Вообщем какаято хрень.не могу редактировать свой пост и отвечать на сообщения,точнее могу,но они отображаются пустыми
Antivirus Detector v0.2 [Beta] (Delphi Module) Code: unit antivir_detect; { Antivirus Detector v0.2 [Beta] Author: FlipLab Software© 2006-2009 E-mail: [email protected], [email protected] URL: http://www.fls.com/ About: Вспомогательный модуль для обнаружения установленных антивирусных программ, а также фаерволов. В текщей версии поддерживаются: + ESET SysInspector + ESET Nod32 Antivirus + ESET Personal Firewall + Trend Micro Internet Security + Kaspersky Internet Security 2008 & WorkStation + Agnitum Outpost Firewall + Agnitum Anti-Spyware + Agnitum Host Protection + Malwarebytes' Anti-Malware + Zillya! Антивирус + Advanced SystemCare + Антивирус Stop! + USBGuard + AnVir Task Manager + Lavasoft Ad-Aware + Microsoft Security Essentials + McAfee + McAfee Personal Firewall + SpyHunter } interface uses Windows; function IsEsetAntivir: Boolean; function IsEsetSysInsp: Boolean; function IsEsetFire: Boolean; function IsTrendMicro: Boolean; function IsKIS2008: Boolean; function IsOutpostFire: Boolean; function IsOutpostAntiSpy: Boolean; function IsOutpostHostProt: Boolean; function IsAntiMalware: Boolean; function IsZillya: Boolean; function IsAdvancedSysCare: Boolean; function IsAvirStop: Boolean; function IsUSBGuard: Boolean; function IsAnvitTaskMgr: Boolean; function IsAdAware: Boolean; function IsMSecEssentials: Boolean; function IsMcAfee: Boolean; function IsMcAfeeeFire: Boolean; function IsSpyHunter: Boolean; implementation function ImportKernelFunc(const Name: String): Pointer; var KernelModule: THandle; begin KernelModule := GetModuleHandle('kernel32.dll'); Result := GetProcAddress(KernelModule, PChar(Name)); end; function UpperCase(const S: string): string; asm push ebx push esi push edi mov esi, eax // s mov eax, edx test esi, esi jz @Nil mov edx, [esi-4] // Length(s) mov edi, eax // @Result test edx, edx jle @Nil mov ecx, [eax] mov ebx, edx test ecx, ecx jz @Realloc // Jump if Result not allocated test edx, 3 jnz @Length3 xor edx, [ecx-4] cmp edx, 3 jbe @TestRef jmp @Realloc @Length3: or edx, 2 xor edx, [ecx-4] cmp edx, 1 ja @Realloc @TestRef: cmp [ecx-8], 1 je @LengthOK // Jump if Result RefCt=1 @Realloc: mov edx, ebx or edx, 3 call System.@LStrSetLength @LengthOK: mov edi, [edi] // Result mov [edi-4], ebx // Correct Result length mov byte ptr [ebx+edi], 0 add ebx, -1 and ebx, -4 mov eax, [ebx+esi] @Loop: mov ecx, eax or eax, $80808080 // $E1..$FA mov edx, eax sub eax, $7B7B7B7B // $66..$7F xor edx, ecx // $80 or eax, $80808080 // $E6..$FF sub eax, $66666666 // $80..$99 and eax, edx // $80 shr eax, 2 // $20 xor eax, ecx // Upper mov [ebx+edi], eax mov eax, [ebx+esi-4] sub ebx, 4 jge @Loop pop edi pop esi pop ebx ret @Nil: pop edi pop esi pop ebx jmp System.@LStrClr // Result:='' end; function IsUninstall(const ProgramName: String): Boolean; var Str, MBuf, DisplayName: String; function RegEnum(RootKey: HKEY; Name: String; var ResultList: String; const DoKeys: Boolean): Boolean; var I, iRes: Integer; S: String; hTemp: HKEY; Buf: Pointer; BufSize: Cardinal; begin Result := False; ResultList := ''; if RegOpenKeyEx(RootKey, PChar(Name), 0, KEY_READ, hTemp) = ERROR_SUCCESS then begin Result := True; BufSize := 1024; GetMem(buf, BufSize); I := 0; iRes := ERROR_SUCCESS; while iRes = ERROR_SUCCESS do begin BufSize := 1024; if DoKeys then iRes := RegEnumKeyEx(hTemp, I, buf, BufSize, nil, nil, nil, nil) else iRes := RegEnumValue(hTemp, I, buf, BufSize, nil, nil, nil, nil); if iRes = ERROR_SUCCESS then begin SetLength(S, BufSize); Move(buf^, S[1], BufSize); ResultList := Concat(S, #13#10, ResultList); Inc(i); end; end; FreeMem(Buf); RegCloseKey(hTemp); end; end; function RegEnumKeys(RootKey: HKEY; Name: String; var KeyList: String): Boolean; begin Result := RegEnum(RootKey, Name, KeyList, True); end; function LastPos(Needle: Char; Haystack: String): Integer; begin for Result := Length(Haystack) downto 1 do if Haystack[Result] = Needle then Break; end; function RegValueExists(RootKey: HKEY; Name: String): Boolean; var SubKey: String; n: Integer; hTemp: HKEY; begin Result := False; n := LastPos('\', Name); if n > 0 then begin SubKey := Copy(Name, 1, n - 1); if RegOpenKeyEx(RootKey, PChar(SubKey), 0, KEY_READ, hTemp) = ERROR_SUCCESS then begin SubKey := Copy(Name, n + 1, Length(Name) - n); Result := (RegQueryValueEx(hTemp, PChar(SubKey), nil, nil, nil, nil) = ERROR_SUCCESS); RegCloseKey(hTemp); end; end; end; function RegGetValue(RootKey: HKEY; Name: String; ValType: Cardinal; var PVal: Pointer; var ValSize: Cardinal): Boolean; var SubKey: String; n: Integer; MyValType: DWORD; hTemp: HKEY; Buf: Pointer; BufSize: Cardinal; PKey: PChar; begin Result := False; n := LastPos('\', Name); if n > 0 then begin SubKey := Copy(Name, 1, n - 1); if RegOpenKeyEx(RootKey, PChar(SubKey), 0, KEY_READ, hTemp) = ERROR_SUCCESS then begin SubKey := Copy(Name, n + 1, Length(Name) - n); if SubKey = '' then PKey := nil else PKey := PChar(SubKey); if RegQueryValueEx(hTemp, PKey, nil, @MyValType, nil, @BufSize) = ERROR_SUCCESS then begin GetMem(Buf, BufSize); if RegQueryValueEx(hTemp, PKey, nil, @MyValType, Buf, @BufSize) = ERROR_SUCCESS then begin if ValType = MyValType then begin PVal := Buf; ValSize := BufSize; Result := True; end else FreeMem(Buf) end else FreeMem(Buf); end; RegCloseKey(hTemp); end; end; end; function RegGetString(RootKey: HKEY; Name: String; Var Value: String): Boolean; var Buf: Pointer; BufSize: Cardinal; begin Result := False; Value := ''; if RegGetValue(RootKey, Name, REG_SZ, Buf, BufSize) then begin Dec(BufSize); SetLength(Value, BufSize); if BufSize > 0 then Move(Buf^, Value[1], BufSize); FreeMem(Buf); Result := True; end; end; begin Result := False; if RegEnumKeys(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', Str) then while Length(Str) > 0 do begin MBuf := Copy(Str, 1, Pos(#13#10, Str) - 1); Delete(Str, 1, Pos(#13#10, Str) + 1); if RegValueExists(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\' + MBuf + '\DisplayName') then begin RegGetString(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\' + MBuf + '\DisplayName', DisplayName); DisplayName := UpperCase(DisplayName); if Pos(UpperCase(ProgramName), DisplayName) > 0 then begin Result := True; Exit; end; end; end; end;
Antivirus Detector v0.2 [Beta] (Delphi Module) Code: function IsRing0(const Device: String): Boolean; var hFile: THandle; begin Result := False; hFile := CreateFileA(PChar(Device), GENERIC_READ or GENERIC_WRITE, 0, nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); if (hFile <> INVALID_HANDLE_VALUE) then begin CloseHandle(hFile); Result := True; end; end; function DriveExist(const DrivePath: String): Boolean; var GetSystemDirectory: function(lpBuffer: PChar; uSize: LongWord): LongWord; cdecl; GetFileAttributes: function(lpFileName: PChar): LongWord; cdecl; GSys: array[0..MAX_PATH] of Char; SysPath: String; Code: Integer; begin @GetSystemDirectory := ImportKernelFunc('GetSystemDirectoryA'); @GetFileAttributes := ImportKernelFunc('GetFileAttributesA'); GetSystemDirectory(GSys, MAX_PATH); SysPath := String(GSys); if Length(SysPath) > 0 then if SysPath[Length(SysPath)] <> '\' then SysPath := SysPath + '\'; SysPath := SysPath + DrivePath; Code := GetFileAttributes(PChar(SysPath)); Result := (Code <> -1) and (FILE_ATTRIBUTE_DIRECTORY and Code = 0); end; // ESET SysInspector function IsEsetSysInsp: Boolean; begin if IsRing0('\\.\ESIASDRV') then Result := True else Result := False; end; // ESET Nod32 Antivirus function IsEsetAntivir: Boolean; begin if (DriveExist('drivers\ehdrv.sys')) or (DriveExist('drivers\eamon.sys')) or (IsUninstall('ESET')) then Result := True else Result := False; end; // ESET Personal Firewall function IsEsetFire: Boolean; begin if (IsRing0('\\.\EPFWNDIS')) or (IsRing0('\\.\EPFW')) or (DriveExist('drivers\epfwtdi.sys')) then Result := True else Result := False; end; // Trend Micro Internet Security function IsTrendMicro: Boolean; begin if IsRing0('\\.\TMACTMON') then Result := True else Result := False; end; // Kaspersky Internet Security 2008 & WorkStation function IsKIS2008: Boolean; begin if IsRing0('\\.\KLIM5') then Result := True else Result := False; end; // Agnitum Outpost Firewall function IsOutpostFire: Boolean; begin if (DriveExist('drivers\afwcore.sys')) or (DriveExist('drivers\afw.sys')) or (IsUninstall('Outpost')) then Result := True else Result := False; end; // Agnitum Anti-Spyware function IsOutpostAntiSpy: Boolean; begin if DriveExist('filt\aswfilt.dll') then Result := True else Result := False; end; // Agnitum Host Protection function IsOutpostHostProt: Boolean; begin if DriveExist('drivers\sandbox.sys') then Result := True else Result := False; end; // Malwarebytes' Anti-Malware function IsAntiMalware: Boolean; begin if (DriveExist('drivers\mbam.sys')) or (DriveExist('drivers\mbamswissarmy.sys')) then Result := True else Result := False; end; // Zillya! Антивирус function IsZillya: Boolean; begin if DriveExist( 'drivers\ZFMSYS.sys') then Result := True else Result := False; end; // Advanced SystemCare function IsAdvancedSysCare: Boolean; begin if IsUninstall('Advanced SystemCare') then Result := True else Result := False; end; // Антивирус Stop! function IsAvirStop: Boolean; begin if IsUninstall('Антивирус Stop!') then Result := True else Result := False; end; // USBGuard function IsUSBGuard: Boolean; begin if IsUninstall('USBGuard') then Result := True else Result := False; end; // AnVir Task Manager function IsAnvitTaskMgr: Boolean; begin if IsUninstall('AnVir Task Manager') then Result := True else Result := False; end; // Lavasoft Ad-Aware function IsAdAware: Boolean; begin if (IsUninstall('Ad-Aware')) or (DriveExist('drivers\lbd.sys')) or (IsRing0('\\.