- 注册时间
- 2011-3-6
- 最后登录
- 1970-1-1
该用户从未签到
|
大牛都不屑这个,
我也不看好这些伎俩,其实我认为老老实实写代码,和老老实实逆向,给基本功练扎实了
比什么都实在。
但是我为什么要发啊?
看着某些人到处求码。我就索性发出来吧
没有什么技术含量
#include <Windows.h>
#include <stdio.h>
//检测大神的sod插件
BOOL isSod()
{
BOOL bResult=FALSE;
SC_HANDLE hService=NULL;
SC_HANDLE hSCObject=NULL;
hSCObject = OpenSCManagerA(0, 0, 0xF003Fu);
if (!hSCObject)
{
goto Finally;
}
hService = OpenServiceA(hSCObject, "fengyue0", 0xF01FFu);
if (hService)
{
bResult=TRUE;
}
Finally:
if (hService)
{
CloseServiceHandle(hService);
}
if (hSCObject)
{
CloseServiceHandle(hSCObject);
}
return bResult;
}
//检测大神sod插件
BOOL isSod1()
{
BOOL bResult=FALSE;
HANDLE hDevice = CreateFileA("\\\\.\\fengyue0", 0xC0000000u, 3u, 0, 3u, 0x80u, 0);
if (hDevice!=INVALID_HANDLE_VALUE)
{
bResult=TRUE;
}
Finally:
if (hDevice!=INVALID_HANDLE_VALUE)
{
CloseHandle(hDevice);
}
return bResult;
}
//没有大神插件的情况下,如下方法好使
BOOL IsDebug()
{
BOOL bResult=FALSE;
DWORD dwError=0;
HANDLE hOpen=NULL;
hOpen=OpenProcess(PROCESS_ALL_ACCESS,TRUE,GetCurrentProcessId());
if (hOpen)
{
bResult=TRUE;
}
Finally:
if (hOpen)
{
CloseHandle(hOpen);
}
return bResult;
}
void main()
{
if (isSod1())
{
printf("发现被调试");
}
else
{
printf("没有发现");
}
getchar();
}
再来段卸载驱动的代码
呵呵
代码:
int UnstallSod()
{
SC_HANDLE hService;
signed int i;
signed int iResult;
struct _SERVICE_STATUS ServiceStatus;
SC_HANDLE hSCObject;
hSCObject = OpenSCManagerA(0, 0, 0xF003Fu);
ServiceStatus.dwServiceType = 0;
memset(&ServiceStatus.dwCurrentState, 0, 0x18u);
if ( (hService = OpenServiceA(hSCObject, "fengyue0", 0xF01FFu)) != 0 )
{
ControlService(hService, SERVICE_CONTROL_INTERROGATE, &ServiceStatus);
if ( ServiceStatus.dwCurrentState ==SERVICE_RUNNING && !ControlService(hService, SERVICE_CONTROL_STOP, &ServiceStatus) )
{
CloseServiceHandle(hSCObject);
CloseServiceHandle(hService);
return 0;
}
i = 0;
do
{
if ( ServiceStatus.dwCurrentState == SERVICE_STOPPED )
break;
ControlService(hService, SERVICE_CONTROL_INTERROGATE, &ServiceStatus);
if ( ServiceStatus.dwCurrentState == SERVICE_STOPPED)
break;
Sleep(0x64u);
++i;
}
while ( i < 10 );
if ( i == 10 && ServiceStatus.dwCurrentState != 1 )
return 0;
}
iResult = 0;
if ( DeleteService(hService) )
iResult = 1;
CloseServiceHandle(hSCObject);
CloseServiceHandle(hService);
return iResult;
} |
|