?? parentmain.~pas
字號:
unit ParentMain;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, TlHelp32, psApi, ComCtrls;
type
TForm1 = class(TForm)
StatusBar1: TStatusBar;
procedure FormCreate(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
//***************************************************
//檢查父進程來檢測OllyDBG
//***************************************************
function AntiLoader():Boolean;
const
ParentName='\EXPLORER.EXE';
var
hSnap,hProcess:THandle;
szBuffer:array[0..MAX_PATH] of char;
FileName:array[0..MAX_PATH] of char;
Process32:PROCESSENTRY32;
LoopFlag:BOOL;
begin
////得到所有進程的列表快照
hSnap:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if hSnap=INVALID_HANDLE_VALUE then
begin
Result:=False;
Exit;
end;
Process32.dwSize:=sizeof(PROCESSENTRY32);
//查找進程
LoopFlag:=Process32First(hSnap,Process32);
if LoopFlag=False then
begin
CloseHandle(hSnap);
Result:=False;
Exit;
end;
while Integer(LoopFlag)<>0 do
begin
if Process32.th32ProcessID=GetCurrentProcessId() then
begin
hProcess:=OpenProcess(PROCESS_ALL_ACCESS,FALSE,Process32.th32ParentProcessID);
if hProcess<>0 then
begin
if GetModuleFileNameEx(hProcess,0,FileName,MAX_PATH)<>0 then
begin
//取得系統目錄
GetWindowsDirectory(szBuffer,MAX_PATH);
//合并系統目錄和\EXPLORER.EXE
StrCat(szBuffer,ParentName);
//轉換成大寫以后比較當前調試程序的進程是否為父進程
if UpperCase(String(FileName))<>UpperCase(String(szBuffer)) then
Result:=True
else
Result:=False;
end;
end
else
Result:=False;
end;
LoopFlag:=Process32Next(hSnap,Process32);
end;
CloseHandle(hSnap);
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
if AntiLoader then
MessageBox(Handle,'發現調試器!','提示',MB_OK+MB_ICONINFORMATION)
else
MessageBox(Handle,'未發現調試器!','提示',MB_OK+MB_ICONINFORMATION)
end;
end.
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -