WinInetd is a simple Windows service that offers the same (almost the same) functionalities that the Unix daemon inetd offers. The power of the Unix inetd is that it makes very simple for the developer to write network servers, since the server itself will do all its I/O through the standard input/output. This also makes it very easy to write portable network servers due to the complete absence inside the code of the networking code that usually is great part of the server core code. Both inetd and WinInetd are very simple and yet powerful. They read a configuration file that basically maps local TCP/IP ports to executable binary images and they listen on the user configured ports waiting for client connections. Once a connection is received they create the process linked to the connection port and they bind the connection socket to the standard input/output/error of the new process. The configuration file gives also the option to run the new process with the context of a user different from the one the service/daemon is currently running. This helps isolate the new process by giving a way to reduce the new process permissions and hence increase the security of the system. The server, by default,  reads a configuration file named wininetd.conf inside the Windows directory but the command line option --cfgfile can be used to force the default value. The configuration file is very simple and it is composed by multiple lines following this format :


Where PORT is the port number the server has to listen for incoming connections, USER:PASS is the username and password separated by a colon ( : ) character and CMDLINE is the path of the binary image to be executed and its command line parameters. It is possible to not specify any user (and hence having the new process to run with the service user credentials) by specifying none as USER:PASS. The user specified (if present) as owner of the new process must have batch logon capabilities to have WinInetd to successfully call LogonUser() (it is possible to set the logon batch capability through the security policy editor available among the Administrator tools). Example of valid configuration lines are :

10002    davide:DamnYou    c:\windows\system32\cmd.exe
10123    none              c:\echo\echocs.exe -d -c 156

Every line that does not start with a digit is considered a comment, and either space or tab are valid separators between configuration line values. To install the service you can run :

wininetd --install

from a MS-DOS prompt of a user that have service manipulation rights. On the contrary, to remove the service, you can run :

wininetd --remove

Changes to the configuration file will become effective only when the server is restarted. It is also possible to run the service in debug mode by running :

wininetd --debug ...

from a MS-DOS prompt. The service also accept a few extra command line parameters that you will be able to set through the Windows service management console :

--cfgfile    file       = Sets the configuration file path
--timeout nsecs         = Sets the default socket timeout in seconds
--linger-timeout nsecs  = Sets the socket close linger timeout (default 60)

It is possible to examine log messages that WinInetd produces either through the MS-DOS prompt (when running in debug mode, see above) or through the Windows Event Viewer. The program that will be run by WinInetd will find a few environment variables set to help recognizing the client connection :

CLIENT_IP         = Client IP address
CLIENT_PORT  = Client PORT value


License and Software

WinInetd is made available through the GNU GPL license together with the complete sources. Please read carefully the license before using the software. The WinInetd service binary together with the full source is available here :

Version 0.7

Back Home