World Library  
Flag as Inappropriate
Email this Article

Service Control Manager

Article Id: WHEBN0031100225
Reproduction Date:

Title: Service Control Manager  
Author: World Heritage Encyclopedia
Language: English
Subject: Microsoft Transaction Server, List of Microsoft Windows components, .NET Framework, Operating system service management, Daemon (computing)
Collection: Windows Components, Windows Services
Publisher: World Heritage Encyclopedia

Service Control Manager

Service Control Manager (SCM) is a special system process under the Windows NT family of operating systems, which starts, stops and interacts with Windows service processes.[1] It is located in the %SystemRoot%\System32\services.exe executable. Service processes interact with SCM through a well-defined API, and the same API is used internally by the interactive Windows service management tools such as the MMC snap-in Services.msc and the command-line Service Control utility sc.exe.


  • Implementation 1
    • Delayed auto-start services 1.1
    • Device drivers 1.2
    • Network drive letters 1.3
  • See also 2
  • Notes 3
  • References 4


The SCM executable, Services.exe, runs as a Windows console program, and is launched by the Wininit process early during the system startup.[2] Its main function, SvcCtrlMain(), launches all the services configured for automatic startup. First an internal database of installed services is initialized by reading the following two registry keys:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder\List, containing the names and order of service groups. Each service's registry key contains an optional Group value which governs the order of initialization of a respective service or a device driver, with respect to other service groups.
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services, which contains the actual database of services and device drivers and is read into SCM's internal database.[3] SCM reads every service's Group value as well as load-order dependencies from their DependOnGroup and DependOnService registry keys.[4]

In the next step, SCM's main function SvcCtrlMain() calls the function ScGetBootAndSystemDriverState() function which checks whether the device drivers that should be started during the boot or system startup were successfully loaded, and those that have failed to do so are stored in a list called ScFailedDrivers. Then a named pipe \Pipe\Ntsvcs is created as a remote procedure call interface between the SCM and the SCPs (Service Control Processes) that interact with specific services.

Next, it calls the ScAutoStartServices() function which loops through all the services marked as auto-start, paying attention to the calculated load-order dependencies. In case of a circular dependency an error is noted and the service depending on a service that belongs to a group coming later in the load order is skipped. For delayed auto-start services, grouping has no effect, and those are loaded at a later stage of system startup.[5]

For each service it wants to start, the SCM calls the ScStartService() function which checks the name of the file that runs the service's process, ensuring that the account specified for the service is same as the account that the service process runs in. Every service that does not run in the System account is logged in by calling the LSASS function LogonUserEx(), for which LSASS process looks up "secret" passwords stored in the HKLM\SECURITY\Policy\Secrets\ registry key, which were stored by the SCP using the LsaStorePrivateData() API, when the service was originally configured.[6]

Next, the ScLogonAndStartImage() function is called for every service whose service process has not been already launched. Service processes are created in a suspended state via the CreateProcessAsUser() API. Before the service process' execution is resumed, a named pipe \Pipe\Net\NtControlPipeX (where X is a number incremented for each service iteration) is created which serves as a communication channel between the SCM and the service process. Service process connects to the pipe by calling the StartServiceCtrlDispatcher() function, after which the SCM sends the service a "start" command.[7]

Delayed auto-start services

Delayed auto-start services have been added in Windows Vista, in order to solve the problem of a prolonged system startup, as well as to speed-up the start of critical services that cannot be delayed.[8] Originally the auto-start method of service initialization was designed for essential system services upon which other applications and services depend. The SCM initializes the delayed services only after handling all the non-delayed auto-start services, by invoking the ScInitDelayStart() function. This function queues a delayed (120 seconds by default) work item associated with a corresponding worker thread. Other than being initialized after a delay, there are no other differences between delayed and non-delayed services.

Device drivers

Services whose Type registry value is SERVICE_KERNEL_DRIVER or SERVICE_FILE_SYSTEM_DRIVER are handled specially: these represent device drivers for which ScStartService() calls the ScLoadDeviceDriver() function which loads the appropriate driver (usually a file with an extension .sys) which must be located in the %SystemRoot%\System32\Drivers\ directory. For that purpose, the NtLoadDriver system call is invoked, and the SeLoadDriverPrivilege is added to the SCM's process.

Network drive letters

SCM provides an additional functionality completely unrelated to Windows services: it notifies GUI applications such as the Windows Explorer when a network drive-letter connection has been created or deleted, by broadcasting Windows messages WM_DEVICECHANGE.

See also


  1. ^ Russinovich, Solomon & Ionescu (2009:79)
  2. ^ Russinovich, Solomon & Ionescu (2009:291)
  3. ^ "Database of Installed Services". Microsoft Developer Network. Retrieved 2011-03-06. 
  4. ^ Russinovich, Solomon & Ionescu (2009:292)
  5. ^ Russinovich, Solomon & Ionescu (2009:294)
  6. ^ Russinovich, Solomon & Ionescu (2009:295)
  7. ^ Russinovich, Solomon & Ionescu (2009:296)
  8. ^ Russinovich, Solomon & Ionescu (2009:297)


This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.