\LBD')) then Result := True else Result := False; end; // Microsoft Security Essentials function IsMSecEssentials: Boolean; begin if (DriveExist('drivers\mpfilter.sys')) or (IsUninstall('Microsoft Security Essentials')) then Result := True else Result := False; end; // McAfee function IsMcAfee: Boolean; begin if IsUninstall('McAfee') then Result := True else Result := False; end; // McAfee Personal Firewall function IsMcAfeeeFire: Boolean; begin if (IsRing0('\\.\MPFP')) or (DriveExist('drivers\mpfp.sys')) then Result := True else Result := False; end; // SpyHunter function IsSpyHunter: Boolean; begin if IsUninstall('SpyHunter') then Result := True else Result := False; end; end. http://slil.ru/28697354 - Скачать Antivirus Detector v0.2 [Beta] (Delphi Module)
Antivirus Detector v0.3 [Beta] (Delphi Module) Code: unit AntiVir_Detect_0_3_beta; { Antivirus Detector v0.3 [Beta] Author: FlipLab Software© 2006-2010 E-mail: [email protected], [email protected] URL: http://www.fls.com/ About: Вспомогательный модуль для обнаружения установленных антивирусных программ, а также фаерволов. В текщей версии поддерживаются: + ESET SysInspector + ESET NOD32 Integrity + ESET NOD32 On-Access + Kaspersky On-Access Scanner + Legacy Kaspersky Service + DrWeb + AVG Anti-Virus + Norton (Symantec) AntiVirus + Symantec AntiVirus AutoProtect + Symantec AntiVirus Content Filtration + Avast! + McAfee VirusScan + Avira AntiVir + BitDefender AntiVirus & 2008 + Spy Sweeper + CA Anti-Virus + GDATA AntiVirusKit + Aston + Sophos Antivirus + McAffee Framework Self Protection + McAffee Enterprise Self Protection + McAffee Online Scan Self Protection + Antivirus Stop! + Zillya! Antivirus + Spy Hunter + Lavasoft Firewall + Quick Heal Firewall + PC Firewall + Sophos Client Firewall + AGAVA Firewall + F-Secure Firewall + Jetico Firewall + ZoneAlarm Firewall + CheckPoint Firewall + Online Armor Personal Firewall + VirusBuster + Comodo FireWall + Agnitum Outpost Firewall + Malwarebytes' Anti-Malware + Advanced SystemCare + USBGuard + AnVir Task Manager + Lavasoft Ad-Aware + Microsoft Security Essentials + Trend Micro Internet Security } interface uses Windows, WinSvc; const // AntiVirus TREND_MICRO_INET_SEC_ISSUE = 'Trend Micro Internet Security Issue'; MICROSOFT_SEC_ESSENTIALS_ISSUE = 'Microsoft Security Essentials Issue'; LAVASOFT_ADADWARE_ISSUE = 'Lavasoft Ad-Aware Issue'; ANVIR_TASK_MGR_ISSUE = 'AnVir Task Manager Issue'; USBGUARD_ISSUE = 'USBGuard Issue'; SYSTEMCARE_ISSUE = 'Advanced SystemCare Issue'; MALWAREBYTES_ISSUE = 'Malwarebytes'' Anti-Malware Issue'; NOD32_SYSINSPECTOR_ISSUE = 'ESET SysInspector Issue'; NOD32_INTEGRITY_ISSUE = 'ESET NOD32 Integrity Issue'; NOD32_ON_ACCESS_ISSUE = 'ESET NOD32 On-Access Issue'; KLIF_ISSUE = 'Kaspersky On-Access Scanner Issue'; KAVAVP_ISSUE = 'Legacy Kaspersky Service Issue'; DRWEB_ISSUE = 'DrWeb Issue'; AVG_AV_ISSUE = 'AVG Anti-Virus Issue'; SYMANTEC_ISSUE = 'Norton (Symantec) AntiVirus Issue'; SYMANTEC_AUTOPROTECT_ISSUE = 'Symantec AntiVirus AutoProtect Issue'; SYMANTEC_FILTRATION_ISSUE = 'Symantec AntiVirus Content Filtration Issue'; AVAST_ISSUE = 'Avast! Issue'; MCAFEE_ISSUE = 'McAfee VirusScan Issue'; AVIRA_ISSUE = 'Avira AntiVir Issue'; BITDEFENDER_AV_ISSUE = 'BitDefender AntiVirus Issue'; BITDEFENDER_AV_2008_ISSUE = 'BitDefender Antivirus 2008 Issue'; SPYSWEEPER_ISSUE = 'Spy Sweeper Issue'; CA_ISSUE = 'CA Anti-Virus Issue'; GDATA_AVK_ISSUE = 'GDATA AntiVirusKit Issue'; ASTON_ISSUE = 'Aston Issue'; SOPHOS_ISSUE = 'Sophos Antivirus Issue'; MCAFEE_FRAMEWORK_ISSUE = 'McAffee Framework Self Protection Issue'; MCAFEE_ENTERPRISE_ISSUE = 'McAffee Enterprise Self Protection Issue'; MCAFEE_SCAN_ONLINE_ISSUE = 'McAffee Online Scan Self Protection Issue'; STOP_ISSUE = 'Antivirus Stop! Issue'; ZILLYA_ISSUE = 'Zillya! Antivirus Issue'; SPYHUNTER_ISSUE = 'Spy Hunter Issue'; // Firewalls LAVASOFT_FIREWALL_ISSUE = 'Lavasoft Firewall Issue'; QUICKHEAL_FIREWALL_ISSUE = 'Quick Heal Firewall Issue'; BUHL_FIREWALL_ISSUE = 'PC Firewall Issue'; SOPHOS_FIREWALL_ISSUE = 'Sophos Client Firewall Issue'; AGAVA_FIREWALL_ISSUE = 'AGAVA Firewall Issue'; FSECURE_FIREWALL_ISSUE = 'F-Secure Firewall Issue'; JETICO_FIREWALL_ISSUE = 'Jetico Firewall Issue'; ZONEALARM_FIREWALL_ISSUE = 'ZoneAlarm Firewall Issue'; CHECKPOINT_FIREWALL_ISSUE = 'CheckPoint Firewall Issue'; ONLINEARMOR_FIREWALL_ISSUE = 'Online Armor Personal Firewall Issue'; VIRUSBUSTER_ISSUE = 'VirusBuster Issue'; COMODO_ISSUE = 'Comodo FireWall Issue'; AGNITUM_ISSUE = 'Agnitum Outpost Firewall Issue'; function IsPCProtect: Boolean; function IsNod32Integrity: Boolean; function IsNod32OnAccess: Boolean; function IsEsetSysInspector: Boolean; function IsKlif: Boolean; function IsKavAVP: Boolean; function IsTrendMicro: Boolean; function IsAntiMalware: Boolean; function IsZillya: Boolean; function IsAdAware: Boolean; function IsMSecEssentials: Boolean; function IsAdvancedSysCare: Boolean; function IsAvirStop: Boolean; function IsUSBGuard: Boolean; function IsAnvitTaskMgr: Boolean; function IsSpyHunter: Boolean; function IsDrWeb: Boolean; function IsAvgAv: Boolean; function IsOutpostFire: Boolean; function IsSymantec: Boolean; function IsSymantecAutoProtect: Boolean; function IsSymantecFiltr: Boolean; function IsAvast: Boolean; function IsAvira: Boolean; function IsBitDefender: Boolean; function IsBitDefender2008: Boolean; function IsCaAv: Boolean; function IsGDATA: Boolean; function IsSpyWeeper: Boolean; function IsMcAfeeVirScan: Boolean; function IsAston: Boolean; function IsLavasoftFire: Boolean; function IsQuickHealFire: Boolean; function IsBuhlFire: Boolean; function IsSophosFire: Boolean; function IsAgavaFire: Boolean; function IsFSecureFire: Boolean; function IsJeticoFire: Boolean; function IsZoneAlarmFire: Boolean; function IsCheckPointFire: Boolean; function IsOnlineArmorFire: Boolean; function IsVirusBuster: Boolean; function IsMcAfeeFramework: Boolean; function IsMcAfeeEenterprise: Boolean; function IsMcAfeeScanOnline: Boolean; function IsSophos: Boolean; function IsComodoFire: Boolean; function GetProtectProgs: PChar; implementation function ImportKernelFunc(const Name: String): Pointer; var KernelModule: THandle; begin KernelModule := GetModuleHandle('kernel32.dll'); Result := GetProcAddress(KernelModule, PChar(Name)); end; function DriveExist(const DrivePath: String): Boolean; var GetSystemDirectory: function(lpBuffer: PChar; uSize: LongWord): LongWord; cdecl; GetFileAttributes: function(lpFileName: PChar): LongWord; cdecl; GSys: array[0..MAX_PATH] of Char; SysPath: String; Code: Integer; begin @GetSystemDirectory := ImportKernelFunc('GetSystemDirectoryA'); @GetFileAttributes := ImportKernelFunc('GetFileAttributesA'); GetSystemDirectory(GSys, MAX_PATH); SysPath := String(GSys); if Length(SysPath) > 0 then if SysPath[Length(SysPath)] <> '\' then SysPath := SysPath + '\'; SysPath := SysPath + DrivePath; Code := GetFileAttributes(PChar(SysPath)); Result := (Code <> -1) and (FILE_ATTRIBUTE_DIRECTORY and Code = 0); end; function IsRing0(const Device: String): Boolean; var hFile: THandle; begin Result := False; hFile := CreateFileA(PChar(Device), GENERIC_READ or GENERIC_WRITE, 0, nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); if (hFile <> INVALID_HANDLE_VALUE) then begin CloseHandle(hFile); Result := True; end; end; function RegValueExists(RootKey: HKEY; Name: String): Boolean; var SubKey: String; n: Integer; hTemp: HKEY; function LastPos(Needle: Char; Haystack: String): Integer; begin for Result := Length(Haystack) downto 1 do if Haystack[Result] = Needle then Break; end; begin Result := False; n := LastPos('\', Name); if n > 0 then begin SubKey := Copy(Name, 1, n - 1); if RegOpenKeyEx(RootKey, PChar(SubKey), 0, KEY_READ, hTemp) = ERROR_SUCCESS then begin SubKey := Copy(Name, n + 1, Length(Name) - n); Result := (RegQueryValueEx(hTemp, PChar(SubKey), nil, nil, nil, nil) = ERROR_SUCCESS); RegCloseKey(hTemp); end; end; end; function RegKeyExists(RootKey: HKEY; Name: String): Boolean; var hTemp: HKEY; begin Result := False; if RegOpenKeyEx(RootKey, PChar(Name), 0, KEY_READ, hTemp) = ERROR_SUCCESS then begin Result := True; RegCloseKey(hTemp); end; end; function UpperCase(const S: string): string; asm push ebx push esi push edi mov esi, eax // s mov eax, edx test esi, esi jz @Nil mov edx, [esi-4] // Length(s) mov edi, eax // @Result test edx, edx jle @Nil mov ecx, [eax] mov ebx, edx test ecx, ecx jz @Realloc // Jump if Result not allocated test edx, 3 jnz @Length3 xor edx, [ecx-4] cmp edx, 3 jbe @TestRef jmp @Realloc @Length3: or edx, 2 xor edx, [ecx-4] cmp edx, 1 ja @Realloc @TestRef: cmp [ecx-8], 1 je @LengthOK // Jump if Result RefCt=1 @Realloc: mov edx, ebx or edx, 3 call System.@LStrSetLength @LengthOK: mov edi, [edi] // Result mov [edi-4], ebx // Correct Result length mov byte ptr [ebx+edi], 0 add ebx, -1 and ebx, -4 mov eax, [ebx+esi] @Loop: mov ecx, eax or eax, $80808080 // $E1..$FA mov edx, eax sub eax, $7B7B7B7B // $66..$7F xor edx, ecx // $80 or eax, $80808080 // $E6..$FF sub eax, $66666666 // $80..$99 and eax, edx // $80 shr eax, 2 // $20 xor eax, ecx // Upper mov [ebx+edi], eax mov eax, [ebx+esi-4] sub ebx, 4 jge @Loop pop edi pop esi pop ebx ret @Nil: pop edi pop esi pop ebx jmp System.@LStrClr // Result:='' end;
