Anti-Monitor Delphi反调试

博主： samool
发布时间：2007 年 01 月 22 日
9462 次浏览
暂无评论
10590字数
分类：搞软件

//Anti-Monitor   <br />  Function   ABC39:   Boolean;   //检测Dump;   <br />  var   <br />      hFile:   Thandle;   <br />  Begin   <br />      Result:=   false;   <br />      hFile   :=   FindWindow(nil,'ProcDump32   (C)   1998,   1999,   2000   G-RoM,   Lorian   &   Stone');   <br />      if(   hFile   <>   0   )   then   <br />      begin   <br />          Result:=   TRUE;   <br />      end;   <br />  End;   <br />    <br />  Function   ABC40:   Boolean;   //检测RegMON;   <br />  var   <br />      hFile:   Thandle;   <br />  Begin   <br />      Result:=   false;   <br />      hFile   :=   FindWindow(nil,'Registry   Monitor   -   Sysinternals:   www.sysinternals.com');   <br />      if(   hFile   <>   0   )   then   <br />      begin   <br />          Result:=   TRUE;   <br />      end;   <br />  End;   <br />    <br />  Function   ABC41:   Boolean;stdcall;     //检测FileMON;   <br />  var   <br />      hFile:   Thandle;   <br />  Begin   <br />      Result:=   false;   <br />      hFile   :=   FindWindow(nil,'File   Monitor   -   Sysinternals:   www.sysinternals.com');   <br />      if(   hFile   <>   0   )   then   <br />      begin   <br />          Result:=   TRUE;   <br />      end;   <br />  End;   <br />    <br />  ////////////////////////////////////////////////////////////////////////////////   <br />  //Anti-loader   <br />  Function   ABC42():Boolean;   //检测调试器;   <br />  var   <br />      YInt,NInt:Integer;   <br />  begin   <br />      asm   <br />          mov   eax,fs:[30h]   <br />          movzx   eax,byte   ptr[eax+2h]   <br />          or   al,al   <br />          jz   @No   <br />          jnz   @Yes   <br />          @No:   <br />              mov   NInt,1   <br />          @Yes:   <br />              Mov   YInt,1   <br />      end;   <br />      if   YInt=1   then   <br />          Result:=True;   <br />      if   NInt=1   then   <br />          Result:=False;   <br />  end;   <br />    <br />  98下:   <br />  Function   IsSoftIce95Loaded:   boolean;         //声明一个检测SoftICE的boolean型变量     <br />  Var   hFile:   Thandle;     <br />  Begin     <br />      result   :=   false;     <br />      hFile   :=   CreateFileA('\\.\SICE',   GENERIC_READ   or   GENERIC_WRITE,     <br />          FILE_SHARE_READ   or   FILE_SHARE_WRITE,   nil,   OPEN_EXISTING,     <br />          FILE_ATTRIBUTE_NORMAL,   0);     <br />      if(   hFile   <>   INVALID_HANDLE_VALUE   )   then   begin     <br />          CloseHandle(hFile);     <br />          result   :=   TRUE;     <br />      end;     <br />  End;     <br />    <br />  Function   IsSoftIceNTLoaded:   boolean;     //声明一个检测SoftIceNT的boolean型变量     <br />  Var   hFile:   Thandle;     <br />  Begin     <br />      result   :=   false;     <br />      hFile   :=   CreateFileA('\\.\NTICE',   GENERIC_READ   or   GENERIC_WRITE,     <br />          FILE_SHARE_READ   or   FILE_SHARE_WRITE,   nil,   OPEN_EXISTING,     <br />          FILE_ATTRIBUTE_NORMAL,   0);     <br />      if(   hFile   <>   INVALID_HANDLE_VALUE   )   then   begin     <br />          CloseHandle(hFile);     <br />          result   :=   TRUE;     <br />      end;     <br />  End;     <br />    <br />  Function   IsTRWLoaded:   boolean;     //声明一个检测TRW的boolean型变量   <br />  Var   hFile:   Thandle;     <br />  Begin   <br />      result   :=   false;     <br />      hFile   :=   CreateFileA('\\.\TRWDEBUG',   GENERIC_READ   or   GENERIC_WRITE,     <br />          FILE_SHARE_READ   or   FILE_SHARE_WRITE,   nil,   OPEN_EXISTING,     <br />          FILE_ATTRIBUTE_NORMAL,   0);     <br />      if(   hFile   <>   INVALID_HANDLE_VALUE   )   then   begin     <br />          CloseHandle(hFile);     <br />          result   :=   TRUE;     <br />      end;     <br />  End;   <br />    <br />  Function   IsTRW2000Loaded:   boolean;     //声明一个检测TRW2000的boolean型变量   <br />  Var   hFile:   Thandle;     <br />  Begin     <br />      result   :=   false;     <br />      hFile   :=   CreateFileA('\\.\TRW2000',   GENERIC_READ   or   GENERIC_WRITE,     <br />          FILE_SHARE_READ   or   FILE_SHARE_WRITE,   nil,   OPEN_EXISTING,     <br />          FILE_ATTRIBUTE_NORMAL,   0);     <br />      if(   hFile   <>   INVALID_HANDLE_VALUE   )   then   begin     <br />          CloseHandle(hFile);     <br />          result   :=   TRUE;   <br />      end;     <br />  End;     <br />    <br />  Function   IsRegMONLoaded:   boolean;     //声明一个检测RegMON的boolean型变量   For   Windows98;   <br />  Var   hFile:   Thandle;     <br />  Begin     <br />      result   :=   false;     <br />      hFile   :=   CreateFileA('\\.\REGVXD',   GENERIC_READ   or   GENERIC_WRITE,     <br />          FILE_SHARE_READ   or   FILE_SHARE_WRITE,   nil,   OPEN_EXISTING,     <br />          FILE_ATTRIBUTE_NORMAL,   0);     <br />      if(   hFile   <>   INVALID_HANDLE_VALUE   )   then   begin     <br />          CloseHandle(hFile);     <br />          result   :=   TRUE;     <br />      end;     <br />  End;     <br />    <br />  Function   IsNTRegMONLoaded:   boolean;     //声明一个检测RegMON的boolean型变量   For   Windows2000/xp;     <br />  Var   hFile:   Thandle;   <br />  Begin   <br />      result   :=   false;   <br />      hFile   :=   FindWindow(nil,'Registry   Monitor   -   Sysinternals:   www.sysinternals.com');   <br />      if(   hFile   <>   0   )   then   <br />      begin   <br />          result   :=   TRUE;   <br />      end;   <br />  End;   <br />    <br />  Function   IsFileMONLoaded:   boolean;         //声明一个检测FileMON的boolean型变量   For   Windows98;   <br />  Var   hFile:   Thandle;     <br />  Begin     <br />      result   :=   false;     <br />      hFile   :=   CreateFileA('\\.\FILEVXD',   GENERIC_READ   or   GENERIC_WRITE,     <br />          FILE_SHARE_READ   or   FILE_SHARE_WRITE,   nil,   OPEN_EXISTING,     <br />          FILE_ATTRIBUTE_NORMAL,   0);     <br />      if(   hFile   <>   INVALID_HANDLE_VALUE   )   then   begin     <br />          CloseHandle(hFile);     <br />          result   :=   TRUE;     <br />      end;     <br />  End;     <br />    <br />  Function   IsBW2000Loaded:   boolean;     //声明一个检测冲击波2000的boolean型变量   加壳时说不定用的上   <br />  Var   hFile:   Thandle;   <br />  Begin   <br />      result   :=   false;   <br />      hFile   :=   CreateFileA('\\.\bw2k',   GENERIC_READ   or   GENERIC_WRITE,   <br />          FILE_SHARE_READ   or   FILE_SHARE_WRITE,   nil,   OPEN_EXISTING,   <br />          FILE_ATTRIBUTE_NORMAL,   0);   <br />      if(   hFile   <>   INVALID_HANDLE_VALUE   )   then   begin   <br />          CloseHandle(hFile);   <br />          result   :=   TRUE;   <br />      end;   <br />  End;   <br />    <br />    <br />  上面的调用就是根据返回值True或者False来检测的.

