Antivirus Detector v0.1 [Beta] (Delphi Module)

Discussion in 'С/С++, C#, Rust, Swift, Go, Java, Perl, Ruby' started by Fliplab, 17 Feb 2010.

  1. Fliplab

    Fliplab Elder - Старейшина

    Joined:
    29 Jul 2008
    Messages:
    123
    Likes Received:
    20
    Reputations:
    3
    Вообщем какаято хрень.не могу редактировать свой пост и отвечать на сообщения,точнее могу,но они отображаются пустыми
     
  2. mailbrush

    mailbrush Well-Known Member

    Joined:
    24 Jun 2008
    Messages:
    1,997
    Likes Received:
    996
    Reputations:
    155
    Слишком много текста. Раздели на два поста.
     
  3. Fliplab

    Fliplab Elder - Старейшина

    Joined:
    29 Jul 2008
    Messages:
    123
    Likes Received:
    20
    Reputations:
    3
    Ок,попробую.
     
  4. Fliplab

    Fliplab Elder - Старейшина

    Joined:
    29 Jul 2008
    Messages:
    123
    Likes Received:
    20
    Reputations:
    3
    Antivirus Detector v0.2 [Beta] (Delphi Module)

    Code:
    unit antivir_detect;
    {
      Antivirus Detector v0.2 [Beta]
      Author: FlipLab Software© 2006-2009
      E-mail: [email protected], [email protected]
      URL: http://www.fls.com/
      About: Вспомогательный модуль для обнаружения установленных
        антивирусных программ, а также фаерволов. В текщей версии
        поддерживаются:
        + ESET SysInspector
        + ESET Nod32 Antivirus
        + ESET Personal Firewall
        + Trend Micro Internet Security
        + Kaspersky Internet Security 2008 & WorkStation
        + Agnitum Outpost Firewall
        + Agnitum Anti-Spyware
        + Agnitum Host Protection
        + Malwarebytes' Anti-Malware
        + Zillya! Антивирус
        + Advanced SystemCare
        + Антивирус Stop!
        + USBGuard
        + AnVir Task Manager
        + Lavasoft Ad-Aware
        + Microsoft Security Essentials
        + McAfee
        + McAfee Personal Firewall
        + SpyHunter
    }
    
    interface
    
    uses
      Windows;
    
    function IsEsetAntivir:     Boolean;
    function IsEsetSysInsp:     Boolean;
    function IsEsetFire:        Boolean;
    function IsTrendMicro:      Boolean;
    function IsKIS2008:         Boolean;
    function IsOutpostFire:     Boolean;
    function IsOutpostAntiSpy:  Boolean;
    function IsOutpostHostProt: Boolean;
    function IsAntiMalware:     Boolean;
    function IsZillya:          Boolean;
    function IsAdvancedSysCare: Boolean;
    function IsAvirStop:        Boolean;
    function IsUSBGuard:        Boolean;
    function IsAnvitTaskMgr:    Boolean;
    function IsAdAware:         Boolean;
    function IsMSecEssentials:  Boolean;
    function IsMcAfee:          Boolean;
    function IsMcAfeeeFire:     Boolean;
    function IsSpyHunter:       Boolean;
    
    implementation
    
    function ImportKernelFunc(const Name: String): Pointer;
    var
      KernelModule: THandle;
    begin
      KernelModule := GetModuleHandle('kernel32.dll');
      Result := GetProcAddress(KernelModule, PChar(Name));
    end;
    
    function UpperCase(const S: string): string;
    asm
           push  ebx
           push  esi
           push  edi
           mov   esi, eax          // s
           mov   eax, edx
           test  esi, esi
           jz    @Nil
           mov   edx, [esi-4]      // Length(s)
           mov   edi, eax          // @Result
           test  edx, edx
           jle   @Nil
           mov   ecx, [eax]
           mov   ebx, edx
           test  ecx, ecx
           jz    @Realloc          // Jump if Result not allocated
           test  edx, 3
           jnz   @Length3
           xor   edx, [ecx-4]
           cmp   edx, 3
           jbe   @TestRef
           jmp   @Realloc
    @Length3:
           or    edx, 2
           xor   edx, [ecx-4]
           cmp   edx, 1
           ja    @Realloc
    @TestRef:
           cmp   [ecx-8], 1
           je    @LengthOK         // Jump if Result RefCt=1
    @Realloc:
           mov   edx, ebx
           or    edx, 3
           call  System.@LStrSetLength
    @LengthOK:
           mov   edi, [edi]        // Result
           mov   [edi-4], ebx      // Correct Result length
           mov   byte ptr [ebx+edi], 0
           add   ebx, -1
           and   ebx, -4
           mov   eax, [ebx+esi]
    
    @Loop: mov   ecx, eax
           or    eax, $80808080    // $E1..$FA
           mov   edx, eax
           sub   eax, $7B7B7B7B    // $66..$7F
           xor   edx, ecx          // $80
           or    eax, $80808080    // $E6..$FF
           sub   eax, $66666666    // $80..$99
           and   eax, edx          // $80
           shr   eax, 2            // $20
           xor   eax, ecx          // Upper
           mov   [ebx+edi], eax
           mov   eax, [ebx+esi-4]
           sub   ebx, 4
           jge   @Loop
    
           pop   edi
           pop   esi
           pop   ebx
           ret
    
    @Nil:  pop   edi
           pop   esi
           pop   ebx
           jmp    System.@LStrClr   // Result:=''
    end;
    
