Пример программы обнаружения присутсивия Soft-ice.
Принцип работы программs обнаружение Vxd с определенным
названием. Такой принцип применим для обнаружения других программ например
Filemon или RegMon. Для этого требуется заменить название SICE или NTICE
на название VXD который использует соответствующая программа. Определить
название можно спомощью MsSysinfo.
//////////////////////////////////////////////////////////////////////
//
//
MeltICE - SoftICE '95 version 3 detection - Made by David Eriksson
//
==================================================================
//
//
Disclaimer
// ~~~~~~~~~~
// I take no responsibility for the
authenticity of this information,
// or the results of the use or
misuse of the source code.
//
// SoftICE is a trademark of NuMega
Technologies, Inc.
//
Unit
meltice;
Interface
//#include <stdio.h>
//#define
WIN32_LEAN_AND_MEAN
//#include
<windows.h>
//////////////////////////////////////////////////////////////////////
//
//
See if SoftICE version 3.x for Windows 95 is loaded
//
Function
IsSoftIce95Loaded:
boolean;
////////////////////////////////////////////////////////////////////
//
//
See if SoftICE version 3.x for Windows NT is loaded
//
Function
IsSoftIceNTLoaded: boolean;
Implementation
Uses sysUtils,
Windows;
Function IsSoftIce95Loaded: boolean;
Var
hFile:
Thandle;
Begin
result := false;
// "\\.\SICE" without escape
stuff
// hFile := CreateFileA('\\\\.\\SICE',
// Note: There is no
need for the escapes in Pascal, therefore
hFile :=
CreateFileA('\\.\SICE',
GENERIC_READ or
GENERIC_WRITE,
FILE_SHARE_READ or
FILE_SHARE_WRITE,
nil,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
0);
if(
hFile <> INVALID_HANDLE_VALUE ) then
begin
CloseHandle(hFile);
result :=
TRUE;
end;
End;
Function IsSoftIceNTLoaded:
boolean;
Var
hFile: Thandle;
Begin
result := false;
//
"\\.\NTICE" without escape stuff
// hFile :=
CreateFileA('\\\\.\\NTICE',
// Note: There is no need for the escapes
in Pascal, therefore
hFile :=
CreateFileA('\\.\NTICE',
GENERIC_READ or
GENERIC_WRITE,
FILE_SHARE_READ or
FILE_SHARE_WRITE,
nil,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
0);
if(
hFile <> INVALID_HANDLE_VALUE ) then
begin
CloseHandle(hFile);
result :=
TRUE;
end;
End;
End.
//////////////////////////////////////////////////////////////////////
//
//
Example code for calling these functions
//
(*$apptype
console*)
Procedure Test;
Begin
if IsSoftIce95Loaded
then
writeln('SoftICE for Windows 95 is active!')
else if
IsSoftIceNTLoaded then
writeln('SoftICE for Windows NT is
active!')
else
writeln('Can''t find SoftICE with this
method!');
End;
|