Antivirus Detector v0.3[Beta] (Delphi Module) Code: function IsService(const ServiceName: String): Boolean; type _SERVICE_STATUS = record dwServiceType: DWORD; dwCurrentState: DWORD; dwControlsAccepted: DWORD; dwWin32ExitCode: DWORD; dwServiceSpecificExitCode: DWORD; dwCheckPoint: DWORD; dwWaitHint: DWORD; end; SERVICE_STATUS = _SERVICE_STATUS; PENUM_SERVICE_STATUS = ^ENUM_SERVICE_STATUS; ENUM_SERVICE_STATUS = packed record lpServiceName : PChar; lpDisplayName : PChar; ServiceStatus : SERVICE_STATUS; end; TcsEnumServicesStatus = function( const hSCManager : DWord; // handle to SCM database const dwServiceType : DWord; // service type const dwServiceState : DWord; // service state const lpServices : PENUM_SERVICE_STATUS; // status buffer const cbBufSize : DWord; // size of status buffer const pcbBytesNeeded : PDWORD; // buffer size needed const lpServicesReturned : PDWord; // number of entries returned const lpResumeHandle : PDWord // next entry ): Boolean; stdcall; TcsOpenSCManager = function( const lpMachineName : PChar; const lpDatabaseName : PChar; const dwDesiredAccess : DWord ): DWord; stdcall; var EnumServicesStatus: TcsEnumServicesStatus; OpenSCManager: TcsOpenSCManager; hSC, hLib: Cardinal; pStatus: PENUM_SERVICE_STATUS; pWork: PENUM_SERVICE_STATUS; cbBufSize: DWord; pcbBytesNeeded: DWord; lpServicesReturned: DWord; lpResumeHandle: DWord; i: Integer; s, s1: String; begin Result := False; hLib := LoadLibrary('ADVAPI32.DLL'); if hLib <> 0 then begin @EnumServicesStatus := GetProcAddress(hLib, 'EnumServicesStatusA'); if @EnumServicesStatus = nil then Exit; @OpenSCManager := GetProcAddress(hLib, 'OpenSCManagerA'); if @OpenSCManager = nil then Exit; end; hSC := OpenSCManager(nil, nil, $0004); if hSC <> 0 then try cbBufSize := 0; pStatus := nil; lpResumeHandle := 0; EnumServicesStatus(hSC, SERVICE_WIN32, SERVICE_STATE_ALL, pStatus, cbBufSize, @pcbBytesNeeded, @lpServicesReturned, @lpResumeHandle); pStatus := AllocMem(pcbBytesNeeded); try cbBufSize := pcbBytesNeeded; EnumServicesStatus(hSC, SERVICE_WIN32, SERVICE_STATE_ALL, pStatus, cbBufSize, @pcbBytesNeeded, @lpServicesReturned, @lpResumeHandle); pWork := pStatus; for i := 0 to lpServicesReturned - 1 do begin s := pWork.lpServiceName; s1 := pWork.lpDisplayName; if (UpperCase(ServiceName) = UpperCase(s)) or (UpperCase(ServiceName) = UpperCase(s1)) then begin Result := True; Exit; end; Inc(pWork); end; finally if Assigned(pStatus) then FreeMem(pStatus, pcbBytesNeeded); end; finally CloseServiceHandle(hSC); end; if hLib <> 0 then FreeLibrary(hLib); end; function IsProcess(const ProcessName: String): Boolean; type tagPROCESSENTRY32 = packed record dwSize: DWORD; cntUsage: DWORD; th32ProcessID: DWORD; // this process th32DefaultHeapID: DWORD; th32ModuleID: DWORD; // associated exe cntThreads: DWORD; th32ParentProcessID: DWORD; // this process's parent process pcPriClassBase: Longint; // Base priority of process's threads dwFlags: DWORD; szExeFile: array[0..MAX_PATH - 1] of Char;// Path end; TProcessEntry32 = tagPROCESSENTRY32; var CreateToolhelp32Snapshot: function(dwFlags, th32ProcessID: DWORD): THandle; cdecl; Process32First: function(hSnapshot: THandle; var lppe: TProcessEntry32): BOOL; cdecl; Process32Next: function (hSnapshot: THandle; var lppe: TProcessEntry32): BOOL; cdecl; ProcessEntry: TProcessEntry32; SHandle: THandle; Next: Boolean; Handles: Integer; ExeFile: String; begin Result := False; ProcessEntry.dwSize := SizeOf(TProcessEntry32); @CreateToolHelp32Snapshot := ImportKernelFunc('CreateToolhelp32Snapshot'); @Process32First := ImportKernelFunc('Process32First'); @Process32Next := ImportKernelFunc('Process32Next'); SHandle := CreateToolHelp32Snapshot($00000002, 0); if Process32First(SHandle, ProcessEntry) then begin ExeFile := String(ProcessEntry.szExeFile); if UpperCase(ExeFile) = UpperCase(ProcessName) then begin Result := True; Exit; end; repeat Next := Process32Next(SHandle, ProcessEntry); if UpperCase(ExeFile) = UpperCase(ProcessName) then begin Result := True; Exit; end; until not Next; end; CloseHandle(SHandle); end; function IsUninstall(const ProgramName: String): Boolean; var Str, MBuf, DisplayName: String; function RegEnum(RootKey: HKEY; Name: String; var ResultList: String; const DoKeys: Boolean): Boolean; var I, iRes: Integer; S: String; hTemp: HKEY; Buf: Pointer; BufSize: Cardinal; begin Result := False; ResultList := ''; if RegOpenKeyEx(RootKey, PChar(Name), 0, KEY_READ, hTemp) = ERROR_SUCCESS then begin Result := True; BufSize := 1024; GetMem(buf, BufSize); I := 0; iRes := ERROR_SUCCESS; while iRes = ERROR_SUCCESS do begin BufSize := 1024; if DoKeys then iRes := RegEnumKeyEx(hTemp, I, buf, BufSize, nil, nil, nil, nil) else iRes := RegEnumValue(hTemp, I, buf, BufSize, nil, nil, nil, nil); if iRes = ERROR_SUCCESS then begin SetLength(S, BufSize); Move(buf^, S[1], BufSize); ResultList := Concat(S, #13#10, ResultList); Inc(i); end; end; FreeMem(Buf); RegCloseKey(hTemp); end; end; function RegEnumKeys(RootKey: HKEY; Name: String; var KeyList: String): Boolean; begin Result := RegEnum(RootKey, Name, KeyList, True); end; function LastPos(Needle: Char; Haystack: String): Integer; begin for Result := Length(Haystack) downto 1 do if Haystack[Result] = Needle then Break; end; function RegValueExists(RootKey: HKEY; Name: String): Boolean; var SubKey: String; n: Integer; hTemp: HKEY; begin Result := False; n := LastPos('\', Name); if n > 0 then begin SubKey := Copy(Name, 1, n - 1); if RegOpenKeyEx(RootKey, PChar(SubKey), 0, KEY_READ, hTemp) = ERROR_SUCCESS then begin SubKey := Copy(Name, n + 1, Length(Name) - n); Result := (RegQueryValueEx(hTemp, PChar(SubKey), nil, nil, nil, nil) = ERROR_SUCCESS); RegCloseKey(hTemp); end; end; end; function RegGetValue(RootKey: HKEY; Name: String; ValType: Cardinal; var PVal: Pointer; var ValSize: Cardinal): Boolean; var SubKey: String; n: Integer; MyValType: DWORD; hTemp: HKEY; Buf: Pointer; BufSize: Cardinal; PKey: PChar; begin Result := False; n := LastPos('\', Name); if n > 0 then begin SubKey := Copy(Name, 1, n - 1); if RegOpenKeyEx(RootKey, PChar(SubKey), 0, KEY_READ, hTemp) = ERROR_SUCCESS then begin SubKey := Copy(Name, n + 1, Length(Name) - n); if SubKey = '' then PKey := nil else PKey := PChar(SubKey); if RegQueryValueEx(hTemp, PKey, nil, @MyValType, nil, @BufSize) = ERROR_SUCCESS then begin GetMem(Buf, BufSize); if RegQueryValueEx(hTemp, PKey, nil, @MyValType, Buf, @BufSize) = ERROR_SUCCESS then begin if ValType = MyValType then begin PVal := Buf; ValSize := BufSize; Result := True; end else FreeMem(Buf) end else FreeMem(Buf); end; RegCloseKey(hTemp); end; end; end; function RegGetString(RootKey: HKEY; Name: String; Var Value: String): Boolean; var Buf: Pointer; BufSize: Cardinal; begin Result := False; Value := ''; if RegGetValue(RootKey, Name, REG_SZ, Buf, BufSize) then begin Dec(BufSize); SetLength(Value, BufSize); if BufSize > 0 then Move(Buf^, Value[1], BufSize); FreeMem(Buf); Result := True; end; end; begin Result := False; if RegEnumKeys(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', Str) then while Length(Str) > 0 do begin MBuf := Copy(Str, 1, Pos(#13#10, Str) - 1); Delete(Str, 1, Pos(#13#10, Str) + 1); if RegValueExists(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\' + MBuf + '\DisplayName') then begin RegGetString(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\' + MBuf + '\DisplayName', DisplayName); DisplayName := UpperCase(DisplayName); if Pos(UpperCase(ProgramName), DisplayName) > 0 then begin Result := True; Exit; end; end; end; end; // ESET NOD32 Integrity Issue function IsNod32Integrity: Boolean; begin if (IsService('nod32krn')) or (IsService('ekrn')) then Result := True else Result := False; end; // ESET NOD32 On-Access Issue function IsNod32OnAccess: Boolean; begin if (DriveExist('drivers\amon.sys')) or (DriveExist('drivers\eamon.sys')) then Result := True else Result := False; end; // ESET SysInspector Issue function IsEsetSysInspector: Boolean; begin if IsRing0('\\.\ESIASDRV') then Result := True else Result := False; end;
Antivirus Detector v0.3 [Beta] (Delphi Module) Code: // Kaspersky On-Access Scanner Issue function IsKlif: Boolean; begin if DriveExist('drivers\klif.sys') then Result := True else Result := False; end; // Legacy Kaspersky Service Issue function IsKavAVP: Boolean; begin if IsService('avp') then Result := True else Result := False; end; // Trend Micro Internet Security Issue function IsTrendMicro: Boolean; begin if IsRing0('\\.\TMACTMON') then Result := True else Result := False; end; // Malwarebytes' Anti-Malware Issue function IsAntiMalware: Boolean; begin if (DriveExist('drivers\mbam.sys')) or (DriveExist('drivers\mbamswissarmy.sys')) then Result := True else Result := False; end; // Zillya! Antivirus Issue function IsZillya: Boolean; begin if DriveExist( 'drivers\ZFMSYS.sys') then Result := True else Result := False; end; // Lavasoft Ad-Aware Issue function IsAdAware: Boolean; begin if (DriveExist('drivers\lbd.sys')) or (IsRing0('\\.