    function IsUninstall(const ProgramName: String): Boolean;
    var
      Str, MBuf, DisplayName: String;
      function RegEnum(RootKey: HKEY; Name: String; var ResultList: String; const DoKeys: Boolean): Boolean;
      var
        I, iRes: Integer;
        S: String;
        hTemp: HKEY;
        Buf: Pointer;
        BufSize: Cardinal;
      begin
        Result := False;
        ResultList := '';
        if RegOpenKeyEx(RootKey, PChar(Name), 0, KEY_READ, hTemp) = ERROR_SUCCESS then
          begin
            Result := True;
            BufSize := 1024;
            GetMem(buf, BufSize);
            I := 0;
            iRes := ERROR_SUCCESS;
            while iRes = ERROR_SUCCESS do
              begin
                BufSize := 1024;
                if DoKeys then
                  iRes := RegEnumKeyEx(hTemp, I, buf, BufSize, nil, nil, nil, nil)
                else
                  iRes := RegEnumValue(hTemp, I, buf, BufSize, nil, nil, nil, nil);
                if iRes = ERROR_SUCCESS then
                  begin
                    SetLength(S, BufSize);
                    Move(buf^, S[1], BufSize);
                    ResultList := Concat(S, #13#10, ResultList);
                    Inc(i);
                  end;
              end;
            FreeMem(Buf);
            RegCloseKey(hTemp);
          end;
      end;
      function RegEnumKeys(RootKey: HKEY; Name: String; var KeyList: String): Boolean;
      begin
        Result := RegEnum(RootKey, Name, KeyList, True);
      end;
      function LastPos(Needle: Char; Haystack: String): Integer;
      begin
        for Result := Length(Haystack) downto 1 do
          if Haystack[Result] = Needle then
            Break;
      end;
      function RegValueExists(RootKey: HKEY; Name: String): Boolean;
      var
        SubKey: String;
        n: Integer;
        hTemp: HKEY;
      begin
        Result := False;
        n := LastPos('\', Name);
        if n > 0 then
          begin
            SubKey := Copy(Name, 1, n - 1);
            if RegOpenKeyEx(RootKey, PChar(SubKey), 0, KEY_READ, hTemp) = ERROR_SUCCESS then
              begin
                SubKey := Copy(Name, n + 1, Length(Name) - n);
                Result := (RegQueryValueEx(hTemp, PChar(SubKey), nil, nil, nil, nil) = ERROR_SUCCESS);
                RegCloseKey(hTemp);
              end;
          end;
      end;
      function RegGetValue(RootKey: HKEY; Name: String; ValType: Cardinal; var PVal: Pointer; var ValSize: Cardinal): Boolean;
      var
        SubKey: String;
        n: Integer;
        MyValType: DWORD;
        hTemp: HKEY;
        Buf: Pointer;
        BufSize: Cardinal;
        PKey: PChar;
      begin
        Result := False;
        n := LastPos('\', Name);
        if n > 0 then
          begin
            SubKey := Copy(Name, 1, n - 1);
            if RegOpenKeyEx(RootKey, PChar(SubKey), 0, KEY_READ, hTemp) = ERROR_SUCCESS then
              begin
                SubKey := Copy(Name, n + 1, Length(Name) - n);
                if SubKey = '' then
                  PKey := nil
                else
                  PKey := PChar(SubKey);
                if RegQueryValueEx(hTemp, PKey, nil, @MyValType, nil, @BufSize) = ERROR_SUCCESS then
                  begin
                    GetMem(Buf, BufSize);
                    if RegQueryValueEx(hTemp, PKey, nil, @MyValType, Buf, @BufSize) = ERROR_SUCCESS then
                      begin
                        if ValType = MyValType then
                          begin
                            PVal := Buf;
                            ValSize := BufSize;
                            Result := True;
                          end
                        else
                          FreeMem(Buf)
                      end
                    else
                      FreeMem(Buf);
                  end;
                RegCloseKey(hTemp);
              end;
          end;
      end;
      function RegGetString(RootKey: HKEY; Name: String; Var Value: String): Boolean;
      var
        Buf: Pointer;
        BufSize: Cardinal;
      begin
        Result := False;
        Value := '';
        if RegGetValue(RootKey, Name, REG_SZ, Buf, BufSize) then
          begin
            Dec(BufSize);
            SetLength(Value, BufSize);
            if BufSize > 0 then
              Move(Buf^, Value[1], BufSize);
            FreeMem(Buf);
            Result := True;
          end;
      end;
    begin
      Result := False;
      if RegEnumKeys(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', Str) then
        while Length(Str) > 0 do
          begin
            MBuf := Copy(Str, 1, Pos(#13#10, Str) - 1);
            Delete(Str, 1, Pos(#13#10, Str) + 1);
            if RegValueExists(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\' + MBuf + '\DisplayName') then
              begin
                RegGetString(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\' + MBuf + '\DisplayName', DisplayName);
                DisplayName := UpperCase(DisplayName);
                if Pos(UpperCase(ProgramName), DisplayName) > 0 then
                  begin
                    Result := True;
                    Exit;
                  end;
              end;
          end;
    end;
    
     
    1 person likes this.
  5. Fliplab

    Fliplab Elder - Старейшина

    Joined:
    29 Jul 2008
    Messages:
    123
    Likes Received:
    20
    Reputations:
    3
    Antivirus Detector v0.2 [Beta] (Delphi Module)

    Code:
    function IsRing0(const Device: String): Boolean;
    var
      hFile: THandle;
    begin
      Result := False;
      hFile := CreateFileA(PChar(Device), GENERIC_READ or GENERIC_WRITE, 0, nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
      if (hFile <> INVALID_HANDLE_VALUE) then
        begin
          CloseHandle(hFile);
          Result := True;
        end;
    end;
    
    function DriveExist(const DrivePath: String): Boolean;
    var
      GetSystemDirectory: function(lpBuffer: PChar; uSize: LongWord): LongWord; cdecl;
      GetFileAttributes: function(lpFileName: PChar): LongWord; cdecl;
      GSys: array[0..MAX_PATH] of Char;
      SysPath: String;
      Code: Integer;
    begin
      @GetSystemDirectory := ImportKernelFunc('GetSystemDirectoryA');
      @GetFileAttributes := ImportKernelFunc('GetFileAttributesA');
      GetSystemDirectory(GSys, MAX_PATH);
      SysPath := String(GSys);
      if Length(SysPath) > 0 then
        if SysPath[Length(SysPath)] <> '\' then
          SysPath := SysPath + '\';
      SysPath := SysPath + DrivePath;
      Code := GetFileAttributes(PChar(SysPath));
      Result := (Code <> -1) and (FILE_ATTRIBUTE_DIRECTORY and Code = 0);
    end;
    
    // ESET SysInspector
    function IsEsetSysInsp: Boolean;
    begin
      if IsRing0('\\.\ESIASDRV') then
        Result := True
      else
        Result := False;
    end;
    
    // ESET Nod32 Antivirus
    function IsEsetAntivir: Boolean;
    begin
      if (DriveExist('drivers\ehdrv.sys')) or (DriveExist('drivers\eamon.sys')) or (IsUninstall('ESET')) then
        Result := True
      else
        Result := False;
    end;
    
    // ESET Personal Firewall
    function IsEsetFire: Boolean;
    begin
      if (IsRing0('\\.\EPFWNDIS')) or (IsRing0('\\.\EPFW')) or (DriveExist('drivers\epfwtdi.sys')) then
        Result := True
      else
        Result := False;
    end;
    
    // Trend Micro Internet Security
    function IsTrendMicro: Boolean;
    begin
      if IsRing0('\\.\TMACTMON') then
        Result := True
      else
        Result := False;
    end;
    
    // Kaspersky Internet Security 2008 & WorkStation
    function IsKIS2008: Boolean;
    begin
      if IsRing0('\\.\KLIM5') then
        Result := True
      else
        Result := False;
    end;
    
    // Agnitum Outpost Firewall
    function IsOutpostFire: Boolean;
    begin
      if (DriveExist('drivers\afwcore.sys')) or (DriveExist('drivers\afw.sys')) or (IsUninstall('Outpost')) then
        Result := True
      else
        Result := False;
    end;
    
    // Agnitum Anti-Spyware
    function IsOutpostAntiSpy: Boolean;
    begin
      if DriveExist('filt\aswfilt.dll') then
        Result := True
      else
        Result := False;
    end;
    
    // Agnitum Host Protection
    function IsOutpostHostProt: Boolean;
    begin
      if DriveExist('drivers\sandbox.sys') then
        Result := True
      else
        Result := False;
    end;
    
    // Malwarebytes' Anti-Malware
    function IsAntiMalware: Boolean;
    begin
      if (DriveExist('drivers\mbam.sys')) or (DriveExist('drivers\mbamswissarmy.sys')) then
        Result := True
      else
        Result := False;
    end;
    
    // Zillya! Антивирус
    function IsZillya: Boolean;
    begin
      if DriveExist( 'drivers\ZFMSYS.sys') then
        Result := True
      else
        Result := False;
    end;
    
    // Advanced SystemCare
    function IsAdvancedSysCare: Boolean;
    begin
      if IsUninstall('Advanced SystemCare') then
        Result := True
      else
        Result := False;
    end;
    
    // Антивирус Stop!
    function IsAvirStop: Boolean;
    begin
      if IsUninstall('Антивирус Stop!') then
        Result := True
      else
        Result := False;
    end;
    
    // USBGuard
    function IsUSBGuard: Boolean;
    begin
      if IsUninstall('USBGuard') then
        Result := True
      else
        Result := False;
    end;
    
    // AnVir Task Manager
    function IsAnvitTaskMgr: Boolean;
    begin
      if IsUninstall('AnVir Task Manager') then
        Result := True
      else
        Result := False;
    end;
    
    // Lavasoft Ad-Aware
    function IsAdAware: Boolean;
    begin
      if (IsUninstall('Ad-Aware')) or (DriveExist('drivers\lbd.sys')) or (IsRing0('\\.\LBD')) then
        Result := True
      else
        Result := False;
    end;
    
    // Microsoft Security Essentials
    function IsMSecEssentials: Boolean;
    begin
      if (DriveExist('drivers\mpfilter.sys')) or (IsUninstall('Microsoft Security Essentials')) then
        Result := True
      else
        Result := False;
    end;
    
    // McAfee
    function IsMcAfee: Boolean;
    begin
      if IsUninstall('McAfee') then
        Result := True
      else
        Result := False;
    end;
    
    // McAfee Personal Firewall
    function IsMcAfeeeFire: Boolean;
    begin
      if (IsRing0('\\.\MPFP')) or (DriveExist('drivers\mpfp.sys')) then
        Result := True
      else
        Result := False;
    end;
    
    // SpyHunter
    function IsSpyHunter: Boolean;
    begin
      if IsUninstall('SpyHunter') then
        Result := True
      else
        Result := False;
    end;
    
    end.
    
    http://slil.ru/28697354 - Скачать Antivirus Detector v0.2 [Beta] (Delphi Module)
     
  6. Fliplab

    Fliplab Elder - Старейшина

    Joined:
    29 Jul 2008
    Messages:
    123
    Likes Received:
    20
    Reputations:
    3
    Antivirus Detector v0.3 [Beta] (Delphi Module)

    Code:
    unit AntiVir_Detect_0_3_beta;
    
    {
      Antivirus Detector v0.3 [Beta]
      Author: FlipLab Software© 2006-2010
      E-mail: [email protected], [email protected]
      URL: http://www.fls.com/
      About: Вспомогательный модуль для обнаружения установленных
        антивирусных программ, а также фаерволов. В текщей версии
        поддерживаются:
          + ESET SysInspector
          + ESET NOD32 Integrity
          + ESET NOD32 On-Access
          + Kaspersky On-Access Scanner
          + Legacy Kaspersky Service
          + DrWeb
          + AVG Anti-Virus
          + Norton (Symantec) AntiVirus
          + Symantec AntiVirus AutoProtect
          + Symantec AntiVirus Content Filtration
          + Avast!
          + McAfee VirusScan
          + Avira AntiVir
          + BitDefender AntiVirus & 2008
          + Spy Sweeper
          + CA Anti-Virus
          + GDATA AntiVirusKit
          + Aston
          + Sophos Antivirus
          + McAffee Framework Self Protection
          + McAffee Enterprise Self Protection
          + McAffee Online Scan Self Protection
          + Antivirus Stop!
          + Zillya! Antivirus
          + Spy Hunter
          + Lavasoft Firewall
          + Quick Heal Firewall
          + PC Firewall
          + Sophos Client Firewall
          + AGAVA Firewall
          + F-Secure Firewall
          + Jetico Firewall
          + ZoneAlarm Firewall
          + CheckPoint Firewall
          + Online Armor Personal Firewall
          + VirusBuster
          + Comodo FireWall
          + Agnitum Outpost Firewall
          + Malwarebytes' Anti-Malware
          + Advanced SystemCare
          + USBGuard
          + AnVir Task Manager
          + Lavasoft Ad-Aware
          + Microsoft Security Essentials
          + Trend Micro Internet Security
    }
    
    interface
    
    uses
      Windows, WinSvc;
    
    const
      // AntiVirus
      TREND_MICRO_INET_SEC_ISSUE     = 'Trend Micro Internet Security Issue';
      MICROSOFT_SEC_ESSENTIALS_ISSUE = 'Microsoft Security Essentials Issue';
      LAVASOFT_ADADWARE_ISSUE        = 'Lavasoft Ad-Aware Issue';
      ANVIR_TASK_MGR_ISSUE           = 'AnVir Task Manager Issue';
      USBGUARD_ISSUE                 = 'USBGuard Issue';
      SYSTEMCARE_ISSUE               = 'Advanced SystemCare Issue';
      MALWAREBYTES_ISSUE             = 'Malwarebytes'' Anti-Malware Issue';
      NOD32_SYSINSPECTOR_ISSUE       = 'ESET SysInspector Issue';
      NOD32_INTEGRITY_ISSUE          = 'ESET NOD32 Integrity Issue';
      NOD32_ON_ACCESS_ISSUE          = 'ESET NOD32 On-Access Issue';
      KLIF_ISSUE                     = 'Kaspersky On-Access Scanner Issue';
      KAVAVP_ISSUE                   = 'Legacy Kaspersky Service Issue';
      DRWEB_ISSUE                    = 'DrWeb Issue';
      AVG_AV_ISSUE                   = 'AVG Anti-Virus Issue';
      SYMANTEC_ISSUE                 = 'Norton (Symantec) AntiVirus Issue';
      SYMANTEC_AUTOPROTECT_ISSUE     = 'Symantec AntiVirus AutoProtect Issue';
      SYMANTEC_FILTRATION_ISSUE      = 'Symantec AntiVirus Content Filtration Issue';
      AVAST_ISSUE                    = 'Avast! Issue';
      MCAFEE_ISSUE                   = 'McAfee VirusScan Issue';
      AVIRA_ISSUE                    = 'Avira AntiVir Issue';
      BITDEFENDER_AV_ISSUE           = 'BitDefender AntiVirus Issue';
      BITDEFENDER_AV_2008_ISSUE      = 'BitDefender Antivirus 2008 Issue';
      SPYSWEEPER_ISSUE               = 'Spy Sweeper Issue';
      CA_ISSUE                       = 'CA Anti-Virus Issue';
      GDATA_AVK_ISSUE                = 'GDATA AntiVirusKit Issue';
      ASTON_ISSUE                    = 'Aston Issue';
      SOPHOS_ISSUE                   = 'Sophos Antivirus Issue';
      MCAFEE_FRAMEWORK_ISSUE         = 'McAffee Framework Self Protection Issue';
      MCAFEE_ENTERPRISE_ISSUE        = 'McAffee Enterprise Self Protection Issue';
      MCAFEE_SCAN_ONLINE_ISSUE       = 'McAffee Online Scan Self Protection Issue';
      STOP_ISSUE                     = 'Antivirus Stop! Issue';
      ZILLYA_ISSUE                   = 'Zillya! Antivirus Issue';
      SPYHUNTER_ISSUE                = 'Spy Hunter Issue';
      // Firewalls
      LAVASOFT_FIREWALL_ISSUE        = 'Lavasoft Firewall Issue';
      QUICKHEAL_FIREWALL_ISSUE       = 'Quick Heal Firewall Issue';
      BUHL_FIREWALL_ISSUE            = 'PC Firewall Issue';
      SOPHOS_FIREWALL_ISSUE          = 'Sophos Client Firewall Issue';
      AGAVA_FIREWALL_ISSUE           = 'AGAVA Firewall Issue';
      FSECURE_FIREWALL_ISSUE         = 'F-Secure Firewall Issue';
      JETICO_FIREWALL_ISSUE          = 'Jetico Firewall Issue';
      ZONEALARM_FIREWALL_ISSUE       = 'ZoneAlarm Firewall Issue';
      CHECKPOINT_FIREWALL_ISSUE      = 'CheckPoint Firewall Issue';
      ONLINEARMOR_FIREWALL_ISSUE     = 'Online Armor Personal Firewall Issue';
      VIRUSBUSTER_ISSUE              = 'VirusBuster Issue';
      COMODO_ISSUE       	           = 'Comodo FireWall Issue';
      AGNITUM_ISSUE                  = 'Agnitum Outpost Firewall Issue';
    
