{"id":20834520,"url":"https://github.com/apriorit/svchostdemo","last_synced_at":"2025-10-29T06:49:09.643Z","repository":{"id":145107462,"uuid":"116027324","full_name":"apriorit/SvcHostDemo","owner":"apriorit","description":"Demo service that runs in svchost.exe","archived":false,"fork":false,"pushed_at":"2018-01-03T10:37:39.000Z","size":5,"stargazers_count":78,"open_issues_count":1,"forks_count":37,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-10-29T06:49:08.459Z","etag":null,"topics":["demo","svchost","undocumented","winapi","windows-service"],"latest_commit_sha":null,"homepage":null,"language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/apriorit.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2018-01-02T15:07:47.000Z","updated_at":"2025-10-04T15:56:51.000Z","dependencies_parsed_at":"2024-01-07T18:57:13.008Z","dependency_job_id":null,"html_url":"https://github.com/apriorit/SvcHostDemo","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/apriorit/SvcHostDemo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apriorit%2FSvcHostDemo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apriorit%2FSvcHostDemo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apriorit%2FSvcHostDemo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apriorit%2FSvcHostDemo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/apriorit","download_url":"https://codeload.github.com/apriorit/SvcHostDemo/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apriorit%2FSvcHostDemo/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":281577705,"owners_count":26524886,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-29T02:00:06.901Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["demo","svchost","undocumented","winapi","windows-service"],"created_at":"2024-11-18T00:19:33.035Z","updated_at":"2025-10-29T06:49:09.606Z","avatar_url":"https://github.com/apriorit.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SvcHostDemo\nDemo service that runs in svchost.exe\n\n# Introduction\n`svchost.exe` is designed to save system resources by combining several services into one process. So a service is written as a `dll` and not as an `exe` file. Note that Microsoft do not recommend to host 3rd-party services into `svchost.exe` and its interface is undocumented (thus it may be changed in future). This project is just a demo for academic and research purpose.\n\n# Registration info\n## Group registration\nServices are combined into groups. Each group has one instance of `svchost.exe` process. Groups are registered in the registry:\n```\n[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SvcHost]\n```\n|Name|Type|Description|\n|--|--|--|\n| `\u003cgroup\u003e` | REG_MULTI_SZ | List of services |\n\nGroup name is passed as a command-line parameter:\n```\n%SystemRoot%\\System32\\svchost.exe -k \u003cgroup\u003e\n```\n\n## Service registration\nA service has to be registered with the following type and image:\n```\n[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\\u003cservice\u003e]\n```\n|Name|Type|Value|\n|--|--|--|\n| ImagePath | REG_EXPAND_SZ | `%SystemRoot%\\System32\\svchost.exe -k \u003cgroup\u003e` |\n| Type | REG_DWORD | 0x20 (shared) |\n\nand specify its dll in the parameters key:\n```\n[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\\u003cservice\u003e\\Parameters]\n```\n|Name|Type|Value|\n|--|--|--|\n| ServiceDll | REG_EXPAND_SZ | `\u003cpath to dll\u003e` |\n\n## Dll entry point\nA dll has to export the following function:\n```cpp\nVOID WINAPI ServiceMain(DWORD dwArgc, LPCWSTR* lpszArgv)\n```\nThis function is very similar to the `ServiceMain` in a standard service.\n\n# How to run the sample\n- build with cmake\n```\ncmake -Hsrc -Bbuild64 -G\"Visual Studio 14 2015 Win64\"\ncmake --build build64 --config RelWithDebInfo -- /m /v:m\n```\n- copy `SvcHostDemo.dll` to `system32`\n- run `install` from `src/Scripts`\n- run `start` from `src/Scripts`\n- run `stop` from `src/Scripts`\n- run `uninstall` from `src/Scripts`\n- delete `SvcHostDemo.dll` from `system32`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapriorit%2Fsvchostdemo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fapriorit%2Fsvchostdemo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapriorit%2Fsvchostdemo/lists"}