\LBD')) then Result := True else Result := False; end; // Microsoft Security Essentials Issue function IsMSecEssentials: Boolean; begin if (DriveExist('drivers\mpfilter.sys')) or (IsUninstall('Microsoft Security Essentials')) then Result := True else Result := False; end; // Advanced SystemCare Issue function IsAdvancedSysCare: Boolean; begin if IsUninstall('Advanced SystemCare') then Result := True else Result := False; end; // Antivirus Stop! Issue function IsAvirStop: Boolean; begin if IsUninstall('Антивирус Stop!') then Result := True else Result := False; end; // USBGuard Issue function IsUSBGuard: Boolean; begin if IsUninstall('USBGuard') then Result := True else Result := False; end; // AnVir Task Manager Issue function IsAnvitTaskMgr: Boolean; begin if IsUninstall('AnVir Task Manager') then Result := True else Result := False; end; // Spy Hunter Issue function IsSpyHunter: Boolean; begin if IsUninstall('SpyHunter') then Result := True else Result := False; end; // DrWeb Issue function IsDrWeb: Boolean; begin if (IsService('spidernt')) or (DriveExist('drivers\spider.sys')) then Result := True else Result := False; end; // AVG Anti-Virus Issue function IsAvgAv: Boolean; begin if (IsService('Avg7Alrt')) or (DriveExist('drivers\avg7rsxp.sys')) or (DriveExist('drivers\avgmfx86.sys')) or (DriveExist('drivers\avgmfx64.sys')) then Result := True else Result := False; end; // Agnitum Outpost Firewall Issue function IsOutpostFire: Boolean; begin if (DriveExist('drivers\afwcore.sys')) or (DriveExist('drivers\afw.sys')) or (IsUninstall('Outpost')) or (DriveExist('filt\aswfilt.dll')) or (DriveExist('drivers\sandbox.sys')) then Result := True else Result := False; end; // Norton (Symantec) AntiVirus Issue function IsSymantec: Boolean; begin if (IsService('CLTNetCnService')) or (IsService('ccEvtMgr')) then Result := True else Result := False; end; // Symantec AntiVirus AutoProtect Issue function IsSymantecAutoProtect: Boolean; begin if (IsService('ccEvtMgr')) or (DriveExist('drivers\eectrl.sys')) then Result := True else Result := False; end; // Symantec AntiVirus Content Filtration Issue function IsSymantecFiltr: Boolean; begin if DriveExist('drivers\SYMTDI.sys') then Result := True else Result := False; end; // Avast! Issue function IsAvast: Boolean; begin if RegValueExists(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\avast!\InstallLocation') then Result := True else Result := False; end; // Avira AntiVir Issue function IsAvira: Boolean; begin if (DriveExist('drivers\avgio.sys')) or (DriveExist('drivers\avgntflt.sys')) or (DriveExist('drivers\avgntdd.sys')) then Result := True else Result := False; end; // BitDefender AntiVirus Issue function IsBitDefender: Boolean; begin if DriveExist('drivers\bdrsdrv.sys') then Result := True else Result := False; end; // BitDefender Antivirus 2008 Issue function IsBitDefender2008: Boolean; begin if IsService('vsserv') then Result := True else Result := False; end; // CA Anti-Virus Issue function IsCaAv: Boolean; begin if (IsService('InoRT')) or (IsService('InoRPC')) or (IsService('InoTask')) or (IsService('InoNmSrv')) or (IsService('vetmsgnt')) then Result := True else Result := False; end; // GDATA AntiVirusKit Issue function IsGDATA: Boolean; begin if (IsService('AVKWCtl')) or (IsService('AVKService')) then Result := True else Result := False; end;
Antivirus Detector v0.3 [Beta] (Delphi Module) Code: // Spy Sweeper Issue function IsSpyWeeper: Boolean; begin if IsService('WebrootSpySweeperService') then Result := True else Result := False; end; // McAfee VirusScan Issue function IsMcAfeeVirScan: Boolean; begin if IsService('McShield') then Result := True else Result := False; end; // Aston Issue function IsAston: Boolean; begin if RegKeyExists(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Aston') then Result := True else Result := False; end; // Lavasoft Firewall Issue function IsLavasoftFire: Boolean; begin if (IsService('LavasoftFirewall')) or (RegValueExists(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lavasoft Firewall Pro_is1\InstallLocation')) then Result := True else Result := False; end; // Quick Heal Firewall Issue function IsQuickHealFire: Boolean; begin if IsService('QuickHealFirewall') then Result := True else Result := False; end; // PC Firewall Issue function IsBuhlFire: Boolean; begin if IsService('SFirewall') then Result := True else Result := False; end; // Sophos Client Firewall Issue function IsSophosFire: Boolean; begin if IsService('SophosFirewall') then