    function IsPCProtect:           Boolean;
    function IsNod32Integrity:      Boolean;
    function IsNod32OnAccess:       Boolean;
    function IsEsetSysInspector:    Boolean;
    function IsKlif:                Boolean;
    function IsKavAVP:              Boolean;
    function IsTrendMicro:          Boolean;
    function IsAntiMalware:         Boolean;
    function IsZillya:              Boolean;
    function IsAdAware:             Boolean;
    function IsMSecEssentials:      Boolean;
    function IsAdvancedSysCare:     Boolean;
    function IsAvirStop:            Boolean;
    function IsUSBGuard:            Boolean;
    function IsAnvitTaskMgr:        Boolean;
    function IsSpyHunter:           Boolean;
    function IsDrWeb:               Boolean;
    function IsAvgAv:               Boolean;
    function IsOutpostFire:         Boolean;
    function IsSymantec:            Boolean;
    function IsSymantecAutoProtect: Boolean;
    function IsSymantecFiltr:       Boolean;
    function IsAvast:               Boolean;
    function IsAvira:               Boolean;
    function IsBitDefender:         Boolean;
    function IsBitDefender2008:     Boolean;
    function IsCaAv:                Boolean;
    function IsGDATA:               Boolean;
    function IsSpyWeeper:           Boolean;
    function IsMcAfeeVirScan:       Boolean;
    function IsAston:               Boolean;
    function IsLavasoftFire:        Boolean;
    function IsQuickHealFire:       Boolean;
    function IsBuhlFire:            Boolean;
    function IsSophosFire:          Boolean;
    function IsAgavaFire:           Boolean;
    function IsFSecureFire:         Boolean;
    function IsJeticoFire:          Boolean;
    function IsZoneAlarmFire:       Boolean;
    function IsCheckPointFire:      Boolean;
    function IsOnlineArmorFire:     Boolean;
    function IsVirusBuster:         Boolean;
    function IsMcAfeeFramework:     Boolean;
    function IsMcAfeeEenterprise:   Boolean;
    function IsMcAfeeScanOnline:    Boolean;
    function IsSophos:              Boolean;
    function IsComodoFire:          Boolean;
    function GetProtectProgs:       PChar;
    
    implementation
    
    function ImportKernelFunc(const Name: String): Pointer;
    var
      KernelModule: THandle;
    begin
      KernelModule := GetModuleHandle('kernel32.dll');
      Result := GetProcAddress(KernelModule, PChar(Name));
    end;
    
    function DriveExist(const DrivePath: String): Boolean;
    var
      GetSystemDirectory: function(lpBuffer: PChar; uSize: LongWord): LongWord; cdecl;
      GetFileAttributes: function(lpFileName: PChar): LongWord; cdecl;
      GSys: array[0..MAX_PATH] of Char;
      SysPath: String;
      Code: Integer;
    begin
      @GetSystemDirectory := ImportKernelFunc('GetSystemDirectoryA');
      @GetFileAttributes := ImportKernelFunc('GetFileAttributesA');
      GetSystemDirectory(GSys, MAX_PATH);
      SysPath := String(GSys);
      if Length(SysPath) > 0 then
        if SysPath[Length(SysPath)] <> '\' then
          SysPath := SysPath + '\';
      SysPath := SysPath + DrivePath;
      Code := GetFileAttributes(PChar(SysPath));
      Result := (Code <> -1) and (FILE_ATTRIBUTE_DIRECTORY and Code = 0);
    end;
    
    function IsRing0(const Device: String): Boolean;
    var
      hFile: THandle;
    begin
      Result := False;
      hFile := CreateFileA(PChar(Device), GENERIC_READ or GENERIC_WRITE, 0, nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
      if (hFile <> INVALID_HANDLE_VALUE) then
        begin
          CloseHandle(hFile);
          Result := True;
        end;
    end;
    
    function RegValueExists(RootKey: HKEY; Name: String): Boolean;
    var
      SubKey: String;
      n: Integer;
      hTemp: HKEY;
      function LastPos(Needle: Char; Haystack: String): Integer;
      begin
        for Result := Length(Haystack) downto 1 do
          if Haystack[Result] = Needle then
            Break;
      end;
    begin
      Result := False;
      n := LastPos('\', Name);
      if n > 0 then
        begin
          SubKey := Copy(Name, 1, n - 1);
          if RegOpenKeyEx(RootKey, PChar(SubKey), 0, KEY_READ, hTemp) = ERROR_SUCCESS then
            begin
              SubKey := Copy(Name, n + 1, Length(Name) - n);
              Result := (RegQueryValueEx(hTemp, PChar(SubKey), nil, nil, nil, nil) = ERROR_SUCCESS);
              RegCloseKey(hTemp);
            end;
        end;
    end;
    
    function RegKeyExists(RootKey: HKEY; Name: String): Boolean;
    var
      hTemp: HKEY;
    begin
      Result := False;
      if RegOpenKeyEx(RootKey, PChar(Name), 0, KEY_READ, hTemp) = ERROR_SUCCESS then
        begin
          Result := True;
          RegCloseKey(hTemp);
        end;
    end;
    
    function UpperCase(const S: string): string;
    asm
           push  ebx
           push  esi
           push  edi
           mov   esi, eax          // s
           mov   eax, edx
           test  esi, esi
           jz    @Nil
           mov   edx, [esi-4]      // Length(s)
           mov   edi, eax          // @Result
           test  edx, edx
           jle   @Nil
           mov   ecx, [eax]
           mov   ebx, edx
           test  ecx, ecx
           jz    @Realloc          // Jump if Result not allocated
           test  edx, 3
           jnz   @Length3
           xor   edx, [ecx-4]
           cmp   edx, 3
           jbe   @TestRef
           jmp   @Realloc
    @Length3:
           or    edx, 2
           xor   edx, [ecx-4]
           cmp   edx, 1
           ja    @Realloc
    @TestRef:
           cmp   [ecx-8], 1
           je    @LengthOK         // Jump if Result RefCt=1
    @Realloc:
           mov   edx, ebx
           or    edx, 3
           call  System.@LStrSetLength
    @LengthOK:
           mov   edi, [edi]        // Result
           mov   [edi-4], ebx      // Correct Result length
           mov   byte ptr [ebx+edi], 0
           add   ebx, -1
           and   ebx, -4
           mov   eax, [ebx+esi]
    
    @Loop: mov   ecx, eax
           or    eax, $80808080    // $E1..$FA
           mov   edx, eax
           sub   eax, $7B7B7B7B    // $66..$7F
           xor   edx, ecx          // $80
           or    eax, $80808080    // $E6..$FF
           sub   eax, $66666666    // $80..$99
           and   eax, edx          // $80
           shr   eax, 2            // $20
           xor   eax, ecx          // Upper
           mov   [ebx+edi], eax
           mov   eax, [ebx+esi-4]
           sub   ebx, 4
           jge   @Loop
    
           pop   edi
           pop   esi
           pop   ebx
           ret
    
    @Nil:  pop   edi
           pop   esi
           pop   ebx
           jmp    System.@LStrClr   // Result:=''
    end;
    
    
     
