What Is the Life of an NT Service Like

The SCM handles creates a unique logon session for the service (including a window station, a desktop, and an access token)
- Window Station: A window station is a secure object that contains a clipboard, a set of global atoms and a group of desktop objects. The interactive window station assigned to the logon session of the interactive user also contains the keyboard, mouse, and display device. The interactive window station is visible to the user and can receive input from the user. All other window stations are noninteractive, which means that they cannot be made visible to the user, and cannot receive user input.
- Desktop: A desktop is a secure object contained within a window station. A desktop has a logical display surface and contains windows, menus, and hooks. A window station can have multiple desktops. Only the desktops of the interactive window station can be visible and receive user input. On the interactive window station, only one desktop at a time is active. This active desktop, also known as the input desktop, is the one that is currently visible to the user and that receives user input.
- Access token: A group of security attributes permanently attached to a process when a user logs on to the operating system. An access token contains privileges and security identifiers for a user, global group, or local group. The privileges regulate the use of some system services and the security identifiers regulate access to objects that are protected by access-control lists (ACLs).
main() or WinMain() starts the service control dispatcher
- Passes a SERVICE_TABLE_ENTRY structure (name of service and pointer to the ServiceMain() function) to the SCM.
- As a result of this, a service is always AT LEAST 2 threads.
Service control dispatcher does two things
1. Creates a thread and calls ServiceMain()
2. Sends messages to message handler (after ServiceMain() registers it)
ServiceMain() gets called by the SCM
1. Registers the control handler
2. Sends starting status to the SCM
3. Digests any parameters that got passed by the controller
4. Initializes resources, gets ready to go
5. Tells the SCM that it is running
6. Does whatever work it's supposed to do
7. Waits for a stop signal from the control handler
8. Cleans up resources and terminates
The handler function handles messages from the SCM
- Service creator decides how to handle events (especially pause/continue)
- Not all services accept all events
  - EventLog and RPC don't pause or stop
  - Spooler doesn't pause
- Handler can accept and process custom messages

Back to the main Services T3 Page
Back (Why Are There No Services Under Win95/98?)	Next (Security and NT Services)

This page is maintained by Peyton Engel.
Last modified 24 May 1999