| |
Пример
программы обнаружения
присутсивия Soft-ice.
Принцип работы
программs обнаружение Vxd с
определенным названием. Такой
принцип применим для
обнаружения других программ
например Filemon или RegMon. Для этого
требуется заменить название SICE
или NTICE на название VXD который
использует соответствующая
программа. Определить название
можно спомощью MsSysinfo.
//////////////////////////////////////////////////////////////////////
//
// MeltICE - SoftICE '95 version 3 detection - Made by
David Eriksson
//
==================================================================
//
// Disclaimer
// ~~~~~~~~~~
// I take no responsibility for the authenticity of this
information,
// or the results of the use or misuse of the source
code.
//
// SoftICE is a trademark of NuMega Technologies, Inc.
//
Unit meltice;
Interface
//#include <stdio.h>
//#define WIN32_LEAN_AND_MEAN
//#include <windows.h>
//////////////////////////////////////////////////////////////////////
//
// See if SoftICE version 3.x for Windows 95 is loaded
//
Function IsSoftIce95Loaded: boolean;
////////////////////////////////////////////////////////////////////
//
// See if SoftICE version 3.x for Windows NT is loaded
//
Function IsSoftIceNTLoaded: boolean;
Implementation
Uses sysUtils, Windows;
Function IsSoftIce95Loaded: boolean;
Var
hFile: Thandle;
Begin
result := false;
// "\\.\SICE" without escape stuff
// hFile := CreateFileA('\\\\.\\SICE',
// Note: There is no need for the escapes in Pascal,
therefore
hFile := CreateFileA('\\.\SICE',
GENERIC_READ or GENERIC_WRITE,
FILE_SHARE_READ or FILE_SHARE_WRITE,
nil,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
0);
if( hFile <> INVALID_HANDLE_VALUE ) then begin
CloseHandle(hFile);
result := TRUE;
end;
End;
Function IsSoftIceNTLoaded: boolean;
Var
hFile: Thandle;
Begin
result := false;
// "\\.\NTICE" without escape stuff
// hFile := CreateFileA('\\\\.\\NTICE',
// Note: There is no need for the escapes in Pascal,
therefore
hFile := CreateFileA('\\.\NTICE',
GENERIC_READ or GENERIC_WRITE,
FILE_SHARE_READ or FILE_SHARE_WRITE,
nil,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
0);
if( hFile <> INVALID_HANDLE_VALUE ) then begin
CloseHandle(hFile);
result := TRUE;
end;
End;
End.
//////////////////////////////////////////////////////////////////////
//
// Example code for calling these functions
//
(*$apptype console*)
Procedure Test;
Begin
if IsSoftIce95Loaded then
writeln('SoftICE for Windows 95 is active!')
else if IsSoftIceNTLoaded then
writeln('SoftICE for Windows NT is active!')
else
writeln('Can''t find SoftICE with this method!');
End;
|
|