  7. Fliplab

    Fliplab Elder - Старейшина

    Joined:
    29 Jul 2008
    Messages:
    123
    Likes Received:
    20
    Reputations:
    3
    Antivirus Detector v0.3[Beta] (Delphi Module)

    Code:
    function IsService(const ServiceName: String): Boolean;
    type
      _SERVICE_STATUS = record
        dwServiceType: DWORD;
        dwCurrentState: DWORD;
        dwControlsAccepted: DWORD;
        dwWin32ExitCode: DWORD;
        dwServiceSpecificExitCode: DWORD;
        dwCheckPoint: DWORD;
        dwWaitHint: DWORD;
      end;
      SERVICE_STATUS = _SERVICE_STATUS;
      PENUM_SERVICE_STATUS = ^ENUM_SERVICE_STATUS;
      ENUM_SERVICE_STATUS = packed record
        lpServiceName : PChar;
        lpDisplayName : PChar;
        ServiceStatus : SERVICE_STATUS;
      end;
      TcsEnumServicesStatus = function(
        const hSCManager         : DWord;                // handle to SCM database
        const dwServiceType      : DWord;                // service type
        const dwServiceState     : DWord;                // service state
        const lpServices         : PENUM_SERVICE_STATUS; // status buffer
        const cbBufSize          : DWord;                // size of status buffer
        const pcbBytesNeeded     : PDWORD;               // buffer size needed
        const lpServicesReturned : PDWord;               // number of entries returned
        const lpResumeHandle     : PDWord                // next entry
        ): Boolean; stdcall;
      TcsOpenSCManager = function(
        const lpMachineName   : PChar;
        const lpDatabaseName  : PChar;
        const dwDesiredAccess : DWord
        ): DWord; stdcall;
    var
      EnumServicesStatus: TcsEnumServicesStatus;
      OpenSCManager: TcsOpenSCManager;
      hSC, hLib: Cardinal;
      pStatus: PENUM_SERVICE_STATUS;
      pWork: PENUM_SERVICE_STATUS;
      cbBufSize: DWord;
      pcbBytesNeeded: DWord;
      lpServicesReturned: DWord;
      lpResumeHandle: DWord;
      i: Integer;
      s, s1: String;
    begin
      Result := False;
      hLib := LoadLibrary('ADVAPI32.DLL');
      if hLib <> 0 then
        begin
          @EnumServicesStatus := GetProcAddress(hLib, 'EnumServicesStatusA');
          if @EnumServicesStatus = nil then
            Exit;
          @OpenSCManager := GetProcAddress(hLib, 'OpenSCManagerA');
          if @OpenSCManager = nil then
            Exit;
        end;
      hSC := OpenSCManager(nil, nil, $0004);
      if hSC <> 0 then
        try
          cbBufSize := 0;
          pStatus := nil;
          lpResumeHandle := 0;
          EnumServicesStatus(hSC, SERVICE_WIN32, SERVICE_STATE_ALL, pStatus,
            cbBufSize, @pcbBytesNeeded, @lpServicesReturned, @lpResumeHandle);
          pStatus := AllocMem(pcbBytesNeeded);
          try
            cbBufSize := pcbBytesNeeded;
            EnumServicesStatus(hSC, SERVICE_WIN32, SERVICE_STATE_ALL, pStatus,
              cbBufSize, @pcbBytesNeeded, @lpServicesReturned, @lpResumeHandle);
            pWork := pStatus;
            for i := 0 to lpServicesReturned - 1 do
              begin
                s := pWork.lpServiceName;
                s1 := pWork.lpDisplayName;
                if (UpperCase(ServiceName) = UpperCase(s)) or (UpperCase(ServiceName) = UpperCase(s1)) then
                  begin
                    Result := True;
                    Exit;
                  end;
                Inc(pWork);
              end;
          finally
            if Assigned(pStatus) then
              FreeMem(pStatus, pcbBytesNeeded);
          end;
        finally
          CloseServiceHandle(hSC);
        end;
      if hLib <> 0 then
        FreeLibrary(hLib);
    end;
    
    function IsProcess(const ProcessName: String): Boolean;
    type
      tagPROCESSENTRY32 = packed record
        dwSize: DWORD;
        cntUsage: DWORD;
        th32ProcessID: DWORD;       // this process
        th32DefaultHeapID: DWORD;
        th32ModuleID: DWORD;        // associated exe
        cntThreads: DWORD;
        th32ParentProcessID: DWORD; // this process's parent process
        pcPriClassBase: Longint;    // Base priority of process's threads
        dwFlags: DWORD;
        szExeFile: array[0..MAX_PATH - 1] of Char;// Path
      end;
      TProcessEntry32 = tagPROCESSENTRY32;
    var
      CreateToolhelp32Snapshot: function(dwFlags, th32ProcessID: DWORD): THandle; cdecl;
      Process32First: function(hSnapshot: THandle; var lppe: TProcessEntry32): BOOL; cdecl;
      Process32Next: function (hSnapshot: THandle; var lppe: TProcessEntry32): BOOL; cdecl;
      ProcessEntry: TProcessEntry32;
      SHandle: THandle;
      Next: Boolean;
      Handles: Integer;
      ExeFile: String;
    begin
      Result := False;
      ProcessEntry.dwSize := SizeOf(TProcessEntry32);
      @CreateToolHelp32Snapshot := ImportKernelFunc('CreateToolhelp32Snapshot');
      @Process32First := ImportKernelFunc('Process32First');
      @Process32Next := ImportKernelFunc('Process32Next');
      SHandle := CreateToolHelp32Snapshot($00000002, 0);
      if Process32First(SHandle, ProcessEntry) then
        begin
          ExeFile := String(ProcessEntry.szExeFile);
          if UpperCase(ExeFile) = UpperCase(ProcessName) then
            begin
              Result := True;
              Exit;
            end;
          repeat
            Next := Process32Next(SHandle, ProcessEntry);
            if UpperCase(ExeFile) = UpperCase(ProcessName) then
              begin
                Result := True;
                Exit;
              end;
          until not Next;
        end;
      CloseHandle(SHandle);
    end;
    
