SVCS_GLOBAL_DATA

This structure is available to service DLLs that use SERVICES as a host process. It is instantiated in SERVICES.EXE and is passed to service DLLs when SERVICES calls their ServiceEntry function.

Definition 

typedef struct _SVCS_GLOBAL_DATA {
    PSID NullSid;                               // S-1-0-0
    PSID WorldSid;                              // S-1-1-0
    PSID LocalSid;                              // S-1-2-0
    PSID NetworkSid;                            // S-1-5-2
    PSID LocalSystemSid;                        // S-1-5-18
    #if _WIN32_WINNT >= _WIN32_WINNT_WINXP
    PSID LocalServiceSid;                       // S-1-5-19
    PSID NetworkServiceSid;                     // S-1-5-20
    #endif
    PSID BuiltinDomainSid;                      // S-1-5-32
    PSID AuthenticatedUserSid;                  // S-1-5-11
    PSID AliasAdminsSid;                        // S-1-5-32-544
    PSID AliasUsersSid;                         // S-1-5-32-545
    PSID AliasGuestsSid;                        // S-1-5-32-546
    PSID AliasPowerUsersSid;                    // S-1-5-32-547
    PSID AliasAccountOpsSid;                    // S-1-5-32-548
    PSID AliasSystemOpsSid;                     // S-1-5-32-549
    PSID AliasPrintOpsSid;                      // S-1-5-32-550
    PSID AliasBackupOpsSid;                     // S-1-5-32-551
    LPSTART_RPC_SERVER StartRpcServer;
    LPSTOP_RPC_SERVER StopRpcServer;
    #if _WIN32_WINNT <= _WIN32_WINNT_WIN2K
    LPNET_BIOS_OPEN NetBiosOpen;
    LPNET_BIOS_CLOSE NetBiosClose;
    LPNET_BIOS_RESET NetBiosReset;
    #endif
    LPCWSTR Group;                               // L"ntsvcs"
    #if _WIN32_WINNT >= _WIN32_WINNT_WIN2K
    BOOL IsSetupInProgress;
    #else
    LPADD_WORK_ITEM AddWorkItem;
    LPREMOVE_WORK_ITEM RemoveWorkItem;
    #endif
} SVCS_GLOBAL_DATA;

Though the name SVCS_GLOBAL_DATA is known from Microsoft’s published symbol files, all other names are inventions, including the following type definitions for function pointers: 

typedef long (WINAPI *LPSTART_RPC_SERVER) (RPC_WSTR, RPC_IF_HANDLE);
typedef long (WINAPI *LPSTOP_RPC_SERVER) (RPC_IF_HANDLE);
typedef VOID (WINAPI *LPNET_BIOS_OPEN) (VOID);
typedef VOID (WINAPI *LPNET_BIOS_CLOSE) (VOID);
typedef DWORD (WINAPI *LPNET_BIOS_RESET (DWORD);
typedef PVOID (WINAPI *LPADD_WORK_ITEM) (HANDLE, LPWORK_ITEM_CALLBACK, PVOID, DWORD, DWORD, PVOID);
typedef BOOL (WINAPI *LPREMOVE_WORK_ITEM (PVOID);

in which 

typedef VOID (WINAPI *LPWORK_ITEM_CALLBACK) (PVOID, DWORD);

Members

Many of the members, from the start of the structure, are addresses of well-known SIDs. Though preparing these things is straightforward, it is a chore which is much better done once, i.e., by SERVICES, for use by all. Note that SIDs for the LOCAL SERVICE and NETWORK SERVICE accounts are provided only in version 5.1 and higher.

Several members are addresses of functions which do things that may be wanted by more than one service DLL and are either convenient to have coded for common use or actually do need to be.

Availability

The SVCS_GLOBAL_DATA structure is prepared by SERVICES version 3.51 and higher. It is passed to service DLLs in versions before 6.0, and presumably would be in version 6.0 also: it is still prepared but there are no service DLLs to pass it to.

Use of SERVICES as a host for service DLLs is not a general feature. Names for the services and their corresponding DLLs must be hard-coded in the SERVICES executable. If you like, the feature is technologically internal to Microsoft. Contrast with the generality of running service DLLs in a SVCHOST process, which also is private to Microsoft, but only by being undocumented. This article exists for historical reference.

This page was created on 13th October 2008 and was last modified on 14th November 2008.

Copyright © 2008. Geoff Chappell. All rights reserved. Conditions apply.