What the SERVICE_INIT_STOPPED flag really means

On Windows CE services.exe, there is a Context registry key associated with each service in the HKLM\Services\<ServiceName>\Context.  This is just a simple DWORD with bit flags. 

One flag is named SERVICE_INIT_STOPPED (0x1).  You would think reasonably that this means somehow the service needs to be a stopped state at initialization time.  In reality, this flag should be named SERVICE_INIT_SUPERSERVICE_MODE.  This is totally my fault for misnaming it and I apologize to the people I'm sure that it's confused.

Suppose you want to have your service so that it's loaded at boot-time but not in a started mode automatically?  Do NOT use SERVICE_INIT_STOPPED.  When services.exe sees this flag, it treats it as if it were SERVICE_INIT_SUPERSERVICE_MODE.  Services.exe will first query your service to make sure it can support running as a super-service by sending it the IOCTL_SERVICE_REGISTER_SOCKADDR.  If your service can't handle this and returns FALSE (which most non-superservices will), services.exe will immediately unload your service.

So you want your service to be stopped to begin with?  Then you need to use another mechanism that is specific to your service to determine whether or not you're stopped or not at init time.  A common construct in services that I've written use is the "IsEnabled" registry DWORD in their registry settings (e.g. HKLM\COMM\HTTPD\IsEnabled).  My service reads that during its xxx_Init() to determine if it should actively service anything, but xxx_Init() returns TRUE no matter what so that I stay loaded but in a non-running state.

Remember, services.exe doesn't care at all what your current service state is.  It just loads and unloads your services and acts as a pipe between your service and apps.  It passes you in IOCTLs like IOCTL_SERVICE_START and IOCTL_SERVICE_STOP, but your service ultimately determines what it does with these.

[Author: John Spaith]