    function IsUninstall(const ProgramName: String): Boolean;
    var
      Str, MBuf, DisplayName: String;
        function RegEnum(RootKey: HKEY; Name: String; var ResultList: String; const DoKeys: Boolean): Boolean;
      var
        I, iRes: Integer;
        S: String;
        hTemp: HKEY;
        Buf: Pointer;
        BufSize: Cardinal;
      begin
        Result := False;
        ResultList := '';
        if RegOpenKeyEx(RootKey, PChar(Name), 0, KEY_READ, hTemp) = ERROR_SUCCESS then
          begin
            Result := True;
            BufSize := 1024;
            GetMem(buf, BufSize);
            I := 0;
            iRes := ERROR_SUCCESS;
            while iRes = ERROR_SUCCESS do
              begin
                BufSize := 1024;
                if DoKeys then
                  iRes := RegEnumKeyEx(hTemp, I, buf, BufSize, nil, nil, nil, nil)
                else
                  iRes := RegEnumValue(hTemp, I, buf, BufSize, nil, nil, nil, nil);
                if iRes = ERROR_SUCCESS then
                  begin
                    SetLength(S, BufSize);
                    Move(buf^, S[1], BufSize);
                    ResultList := Concat(S, #13#10, ResultList);
                    Inc(i);
                  end;
              end;
            FreeMem(Buf);
            RegCloseKey(hTemp);
          end;
      end;
      function RegEnumKeys(RootKey: HKEY; Name: String; var KeyList: String): Boolean;
      begin
        Result := RegEnum(RootKey, Name, KeyList, True);
      end;
      function LastPos(Needle: Char; Haystack: String): Integer;
      begin
        for Result := Length(Haystack) downto 1 do
          if Haystack[Result] = Needle then
            Break;
      end;
      function RegValueExists(RootKey: HKEY; Name: String): Boolean;
      var
        SubKey: String;
        n: Integer;
        hTemp: HKEY;
      begin
        Result := False;
        n := LastPos('\', Name);
        if n > 0 then
          begin
            SubKey := Copy(Name, 1, n - 1);
            if RegOpenKeyEx(RootKey, PChar(SubKey), 0, KEY_READ, hTemp) = ERROR_SUCCESS then
              begin
                SubKey := Copy(Name, n + 1, Length(Name) - n);
                Result := (RegQueryValueEx(hTemp, PChar(SubKey), nil, nil, nil, nil) = ERROR_SUCCESS);
                RegCloseKey(hTemp);
              end;
          end;
      end;
      function RegGetValue(RootKey: HKEY; Name: String; ValType: Cardinal; var PVal: Pointer; var ValSize: Cardinal): Boolean;
      var
        SubKey: String;
        n: Integer;
        MyValType: DWORD;
        hTemp: HKEY;
        Buf: Pointer;
        BufSize: Cardinal;
        PKey: PChar;
      begin
        Result := False;
        n := LastPos('\', Name);
        if n > 0 then
          begin
            SubKey := Copy(Name, 1, n - 1);
            if RegOpenKeyEx(RootKey, PChar(SubKey), 0, KEY_READ, hTemp) = ERROR_SUCCESS then
              begin
                SubKey := Copy(Name, n + 1, Length(Name) - n);
                if SubKey = '' then
                  PKey := nil
                else
                  PKey := PChar(SubKey);
                if RegQueryValueEx(hTemp, PKey, nil, @MyValType, nil, @BufSize) = ERROR_SUCCESS then
                  begin
                    GetMem(Buf, BufSize);
                    if RegQueryValueEx(hTemp, PKey, nil, @MyValType, Buf, @BufSize) = ERROR_SUCCESS then
                      begin
                        if ValType = MyValType then
                          begin
                            PVal := Buf;
                            ValSize := BufSize;
                            Result := True;
                          end
                        else
                          FreeMem(Buf)
                      end
                    else
                      FreeMem(Buf);
                  end;
                RegCloseKey(hTemp);
              end;
          end;
      end;
      function RegGetString(RootKey: HKEY; Name: String; Var Value: String): Boolean;
      var
        Buf: Pointer;
        BufSize: Cardinal;
      begin
        Result := False;
        Value := '';
        if RegGetValue(RootKey, Name, REG_SZ, Buf, BufSize) then
          begin
            Dec(BufSize);
            SetLength(Value, BufSize);
            if BufSize > 0 then
              Move(Buf^, Value[1], BufSize);
            FreeMem(Buf);
            Result := True;
          end;
      end;
    begin
      Result := False;
      if RegEnumKeys(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', Str) then
        while Length(Str) > 0 do
          begin
            MBuf := Copy(Str, 1, Pos(#13#10, Str) - 1);
            Delete(Str, 1, Pos(#13#10, Str) + 1);
            if RegValueExists(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\' + MBuf + '\DisplayName') then
              begin
                RegGetString(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\' + MBuf + '\DisplayName', DisplayName);
                DisplayName := UpperCase(DisplayName);
                if Pos(UpperCase(ProgramName), DisplayName) > 0 then
                  begin
                    Result := True;
                    Exit;
                  end;
              end;
          end;
    end;
    
    // ESET NOD32 Integrity Issue
    function IsNod32Integrity: Boolean;
    begin
      if (IsService('nod32krn')) or (IsService('ekrn')) then
        Result := True
      else
        Result := False;
    end;
    
    // ESET NOD32 On-Access Issue
    function IsNod32OnAccess: Boolean;
    begin
      if (DriveExist('drivers\amon.sys')) or (DriveExist('drivers\eamon.sys')) then
        Result := True
      else
        Result := False;
    end;
    
    // ESET SysInspector Issue
    function IsEsetSysInspector: Boolean;
    begin
      if IsRing0('\\.\ESIASDRV') then
        Result := True
      else
        Result := False;
    end;
    
    
     
  8. Fliplab

    Fliplab Elder - Старейшина

    Joined:
    29 Jul 2008
    Messages:
    123
    Likes Received:
    20
    Reputations:
    3
    Antivirus Detector v0.3 [Beta] (Delphi Module)

    Code:
    // Kaspersky On-Access Scanner Issue
    function IsKlif: Boolean;
    begin
      if DriveExist('drivers\klif.sys') then
        Result := True
      else
        Result := False;
    end;
    
    // Legacy Kaspersky Service Issue
    function IsKavAVP: Boolean;
    begin
      if IsService('avp') then
        Result := True
      else
        Result := False;  
    end;
    
    // Trend Micro Internet Security Issue
    function IsTrendMicro: Boolean;
    begin
      if IsRing0('\\.\TMACTMON') then
        Result := True
      else
        Result := False;
    end;
    
    // Malwarebytes' Anti-Malware Issue
    function IsAntiMalware: Boolean;
    begin
      if (DriveExist('drivers\mbam.sys')) or (DriveExist('drivers\mbamswissarmy.sys')) then
        Result := True
      else
        Result := False;
    end;
    
    // Zillya! Antivirus Issue
    function IsZillya: Boolean;
    begin
      if DriveExist( 'drivers\ZFMSYS.sys') then
        Result := True
      else
        Result := False;
    end;
    
    // Lavasoft Ad-Aware Issue
    function IsAdAware: Boolean;
    begin
      if (DriveExist('drivers\lbd.sys')) or (IsRing0('\\.\LBD')) then
        Result := True
      else
        Result := False;
    end;
    
    // Microsoft Security Essentials Issue
    function IsMSecEssentials: Boolean;
    begin
      if (DriveExist('drivers\mpfilter.sys')) or (IsUninstall('Microsoft Security Essentials')) then
        Result := True
      else
        Result := False;
    end;
    
    // Advanced SystemCare Issue
    function IsAdvancedSysCare: Boolean;
    begin
      if IsUninstall('Advanced SystemCare') then
        Result := True
      else
        Result := False;
    end;
    
    // Antivirus Stop! Issue
    function IsAvirStop: Boolean;
    begin
      if IsUninstall('Антивирус Stop!') then
        Result := True
      else
        Result := False;
    end;
    
    // USBGuard Issue
    function IsUSBGuard: Boolean;
    begin
      if IsUninstall('USBGuard') then
        Result := True
      else
        Result := False;
    end;
    
    // AnVir Task Manager Issue
    function IsAnvitTaskMgr: Boolean;
    begin
      if IsUninstall('AnVir Task Manager') then
        Result := True
      else
        Result := False;
    end;
    
    // Spy Hunter Issue
    function IsSpyHunter: Boolean;
    begin
      if IsUninstall('SpyHunter') then
        Result := True
      else
        Result := False;
    end;
    
    // DrWeb Issue
    function IsDrWeb: Boolean;
    begin
      if (IsService('spidernt')) or (DriveExist('drivers\spider.sys')) then
        Result := True
      else
        Result := False;
    end;
    
