ extracted from the registry representing the names of the services under the current category.
2)ServiceArray which is an array to elements each of type _SERVICE_ARRAY_ELEMNT
struct _SERVICE_ARRAY_ELEMENT
{
wchar_t* srv_name;
_SRV_DLL_INFO* srv_dll_info;
char* SvcMainName;
unsigned long Count;
FUNCPTR d;
};
None of _SERVICE_ARRAY_ELEMENT members except srv_name is filled till now.
As you can see in the figure above,each _SERVICE_ARRAY_ELEMENT::srv_name points at a string in ServiceNames.
original post herehttp://waleedassar.blogspot.com/2010/09/svchost-from-to-zinc-part3.html
Comments
| Posted: Wednesday, December 31 1969 18:00.00 CST | |