- 注册时间
- 2011-3-6
- 最后登录
- 1970-1-1
该用户从未签到
|
废话不多说 直接上代码吧
有人说 没有开od 什么 提示被检测到 其实是 你曾今打开个od吧!因为那个驱动并且没有别卸载掉,所以到知道提示检测到
可以在检测前 先卸载一下 这个驱动看看,去看我的检测一 和这个合起来,卸载这个驱动
#include <windows.h>
#include <stdio.h>
#include <shlwapi.h>
#pragma comment(lib,"shlwapi")
BOOL IsOdPath(LPWSTR lpszFilePath)
{
BOOL bResult=FALSE;
WCHAR wFilePath[MAX_PATH]={0};
wcscpy(wFilePath,lpszFilePath+4);
PathRemoveFileSpec(wFilePath);
wcscat(wFilePath,L"\\ODbgScript.dll");
if (PathFileExists(wFilePath))
{
bResult=TRUE;
}
Finally:
return bResult;
}
BOOL isFindOd()
{
LPENUM_SERVICE_STATUS_PROCESS pPssp=NULL;
DWORD dwNeed=0;
DWORD dwRet=0;
SC_HANDLE hSrv=0;
int dwServiceType;
DWORD i=0;
LPQUERY_SERVICE_CONFIG pQsc=NULL;
dwServiceType =SERVICE_DRIVER|SERVICE_WIN32|SERVICE_KERNEL_DRIVER|SERVICE_FILE_SYSTEM_DRIVER;
BOOL bFind=FALSE;
SC_HANDLE hSCM = OpenSCManagerW(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (!hSCM)
{
goto Finally;
}
EnumServicesStatusEx(hSCM, SC_ENUM_PROCESS_INFO,
dwServiceType, SERVICE_STATE_ALL,
(PBYTE)pPssp,
0, &dwNeed,
&dwRet, NULL, NULL);
if (dwNeed == 0)
goto Finally;
pPssp = (LPENUM_SERVICE_STATUS_PROCESS)malloc(dwNeed);
ZeroMemory(pPssp, dwNeed);
if (!EnumServicesStatusEx(hSCM, SC_ENUM_PROCESS_INFO, dwServiceType,
SERVICE_STATE_ALL, (PBYTE)pPssp, dwNeed, &dwNeed, &dwRet, NULL, NULL))
{
free(pPssp);
goto Finally;
}
for ( i = 0; i < dwRet; i++)
{
hSrv = OpenServiceW(hSCM, pPssp[i].lpServiceName, SERVICE_QUERY_CONFIG);
QueryServiceConfig(hSrv, pQsc, 0, &dwNeed);
if (dwNeed > 0)
{
pQsc = (LPQUERY_SERVICE_CONFIG)malloc(dwNeed);
ZeroMemory(pQsc, dwNeed);
if (QueryServiceConfig(hSrv, pQsc, dwNeed, &dwNeed))
{
if (IsOdPath(pQsc->lpBinaryPathName))
{
bFind=TRUE;
}
}
free(pQsc);
}
CloseServiceHandle(hSrv);
if (bFind)
{
break;
}
}
Finally:
if (pPssp)
{
free(pPssp);
}
if (hSCM)
{
CloseServiceHandle(hSCM);
}
return bFind;
}
void main()
{
if (isFindOd())
{
printf("发现被调试");
}
else
{
printf("没有发现");
}
getchar();
} |
|
发表于 2013-4-4 08:50:48