    // AVG Anti-Virus Issue
    function IsAvgAv: Boolean;
    begin
      if (IsService('Avg7Alrt')) or (DriveExist('drivers\avg7rsxp.sys'))
         or (DriveExist('drivers\avgmfx86.sys')) or (DriveExist('drivers\avgmfx64.sys')) then
        Result := True
      else
        Result := False;
    end;
    
    // Agnitum Outpost Firewall Issue
    function IsOutpostFire: Boolean;
    begin
      if (DriveExist('drivers\afwcore.sys')) or (DriveExist('drivers\afw.sys'))
        or (IsUninstall('Outpost')) or (DriveExist('filt\aswfilt.dll')) or (DriveExist('drivers\sandbox.sys')) then
        Result := True
      else
        Result := False;
    end;
    
    // Norton (Symantec) AntiVirus Issue
    function IsSymantec: Boolean;
    begin
      if (IsService('CLTNetCnService')) or (IsService('ccEvtMgr')) then
        Result := True
      else
        Result := False;
    end;
    
    // Symantec AntiVirus AutoProtect Issue
    function IsSymantecAutoProtect: Boolean;
    begin
      if (IsService('ccEvtMgr')) or (DriveExist('drivers\eectrl.sys')) then
        Result := True
      else
        Result := False;
    end;
    
    // Symantec AntiVirus Content Filtration Issue
    function IsSymantecFiltr: Boolean;
    begin
      if DriveExist('drivers\SYMTDI.sys') then
        Result := True
      else
        Result := False;
    end;
    
    // Avast! Issue
    function IsAvast: Boolean;
    begin
      if RegValueExists(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\avast!\InstallLocation') then
        Result := True
      else
        Result := False;
    end;
    
    // Avira AntiVir Issue
    function IsAvira: Boolean;
    begin
      if (DriveExist('drivers\avgio.sys')) or (DriveExist('drivers\avgntflt.sys'))
        or (DriveExist('drivers\avgntdd.sys')) then
        Result := True
      else
        Result := False;
    end;
    
    // BitDefender AntiVirus Issue
    function IsBitDefender: Boolean;
    begin
      if DriveExist('drivers\bdrsdrv.sys') then
        Result := True
      else
        Result := False;
    end;
    
    // BitDefender Antivirus 2008 Issue
    function IsBitDefender2008: Boolean;
    begin
      if IsService('vsserv') then
        Result := True
      else
        Result := False;
    end;
    
    // CA Anti-Virus Issue
    function IsCaAv: Boolean;
    begin
      if (IsService('InoRT')) or (IsService('InoRPC')) or (IsService('InoTask'))
        or (IsService('InoNmSrv')) or (IsService('vetmsgnt')) then
        Result := True
      else
        Result := False;
    end;
    
    // GDATA AntiVirusKit Issue
    function IsGDATA: Boolean;
    begin
      if (IsService('AVKWCtl')) or (IsService('AVKService')) then
        Result := True
      else
        Result := False;
    end;
    
    
     
  9. Fliplab

    Fliplab Elder - Старейшина

    Joined:
    29 Jul 2008
    Messages:
    123
    Likes Received:
    20
    Reputations:
    3
    Antivirus Detector v0.3 [Beta] (Delphi Module)

    Code:
    // Spy Sweeper Issue
    function IsSpyWeeper: Boolean;
    begin
      if IsService('WebrootSpySweeperService') then
        Result := True
      else
        Result := False;
    end;
    
    // McAfee VirusScan Issue
    function IsMcAfeeVirScan: Boolean;
    begin
      if IsService('McShield') then
        Result := True
      else
        Result := False;
    end;
    
    // Aston Issue
    function IsAston: Boolean;
    begin
      if RegKeyExists(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Aston') then
        Result := True
      else
        Result := False;
    end;
    
    // Lavasoft Firewall Issue
    function IsLavasoftFire: Boolean;
    begin
      if (IsService('LavasoftFirewall')) or (RegValueExists(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lavasoft Firewall Pro_is1\InstallLocation')) then
        Result := True
      else
        Result := False;
    end;
    
    // Quick Heal Firewall Issue
    function IsQuickHealFire: Boolean;
    begin
      if IsService('QuickHealFirewall') then
        Result := True
      else
        Result := False;
    end;
    
    // PC Firewall Issue
    function IsBuhlFire: Boolean;
    begin
      if IsService('SFirewall') then
        Result := True
      else
        Result := False;
    end;
    
    // Sophos Client Firewall Issue
    function IsSophosFire: Boolean;
    begin
      if IsService('SophosFirewall') then
        Result := True
      else
        Result := False;
    end;
    
    // AGAVA Firewall Issue
    function IsAgavaFire: Boolean;
    begin
      if IsService('fwservice') then
        Result := True
      else
        Result := False;
    end;
    
    // F-Secure Firewall Issue
    function IsFSecureFire: Boolean;
    begin
      if DriveExist('drivers\fsfw.sys') then
        Result := True
      else
        Result := False;
    end;
    
    // Jetico Firewall Issue
    function IsJeticoFire: Boolean;
    begin
      if IsService('Jetico Personal Firewall server') then
        Result := True
      else
        Result := False;
    end;
    
    // ZoneAlarm Firewall Issue
    function IsZoneAlarmFire: Boolean;
    begin
      if IsService('vsmon') then
        Result := True
      else
        Result := False;
    end;
    
    // CheckPoint Firewall Issue
    function IsCheckPointFire: Boolean;
    begin
      if IsService('FW1SVC') then
        Result := True
      else
        Result := False;
    end;
    
    // Online Armor Personal Firewall Issue
    function IsOnlineArmorFire: Boolean;
    begin
      if IsService('SvcOnlineArmor') then
        Result := True
      else
        Result := False;
    end;
    
    // VirusBuster Issue
    function IsVirusBuster: Boolean;
    begin
      if IsService('VBCompManService') then
        Result := True
      else
        Result := False;
    end;
    
    // McAffee Framework Self Protection Issue
    function IsMcAfeeFramework: Boolean;
    begin
      if RegValueExists(HKEY_LOCAL_MACHINE, 'SOFTWARE\Network Associates\TVD\Shared Components\Framework\Installed Path') then
        Result := True
      else
        Result := False;
    end;
    
    // McAffee Enterprise Self Protection Issu
    function IsMcAfeeEenterprise: Boolean;
    begin
      if RegValueExists(HKEY_LOCAL_MACHINE, 'SOFTWARE\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\szInstallDir') then
        Result := True
      else
        Result := False;
    end;
    
    // McAffee Online Scan Self Protection Issue
    function IsMcAfeeScanOnline: Boolean;
    begin
      if RegValueExists(HKEY_LOCAL_MACHINE, 'SOFTWARE\McAfee.com\Virusscan Online\Install Dir') then
        Result := True
      else
        Result := False;
    end;
    
    // Sophos Antivirus Issue
    function IsSophos: Boolean;
    begin
      if IsService('savprogress.exe') then
        Result := True
      else
        Result := False;
    end;
    
    // Comodo FireWall Issue
    function IsComodoFire: Boolean;
    begin
      if RegKeyExists(HKEY_LOCAL_MACHINE, 'Software\Microsoft\Windows\Uninstall\Comodo Firewall') then
        Result := True
      else
        Result := False;  
    end;
    
