The sc command helps us to retrieves and sets control information about services.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 | sc DESCRIPTION: SC is a command line program used for communicating with the Service Control Manager and services. USAGE: sc <server> [command] [service name] <option1> <option2>... The option <server> has the form "\\ServerName" Further help on commands can be obtained by typing: "sc [command]" Commands: query-----------Queries the status for a service, or enumerates the status for types of services. queryex---------Queries the extended status for a service, or enumerates the status for types of services. start-----------Starts a service. pause-----------Sends a PAUSE control request to a service. interrogate-----Sends an INTERROGATE control request to a service. continue--------Sends a CONTINUE control request to a service. stop------------Sends a STOP request to a service. config----------Changes the configuration of a service (persistent). description-----Changes the description of a service. failure---------Changes the actions taken by a service upon failure. failureflag-----Changes the failure actions flag of a service. sidtype---------Changes the service SID type of a service. privs-----------Changes the required privileges of a service. managedaccount--Changes the service to mark the service account password as managed by LSA. qc--------------Queries the configuration information for a service. qdescription----Queries the description for a service. qfailure--------Queries the actions taken by a service upon failure. qfailureflag----Queries the failure actions flag of a service. qsidtype--------Queries the service SID type of a service. qprivs----------Queries the required privileges of a service. qtriggerinfo----Queries the trigger parameters of a service. qpreferrednode--Queries the preferred NUMA node of a service. qmanagedaccount-Queries whether a services uses an account with a password managed by LSA. qprotection-----Queries the process protection level of a service. quserservice----Queries for a local instance of a user service template. delete----------Deletes a service (from the registry). create----------Creates a service. (adds it to the registry). control---------Sends a control to a service. sdshow----------Displays a service's security descriptor. sdset-----------Sets a service's security descriptor. showsid---------Displays the service SID string corresponding to an arbitrary name. triggerinfo-----Configures the trigger parameters of a service. preferrednode---Sets the preferred NUMA node of a service. GetDisplayName--Gets the DisplayName for a service. GetKeyName------Gets the ServiceKeyName for a service. EnumDepend------Enumerates Service Dependencies. The following commands don't require a service name: sc <server> <command> <option> boot------------(ok | bad) Indicates whether the last boot should be saved as the last-known-good boot configuration Lock------------Locks the Service Database QueryLock-------Queries the LockStatus for the SCManager Database EXAMPLE: sc start MyService QUERY and QUERYEX OPTIONS: If the query command is followed by a service name, the status for that service is returned. Further options do not apply in this case. If the query command is followed by nothing or one of the options listed below, the services are enumerated. type= Type of services to enumerate (driver, service, userservice, all) (default = service) state= State of services to enumerate (inactive, all) (default = active) bufsize= The size (in bytes) of the enumeration buffer (default = 4096) ri= The resume index number at which to begin the enumeration (default = 0) group= Service group to enumerate (default = all groups) SYNTAX EXAMPLES sc query - Enumerates status for active services & drivers sc query eventlog - Displays status for the eventlog service sc queryex eventlog - Displays extended status for the eventlog service sc query type= driver - Enumerates only active drivers sc query type= service - Enumerates only Win32 services sc query state= all - Enumerates all services & drivers sc query bufsize= 50 - Enumerates with a 50 byte buffer sc query ri= 14 - Enumerates with resume index = 14 sc queryex group= "" - Enumerates active services not in a group sc query type= interact - Enumerates all interactive services sc query type= driver group= NDIS - Enumerates all NDIS drivers |
Some options of this command:
1 2 3 4 5 6 7 8 9 10 11 | sc config Configures service startup and login accounts sc continue Resumes a paused service sc enumdepend Lists the services that cannot run unless the specified service is running sc failure Specifies what action to take upon failure of the service sc pause Pauses a service sc qc Displays the configuration of a particular service sc query Displays information about the specified service, driver, type of service, or type of driver sc start Starts a service running sc stop Sends a STOP request to a service (not all will respond) |
Let’s test query with intelhaxm:
1 2 3 4 5 6 7 8 9 10 | sc query intelhaxm SERVICE_NAME: intelhaxm TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 |
To create a list of all services used:
1 | sc query type= service state= all > allservices.txt |
You can use: start and stop to start and stop services.
The start option comes with has one of the values auto, demand. or disabled.
Using administrator command shell you can see the RPC Services:
1 | sc enumdepend rpcss |