次の方法で共有

2.2.53 SERVICE_TRIGGER

  • [アーティクル]

The SERVICE_TRIGGER <26> structure contains information about one trigger of a service.

 typedef struct _SERVICE_TRIGGER {
   DWORD dwTriggerType;
   DWORD dwAction;
   GUID* pTriggerSubtype;
   [range(0, 64)] DWORD cDataItems;
   [size_is(cDataItems)] PSERVICE_TRIGGER_SPECIFIC_DATA_ITEM pDataItems;
 } SERVICE_TRIGGER,
  *PSERVICE_TRIGGER;

dwTriggerType: The type of trigger. This MUST be one of the following values.

Value

Meaning

0x00000001

SERVICE_TRIGGER_TYPE_DEVICE_INTERFACE_ARRIVAL

The event is triggered when a device of the specified device interface class arrives or is present when the system starts. This trigger event is commonly used to start a service.

Interface arrival occurs when a device belonging to a device interface class has been inserted.

The pTriggerSubtype member specifies the device interface class GUID, as defined in [MS-DTYP] section 2.3.4. These GUIDs are defined in device-specific header files provided with the Windows Driver Kit (WDK) [MSDN-WinDriverKit].

The pDataItems member specifies one or more hardware ID and compatible ID strings for the device interface class. Strings MUST be Unicode. If more than one string is specified, the event is triggered if any one of the strings matches. For example, the Wpdbusenum service is started when a device of device interface class GUID_DEVINTERFACE_DISK {53f56307-b6bf-11d0-94f2-00a0c91efb8b} and a hardware ID string of "USBSTOR\GenDisk" arrives.

0x00000002

SERVICE_TRIGGER_TYPE_IP_ADDRESS_AVAILABILITY

The event is triggered when the first IP address on the TCP/IP networking stack becomes available or the last IP address on the stack becomes unavailable. This trigger event can be used to start or stop a service.

The pTriggerSubtype member specifies NETWORK_MANAGER_FIRST_IP_ADDRESS_ARRIVAL_GUID or NETWORK_MANAGER_LAST_IP_ADDRESS_REMOVAL_GUID.

The pDataItems member is not used.

0x00000003

SERVICE_TRIGGER_TYPE_DOMAIN_JOIN

The event is triggered when the computer joins or leaves a domain. This trigger event can be used to start or stop a service.

The pTriggerSubtype member specifies DOMAIN_JOIN_GUID or DOMAIN_LEAVE_GUID.

The pDataItems member is not used.

0x00000004

SERVICE_TRIGGER_TYPE_FIREWALL_PORT_EVENT

The event is triggered when a firewall port is opened or approximately 60 seconds after the firewall port is closed. This trigger event can be used to start or stop a service.

The pTriggerSubtype member specifies FIREWALL_PORT_OPEN_GUID or FIREWALL_PORT_CLOSE_GUID.

The pDataItems member specifies the port, the protocol, and optionally the executable path and user information (SID string or name) of the service listening on the event. The "RPC" token can be used in place of the port to specify any listening socket used by RPC. The "system" token can be used in place of the executable path to specify ports created by and listened on by the Windows kernel.

The event is triggered only if all strings match. For example, if MyService hosted inside Svchost.exe is to be trigger-started when port UDP 5001 opens, the trigger-specific data would be the Unicode representation of "5001\0UDP\0%systemroot%\system32\svchost.exe\0MyService\0\0".

0x00000005

SERVICE_TRIGGER_TYPE_GROUP_POLICY

The event is triggered when a machine policy or user policy change occurs. This trigger event is commonly used to start a service.

The pTriggerSubtype member specifies MACHINE_POLICY_PRESENT_GUID or USER_POLICY_PRESENT_GUID.

The pDataItems member is not used.

0x00000020

SERVICE_TRIGGER_TYPE_CUSTOM

The event is a custom event generated by an Event Tracing for Windows (ETW) provider. This trigger event can be used to start or stop a service.

The pTriggerSubtype member specifies the event provider's GUID.

The pDataItems member specifies trigger-specific data defined by the provider.

dwAction: The type of action to be taken on the trigger arrival. This MUST be one of the following values.

Value

Meaning

0x00000001

SERVICE_TRIGGER_ACTION_SERVICE_START

0x00000002

SERVICE_TRIGGER_ACTION_SERVICE_STOP

pTriggerSubtype: Points to a GUID that identifies the trigger event subtype. The value of this member depends on the value of the dwTriggerType member.

If dwTriggerType is SERVICE_TRIGGER_TYPE_CUSTOM, pTriggerSubtype is the GUID that identifies the custom event provider.

If dwTriggerType is SERVICE_TRIGGER_TYPE_DEVICE_INTERFACE_ARRIVAL, pTriggerSubtype is the GUID that identifies the device interface class.

For other trigger event types, pTriggerSubtype can be one of the following values.

Value

Meaning

DOMAIN_JOIN_GUID

1ce20aba-9851-4421-9430-1ddeb766e809

The event is triggered when the computer joins a domain. The dwTriggerType member MUST be SERVICE_TRIGGER_TYPE_DOMAIN_JOIN.

DOMAIN_LEAVE_GUID

ddaf516e-58c2-4866-9574-c3b615d42ea1

The event is triggered when the computer leaves a domain. The dwTriggerType member MUST be SERVICE_TRIGGER_TYPE_DOMAIN_JOIN.

FIREWALL_PORT_OPEN_GUID

b7569e07-8421-4ee0-ad10-86915afdad09

The event is triggered when the specified firewall port is opened. The dwTriggerType member MUST be SERVICE_TRIGGER_TYPE_FIREWALL_PORT_EVENT.

FIREWALL_PORT_CLOSE_GUID

a144ed38-8e12-4de4-9d96-e64740b1a524

The event is triggered approximately 60 seconds after the specified firewall port is closed. The dwTriggerType member MUST be SERVICE_TRIGGER_TYPE_FIREWALL_PORT_EVENT.

MACHINE_POLICY_PRESENT_GUID

659FCAE6-5BDB-4DA9-B1FF-CA2A178D46E0

The event is triggered when the machine policy has changed. The dwTriggerType member MUST be SERVICE_TRIGGER_TYPE_GROUP_POLICY.

NETWORK_MANAGER_FIRST_IP_ADDRESS_ARRIVAL_GUID

4f27f2de-14e2-430b-a549-7cd48cbc8245

The event is triggered when the first IP address on the TCP/IP networking stack becomes available. The dwTriggerType member MUST be SERVICE_TRIGGER_TYPE_IP_ADDRESS_AVAILABILITY.

NETWORK_MANAGER_LAST_IP_ADDRESS_REMOVAL_GUID

cc4ba62a-162e-4648-847a-b6bdf993e335

The event is triggered when the last IP address on the TCP/IP networking stack becomes unavailable. The dwTriggerType member MUST be SERVICE_TRIGGER_TYPE_IP_ADDRESS_AVAILABILITY.

USER_POLICY_PRESENT_GUID

54FB46C8-F089-464C-B1FD-59D1B62C3B50

The event is triggered when the user policy has changed. The dwTriggerType member MUST be SERVICE_TRIGGER_TYPE_GROUP_POLICY.

cDataItems: Number of data items in the pDataItems array.

pDataItems: Array of SERVICE_TRIGGER_SPECIFIC_DATA_ITEM structures.