    // Проверка компьютера на установленую защиту
    function IsPCProtect: Boolean;
    begin
      Result := False;
      if IsNod32Integrity or IsNod32OnAccess or IsEsetSysInspector or IsKlif
        or IsKavAVP or IsTrendMicro or IsAntiMalware or IsZillya or IsAdAware
        or IsMSecEssentials or IsAdvancedSysCare or IsAvirStop or IsUSBGuard
        or IsAnvitTaskMgr or IsSpyHunter or IsDrWeb or IsAvgAv or IsOutpostFire
        or IsSymantec or IsSymantecAutoProtect or IsSymantecFiltr or IsAvast
        or IsAvira or IsBitDefender or IsBitDefender2008 or IsCaAv or IsGDATA
        or IsSpyWeeper or IsMcAfeeVirScan or IsAston or IsLavasoftFire
        or IsQuickHealFire or IsBuhlFire or IsSophosFire or IsAgavaFire
        or IsFSecureFire or IsJeticoFire or IsZoneAlarmFire or IsCheckPointFire
        or IsOnlineArmorFire or IsVirusBuster or IsMcAfeeFramework
        or IsMcAfeeEenterprise or IsMcAfeeScanOnline or IsSophos or IsComodoFire then
        Result := True;
    end;
    
    // Получение всех установленных защит
    function GetProtectProgs: PChar;
    var
      ProgNames: String;
    begin
      Result := '';
      if IsNod32Integrity then
        ProgNames := ProgNames + NOD32_INTEGRITY_ISSUE + ';';
      if IsNod32OnAccess then
        ProgNames := ProgNames + NOD32_ON_ACCESS_ISSUE + ';';
      if IsEsetSysInspector then
        ProgNames := ProgNames + NOD32_SYSINSPECTOR_ISSUE + ';';
      if IsKlif then
        ProgNames := ProgNames + KLIF_ISSUE + ';';
      if IsKavAVP then
        ProgNames := ProgNames + KAVAVP_ISSUE + ';';
      if IsTrendMicro then
        ProgNames := ProgNames + TREND_MICRO_INET_SEC_ISSUE + ';';
      if IsAntiMalware then
        ProgNames := ProgNames + MALWAREBYTES_ISSUE + ';';
      if IsZillya then
        ProgNames := ProgNames + ZILLYA_ISSUE + ';';
      if IsAdAware then
        ProgNames := ProgNames + LAVASOFT_ADADWARE_ISSUE + ';';
      if IsMSecEssentials then
        ProgNames := ProgNames + MICROSOFT_SEC_ESSENTIALS_ISSUE + ';';
      if IsAdvancedSysCare then
        ProgNames := ProgNames + SYSTEMCARE_ISSUE + ';';
      if IsAvirStop then
        ProgNames := ProgNames + STOP_ISSUE + ';';
      if IsUSBGuard then
        ProgNames := ProgNames + USBGUARD_ISSUE + ';';
      if IsAnvitTaskMgr then
        ProgNames := ProgNames + ANVIR_TASK_MGR_ISSUE + ';';
      if IsSpyHunter then
        ProgNames := ProgNames + SPYHUNTER_ISSUE + ';';
      if IsDrWeb then
        ProgNames := ProgNames + DRWEB_ISSUE + ';';
      if IsAvgAv then
        ProgNames := ProgNames + AVG_AV_ISSUE + ';';
      if IsOutpostFire then
        ProgNames := ProgNames + AGNITUM_ISSUE + ';';
      if IsSymantec then
        ProgNames := ProgNames + SYMANTEC_ISSUE + ';';
      if IsSymantecAutoProtect then
        ProgNames := ProgNames + SYMANTEC_AUTOPROTECT_ISSUE + ';';
      if IsSymantecFiltr then
        ProgNames := ProgNames + SYMANTEC_FILTRATION_ISSUE + ';';
     if IsAvast then
        ProgNames := ProgNames + AVAST_ISSUE + ';';
      if IsAvira then
        ProgNames := ProgNames + AVIRA_ISSUE + ';';
      if IsBitDefender then
        ProgNames := ProgNames + BITDEFENDER_AV_ISSUE + ';';
      if IsBitDefender2008 then
        ProgNames := ProgNames + BITDEFENDER_AV_2008_ISSUE + ';';
      if IsCaAv then
        ProgNames := ProgNames + CA_ISSUE + ';';
      if IsGDATA then
        ProgNames := ProgNames + GDATA_AVK_ISSUE + ';';
      if IsSpyWeeper then
        ProgNames := ProgNames + SPYSWEEPER_ISSUE + ';';
      if IsMcAfeeVirScan then
        ProgNames := ProgNames + MCAFEE_ISSUE + ';';
      if IsAston then
        ProgNames := ProgNames + ASTON_ISSUE + ';';
      if IsLavasoftFire then
        ProgNames := ProgNames + LAVASOFT_FIREWALL_ISSUE + ';';
      if IsQuickHealFire then
        ProgNames := ProgNames + QUICKHEAL_FIREWALL_ISSUE + ';';
      if IsBuhlFire then
        ProgNames := ProgNames + BUHL_FIREWALL_ISSUE + ';';
      if IsSophosFire then
        ProgNames := ProgNames + SOPHOS_FIREWALL_ISSUE + ';';
      if IsAgavaFire then
        ProgNames := ProgNames + AGAVA_FIREWALL_ISSUE + ';';
      if IsFSecureFire then
        ProgNames := ProgNames + FSECURE_FIREWALL_ISSUE + ';';
      if IsJeticoFire then
        ProgNames := ProgNames + JETICO_FIREWALL_ISSUE + ';';
      if IsZoneAlarmFire then
        ProgNames := ProgNames + ZONEALARM_FIREWALL_ISSUE + ';';
      if IsCheckPointFire then
        ProgNames := ProgNames + CHECKPOINT_FIREWALL_ISSUE + ';';
      if IsOnlineArmorFire then
        ProgNames := ProgNames + ONLINEARMOR_FIREWALL_ISSUE + ';';
      if IsVirusBuster then
        ProgNames := ProgNames + VIRUSBUSTER_ISSUE + ';';
      if IsMcAfeeFramework then
        ProgNames := ProgNames + MCAFEE_FRAMEWORK_ISSUE + ';';
      if IsMcAfeeEenterprise then
        ProgNames := ProgNames + MCAFEE_ENTERPRISE_ISSUE + ';';
      if IsMcAfeeScanOnline then
        ProgNames := ProgNames + MCAFEE_SCAN_ONLINE_ISSUE + ';';
      if IsSophos then
        ProgNames := ProgNames + SOPHOS_ISSUE + ';';
      if IsComodoFire then
        ProgNames := ProgNames + COMODO_ISSUE + ';';
      Result := PChar(ProgNames);
    end;
    
    end.
    http://slil.ru/28697373 - Скачать Antivirus Detector v0.3 [Beta] (Delphi Module)
     
  10. Fliplab

    Fliplab Elder - Старейшина

    Joined:
    29 Jul 2008
    Messages:
    123
    Likes Received:
    20
    Reputations:
    3
    У когонибудь будут еще идеи по дополнению?
     
  11. flacs

    flacs Member

    Joined:
    28 Jan 2009
    Messages:
    81
    Likes Received:
    31
    Reputations:
    6
    IsService() норм функция, пригодиться
    Плюсанул, продолжай том же духе )
     
  12. Fliplab

    Fliplab Elder - Старейшина

    Joined:
    29 Jul 2008
    Messages:
    123
    Likes Received:
    20
    Reputations:
    3
    Норм то норм,но неудобств доставила поначалу.
     
  13. Fliplab

    Fliplab Elder - Старейшина

    Joined:
    29 Jul 2008
    Messages:
    123
    Likes Received:
    20
    Reputations:
    3
    Ладно,ибо никто не желает в дальнейшем помогать,юнит уходит в чулан и дорабатывается в личке.