Windows Service Finder (Binary executable x Prompt di Ms-Dos / Windows console)
--------------------------------------------------------------------------------

Windows Service Finder is an handy tool for system administrators and hackers.
It shows the complete list of installed services on operating system, both
device drivers (kernel) and Win32 EXE, and for each service it reports detailed
informations about: name, description, actual status, execution start mode, name
and dimension of the associated executable file.
Windows Service Finder allows you to terminate a service and to delete from disk
the associated executable file using the "/ks" option (it means "Kill service"). 
This functionality is very useful especially to delete device drivers services
(kernel), that default service manager of Windows doesn't allow you.
Beyond services, Windows Services Finder work with boot registry keys too, those
registry values that contains EXE file name automatically launched at system 
startup (used by some virus).
Boot registry keys and associated EXE file can be both deleted, using the "/kr"
option (it means "Kill registry").
In order to complete all these "kill" operations you must login to system with 
the administrator rights!
You can show details about a single service passing to wsf.exe the name of the
service as a parameter (es> wsf.exe "Dhcp" [PRESS ENTER]).


Here is program output with '/?' parameter activated:
--------------------------------------------------------------------------------
Windows Services Finder:

wsf.exe [OPTIONS] [Single ID or Service name to show]


[OPTIONS]

  /a       = Shows active services only. (RUNNING)
  /i       = Shows inactive services only. (NOT RUNNING)
  /sd      = Shows device driver services ONLY.
  /ad      = Shows device driver services TOO.
  /nosrv   = Don't show services data.
  /noreg   = Don't show registry configuration data.

  /ks="nn" = Where "nn" is the name of the service.
             (MUST BE ENCLOSED BETWEEN " " !!!).
             Delete the service and its associated file.
             (if the service is running, it will be stopped)

  /kr="nn" = Where "nn" is the name of the registry key.
             (MUST BE ENCLOSED BETWEEN " " !!!).
             Delete the boot registry key and its associated file.
             (if the exe is running, IT WON'T BE STOPPED)

--------------------------------------------------------------------------------

Enfis The Paladin @ 2005   http://www.enfis.it/