Loading...

//Anti-Monitor &nbsp; <br />&nbsp; Function &nbsp; ABC39: &nbsp; Boolean; &nbsp; //检测Dump; &nbsp; <br />&nbsp; var &nbsp; <br />&nbsp; &nbsp; &nbsp; hFile: &nbsp; Thandle; &nbsp; <br />&nbsp; Begin &nbsp; <br />&nbsp; &nbsp; &nbsp; Result:= &nbsp; false; &nbsp; <br />&nbsp; &nbsp; &nbsp; hFile &nbsp; := &nbsp; FindWindow(nil,'ProcDump32 &nbsp; (C) &nbsp; 1998, &nbsp; 1999, &nbsp; 2000 &nbsp; G-RoM, &nbsp; Lorian &nbsp; &amp; &nbsp; Stone'); &nbsp; <br />&nbsp; &nbsp; &nbsp; if( &nbsp; hFile &nbsp; &lt;&gt; &nbsp; 0 &nbsp; ) &nbsp; then &nbsp; <br />&nbsp; &nbsp; &nbsp; begin &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Result:= &nbsp; TRUE; &nbsp; <br />&nbsp; &nbsp; &nbsp; end; &nbsp; <br />&nbsp; End; &nbsp; <br />&nbsp; &nbsp; <br />&nbsp; Function &nbsp; ABC40: &nbsp; Boolean; &nbsp; //检测RegMON; &nbsp; <br />&nbsp; var &nbsp; <br />&nbsp; &nbsp; &nbsp; hFile: &nbsp; Thandle; &nbsp; <br />&nbsp; Begin &nbsp; <br />&nbsp; &nbsp; &nbsp; Result:= &nbsp; false; &nbsp; <br />&nbsp; &nbsp; &nbsp; hFile &nbsp; := &nbsp; FindWindow(nil,'Registry &nbsp; Monitor &nbsp; - &nbsp; Sysinternals: &nbsp; www.sysinternals.com'); &nbsp; <br />&nbsp; &nbsp; &nbsp; if( &nbsp; hFile &nbsp; &lt;&gt; &nbsp; 0 &nbsp; ) &nbsp; then &nbsp; <br />&nbsp; &nbsp; &nbsp; begin &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Result:= &nbsp; TRUE; &nbsp; <br />&nbsp; &nbsp; &nbsp; end; &nbsp; <br />&nbsp; End; &nbsp; <br />&nbsp; &nbsp; <br />&nbsp; Function &nbsp; ABC41: &nbsp; Boolean;stdcall; &nbsp; &nbsp; //检测FileMON; &nbsp; <br />&nbsp; var &nbsp; <br />&nbsp; &nbsp; &nbsp; hFile: &nbsp; Thandle; &nbsp; <br />&nbsp; Begin &nbsp; <br />&nbsp; &nbsp; &nbsp; Result:= &nbsp; false; &nbsp; <br />&nbsp; &nbsp; &nbsp; hFile &nbsp; := &nbsp; FindWindow(nil,'File &nbsp; Monitor &nbsp; - &nbsp; Sysinternals: &nbsp; www.sysinternals.com'); &nbsp; <br />&nbsp; &nbsp; &nbsp; if( &nbsp; hFile &nbsp; &lt;&gt; &nbsp; 0 &nbsp; ) &nbsp; then &nbsp; <br />&nbsp; &nbsp; &nbsp; begin &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Result:= &nbsp; TRUE; &nbsp; <br />&nbsp; &nbsp; &nbsp; end; &nbsp; <br />&nbsp; End; &nbsp; <br />&nbsp; &nbsp; <br />&nbsp; //////////////////////////////////////////////////////////////////////////////// &nbsp; <br />&nbsp; //Anti-loader &nbsp; <br />&nbsp; Function &nbsp; ABC42():Boolean; &nbsp; //检测调试器; &nbsp; <br />&nbsp; var &nbsp; <br />&nbsp; &nbsp; &nbsp; YInt,NInt:Integer; &nbsp; <br />&nbsp; begin &nbsp; <br />&nbsp; &nbsp; &nbsp; asm &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov &nbsp; eax,fs:[30h] &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; movzx &nbsp; eax,byte &nbsp; ptr[eax+2h] &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; or &nbsp; al,al &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; jz &nbsp; @No &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; jnz &nbsp; @Yes &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; @No: &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; mov &nbsp; NInt,1 &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; @Yes: &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Mov &nbsp; YInt,1 &nbsp; <br />&nbsp; &nbsp; &nbsp; end; &nbsp; <br />&nbsp; &nbsp; &nbsp; if &nbsp; YInt=1 &nbsp; then &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Result:=True; &nbsp; <br />&nbsp; &nbsp; &nbsp; if &nbsp; NInt=1 &nbsp; then &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Result:=False; &nbsp; <br />&nbsp; end; &nbsp; <br />&nbsp; &nbsp; <br />&nbsp; 98下: &nbsp; <br />&nbsp; Function &nbsp; IsSoftIce95Loaded: &nbsp; boolean; &nbsp; &nbsp; &nbsp; &nbsp; //声明一个检测SoftICE的boolean型变量 &nbsp; &nbsp; <br />&nbsp; Var &nbsp; hFile: &nbsp; Thandle; &nbsp; &nbsp; <br />&nbsp; Begin &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; result &nbsp; := &nbsp; false; &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; hFile &nbsp; := &nbsp; CreateFileA('\\.\SICE', &nbsp; GENERIC_READ &nbsp; or &nbsp; GENERIC_WRITE, &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; FILE_SHARE_READ &nbsp; or &nbsp; FILE_SHARE_WRITE, &nbsp; nil, &nbsp; OPEN_EXISTING, &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; FILE_ATTRIBUTE_NORMAL, &nbsp; 0); &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; if( &nbsp; hFile &nbsp; &lt;&gt; &nbsp; INVALID_HANDLE_VALUE &nbsp; ) &nbsp; then &nbsp; begin &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CloseHandle(hFile); &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; result &nbsp; := &nbsp; TRUE; &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; end; &nbsp; &nbsp; <br />&nbsp; End; &nbsp; &nbsp; <br />&nbsp; &nbsp; <br />&nbsp; Function &nbsp; IsSoftIceNTLoaded: &nbsp; boolean; &nbsp; &nbsp; //声明一个检测SoftIceNT的boolean型变量 &nbsp; &nbsp; <br />&nbsp; Var &nbsp; hFile: &nbsp; Thandle; &nbsp; &nbsp; <br />&nbsp; Begin &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; result &nbsp; := &nbsp; false; &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; hFile &nbsp; := &nbsp; CreateFileA('\\.\NTICE', &nbsp; GENERIC_READ &nbsp; or &nbsp; GENERIC_WRITE, &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; FILE_SHARE_READ &nbsp; or &nbsp; FILE_SHARE_WRITE, &nbsp; nil, &nbsp; OPEN_EXISTING, &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; FILE_ATTRIBUTE_NORMAL, &nbsp; 0); &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; if( &nbsp; hFile &nbsp; &lt;&gt; &nbsp; INVALID_HANDLE_VALUE &nbsp; ) &nbsp; then &nbsp; begin &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CloseHandle(hFile); &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; result &nbsp; := &nbsp; TRUE; &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; end; &nbsp; &nbsp; <br />&nbsp; End; &nbsp; &nbsp; <br />&nbsp; &nbsp; <br />&nbsp; Function &nbsp; IsTRWLoaded: &nbsp; boolean; &nbsp; &nbsp; //声明一个检测TRW的boolean型变量 &nbsp; <br />&nbsp; Var &nbsp; hFile: &nbsp; Thandle; &nbsp; &nbsp; <br />&nbsp; Begin &nbsp; <br />&nbsp; &nbsp; &nbsp; result &nbsp; := &nbsp; false; &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; hFile &nbsp; := &nbsp; CreateFileA('\\.\TRWDEBUG', &nbsp; GENERIC_READ &nbsp; or &nbsp; GENERIC_WRITE, &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; FILE_SHARE_READ &nbsp; or &nbsp; FILE_SHARE_WRITE, &nbsp; nil, &nbsp; OPEN_EXISTING, &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; FILE_ATTRIBUTE_NORMAL, &nbsp; 0); &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; if( &nbsp; hFile &nbsp; &lt;&gt; &nbsp; INVALID_HANDLE_VALUE &nbsp; ) &nbsp; then &nbsp; begin &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CloseHandle(hFile); &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; result &nbsp; := &nbsp; TRUE; &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; end; &nbsp; &nbsp; <br />&nbsp; End; &nbsp; <br />&nbsp; &nbsp; <br />&nbsp; Function &nbsp; IsTRW2000Loaded: &nbsp; boolean; &nbsp; &nbsp; //声明一个检测TRW2000的boolean型变量 &nbsp; <br />&nbsp; Var &nbsp; hFile: &nbsp; Thandle; &nbsp; &nbsp; <br />&nbsp; Begin &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; result &nbsp; := &nbsp; false; &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; hFile &nbsp; := &nbsp; CreateFileA('\\.\TRW2000', &nbsp; GENERIC_READ &nbsp; or &nbsp; GENERIC_WRITE, &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; FILE_SHARE_READ &nbsp; or &nbsp; FILE_SHARE_WRITE, &nbsp; nil, &nbsp; OPEN_EXISTING, &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; FILE_ATTRIBUTE_NORMAL, &nbsp; 0); &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; if( &nbsp; hFile &nbsp; &lt;&gt; &nbsp; INVALID_HANDLE_VALUE &nbsp; ) &nbsp; then &nbsp; begin &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CloseHandle(hFile); &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; result &nbsp; := &nbsp; TRUE; &nbsp; <br />&nbsp; &nbsp; &nbsp; end; &nbsp; &nbsp; <br />&nbsp; End; &nbsp; &nbsp; <br />&nbsp; &nbsp; <br />&nbsp; Function &nbsp; IsRegMONLoaded: &nbsp; boolean; &nbsp; &nbsp; //声明一个检测RegMON的boolean型变量 &nbsp; For &nbsp; Windows98; &nbsp; <br />&nbsp; Var &nbsp; hFile: &nbsp; Thandle; &nbsp; &nbsp; <br />&nbsp; Begin &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; result &nbsp; := &nbsp; false; &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; hFile &nbsp; := &nbsp; CreateFileA('\\.\REGVXD', &nbsp; GENERIC_READ &nbsp; or &nbsp; GENERIC_WRITE, &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; FILE_SHARE_READ &nbsp; or &nbsp; FILE_SHARE_WRITE, &nbsp; nil, &nbsp; OPEN_EXISTING, &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; FILE_ATTRIBUTE_NORMAL, &nbsp; 0); &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; if( &nbsp; hFile &nbsp; &lt;&gt; &nbsp; INVALID_HANDLE_VALUE &nbsp; ) &nbsp; then &nbsp; begin &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CloseHandle(hFile); &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; result &nbsp; := &nbsp; TRUE; &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; end; &nbsp; &nbsp; <br />&nbsp; End; &nbsp; &nbsp; <br />&nbsp; &nbsp; <br />&nbsp; Function &nbsp; IsNTRegMONLoaded: &nbsp; boolean; &nbsp; &nbsp; //声明一个检测RegMON的boolean型变量 &nbsp; For &nbsp; Windows2000/xp; &nbsp; &nbsp; <br />&nbsp; Var &nbsp; hFile: &nbsp; Thandle; &nbsp; <br />&nbsp; Begin &nbsp; <br />&nbsp; &nbsp; &nbsp; result &nbsp; := &nbsp; false; &nbsp; <br />&nbsp; &nbsp; &nbsp; hFile &nbsp; := &nbsp; FindWindow(nil,'Registry &nbsp; Monitor &nbsp; - &nbsp; Sysinternals: &nbsp; www.sysinternals.com'); &nbsp; <br />&nbsp; &nbsp; &nbsp; if( &nbsp; hFile &nbsp; &lt;&gt; &nbsp; 0 &nbsp; ) &nbsp; then &nbsp; <br />&nbsp; &nbsp; &nbsp; begin &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; result &nbsp; := &nbsp; TRUE; &nbsp; <br />&nbsp; &nbsp; &nbsp; end; &nbsp; <br />&nbsp; End; &nbsp; <br />&nbsp; &nbsp; <br />&nbsp; Function &nbsp; IsFileMONLoaded: &nbsp; boolean; &nbsp; &nbsp; &nbsp; &nbsp; //声明一个检测FileMON的boolean型变量 &nbsp; For &nbsp; Windows98; &nbsp; <br />&nbsp; Var &nbsp; hFile: &nbsp; Thandle; &nbsp; &nbsp; <br />&nbsp; Begin &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; result &nbsp; := &nbsp; false; &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; hFile &nbsp; := &nbsp; CreateFileA('\\.\FILEVXD', &nbsp; GENERIC_READ &nbsp; or &nbsp; GENERIC_WRITE, &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; FILE_SHARE_READ &nbsp; or &nbsp; FILE_SHARE_WRITE, &nbsp; nil, &nbsp; OPEN_EXISTING, &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; FILE_ATTRIBUTE_NORMAL, &nbsp; 0); &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; if( &nbsp; hFile &nbsp; &lt;&gt; &nbsp; INVALID_HANDLE_VALUE &nbsp; ) &nbsp; then &nbsp; begin &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CloseHandle(hFile); &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; result &nbsp; := &nbsp; TRUE; &nbsp; &nbsp; <br />&nbsp; &nbsp; &nbsp; end; &nbsp; &nbsp; <br />&nbsp; End; &nbsp; &nbsp; <br />&nbsp; &nbsp; <br />&nbsp; Function &nbsp; IsBW2000Loaded: &nbsp; boolean; &nbsp; &nbsp; //声明一个检测冲击波2000的boolean型变量 &nbsp; 加壳时说不定用的上 &nbsp; <br />&nbsp; Var &nbsp; hFile: &nbsp; Thandle; &nbsp; <br />&nbsp; Begin &nbsp; <br />&nbsp; &nbsp; &nbsp; result &nbsp; := &nbsp; false; &nbsp; <br />&nbsp; &nbsp; &nbsp; hFile &nbsp; := &nbsp; CreateFileA('\\.\bw2k', &nbsp; GENERIC_READ &nbsp; or &nbsp; GENERIC_WRITE, &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; FILE_SHARE_READ &nbsp; or &nbsp; FILE_SHARE_WRITE, &nbsp; nil, &nbsp; OPEN_EXISTING, &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; FILE_ATTRIBUTE_NORMAL, &nbsp; 0); &nbsp; <br />&nbsp; &nbsp; &nbsp; if( &nbsp; hFile &nbsp; &lt;&gt; &nbsp; INVALID_HANDLE_VALUE &nbsp; ) &nbsp; then &nbsp; begin &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CloseHandle(hFile); &nbsp; <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; result &nbsp; := &nbsp; TRUE; &nbsp; <br />&nbsp; &nbsp; &nbsp; end; &nbsp; <br />&nbsp; End; &nbsp; <br />&nbsp; &nbsp; <br />&nbsp; &nbsp; <br />&nbsp; 上面的调用就是根据返回值True或者False来检测的.

最后修改：2009 年 08 月 16 日

© 允许规范转载

支持就是力量

Loading...

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

评论 *

私密评论

名称 *

🎲

邮箱 *

地址