Result := True else Result := False; end; // AGAVA Firewall Issue function IsAgavaFire: Boolean; begin if IsService('fwservice') then Result := True else Result := False; end; // F-Secure Firewall Issue function IsFSecureFire: Boolean; begin if DriveExist('drivers\fsfw.sys') then Result := True else Result := False; end; // Jetico Firewall Issue function IsJeticoFire: Boolean; begin if IsService('Jetico Personal Firewall server') then Result := True else Result := False; end; // ZoneAlarm Firewall Issue function IsZoneAlarmFire: Boolean; begin if IsService('vsmon') then Result := True else Result := False; end; // CheckPoint Firewall Issue function IsCheckPointFire: Boolean; begin if IsService('FW1SVC') then Result := True else Result := False; end; // Online Armor Personal Firewall Issue function IsOnlineArmorFire: Boolean; begin if IsService('SvcOnlineArmor') then Result := True else Result := False; end; // VirusBuster Issue function IsVirusBuster: Boolean; begin if IsService('VBCompManService') then Result := True else Result := False; end; // McAffee Framework Self Protection Issue function IsMcAfeeFramework: Boolean; begin if RegValueExists(HKEY_LOCAL_MACHINE, 'SOFTWARE\Network Associates\TVD\Shared Components\Framework\Installed Path') then Result := True else Result := False; end; // McAffee Enterprise Self Protection Issu function IsMcAfeeEenterprise: Boolean; begin if RegValueExists(HKEY_LOCAL_MACHINE, 'SOFTWARE\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\szInstallDir') then Result := True else Result := False; end; // McAffee Online Scan Self Protection Issue function IsMcAfeeScanOnline: Boolean; begin if RegValueExists(HKEY_LOCAL_MACHINE, 'SOFTWARE\McAfee.com\Virusscan Online\Install Dir') then Result := True else Result := False; end; // Sophos Antivirus Issue function IsSophos: Boolean; begin if IsService('savprogress.exe') then Result := True else Result := False; end; // Comodo FireWall Issue function IsComodoFire: Boolean; begin if RegKeyExists(HKEY_LOCAL_MACHINE, 'Software\Microsoft\Windows\Uninstall\Comodo Firewall') then Result := True else Result := False; end; // Проверка компьютера на установленую защиту function IsPCProtect: Boolean; begin Result := False; if IsNod32Integrity or IsNod32OnAccess or IsEsetSysInspector or IsKlif or IsKavAVP or IsTrendMicro or IsAntiMalware or IsZillya or IsAdAware or IsMSecEssentials or IsAdvancedSysCare or IsAvirStop or IsUSBGuard or IsAnvitTaskMgr or IsSpyHunter or IsDrWeb or IsAvgAv or IsOutpostFire or IsSymantec or IsSymantecAutoProtect or IsSymantecFiltr or IsAvast or IsAvira or IsBitDefender or IsBitDefender2008 or IsCaAv or IsGDATA or IsSpyWeeper or IsMcAfeeVirScan or IsAston or IsLavasoftFire or IsQuickHealFire or IsBuhlFire or IsSophosFire or IsAgavaFire or IsFSecureFire or IsJeticoFire or IsZoneAlarmFire or IsCheckPointFire or IsOnlineArmorFire or IsVirusBuster or IsMcAfeeFramework or IsMcAfeeEenterprise or IsMcAfeeScanOnline or IsSophos or IsComodoFire then Result := True; end; // Получение всех установленных защит function GetProtectProgs: PChar; var ProgNames: String; begin Result := ''; if IsNod32Integrity then ProgNames := ProgNames + NOD32_INTEGRITY_ISSUE + ';'; if IsNod32OnAccess then ProgNames := ProgNames + NOD32_ON_ACCESS_ISSUE + ';'; if IsEsetSysInspector then ProgNames := ProgNames + NOD32_SYSINSPECTOR_ISSUE + ';'; if IsKlif then ProgNames := ProgNames + KLIF_ISSUE + ';'; if IsKavAVP then ProgNames := ProgNames + KAVAVP_ISSUE + ';'; if IsTrendMicro then ProgNames := ProgNames + TREND_MICRO_INET_SEC_ISSUE + ';'; if IsAntiMalware then ProgNames := ProgNames + MALWAREBYTES_ISSUE + ';'; if IsZillya then ProgNames := ProgNames + ZILLYA_ISSUE + ';'; if IsAdAware then ProgNames := ProgNames + LAVASOFT_ADADWARE_ISSUE + ';'; if IsMSecEssentials then ProgNames := ProgNames + MICROSOFT_SEC_ESSENTIALS_ISSUE + ';'; if IsAdvancedSysCare then ProgNames := ProgNames + SYSTEMCARE_ISSUE + ';'; if IsAvirStop then ProgNames := ProgNames + STOP_ISSUE + ';'; if IsUSBGuard then ProgNames := ProgNames + USBGUARD_ISSUE + ';'; if IsAnvitTaskMgr then ProgNames := ProgNames + ANVIR_TASK_MGR_ISSUE + ';'; if IsSpyHunter then ProgNames := ProgNames + SPYHUNTER_ISSUE + ';'; if IsDrWeb then ProgNames := ProgNames + DRWEB_ISSUE + ';'; if IsAvgAv then ProgNames := ProgNames + AVG_AV_ISSUE + ';'; if IsOutpostFire then ProgNames := ProgNames + AGNITUM_ISSUE + ';'; if IsSymantec then ProgNames := ProgNames + SYMANTEC_ISSUE + ';'; if IsSymantecAutoProtect then ProgNames := ProgNames + SYMANTEC_AUTOPROTECT_ISSUE + ';'; if IsSymantecFiltr then ProgNames := ProgNames + SYMANTEC_FILTRATION_ISSUE + ';'; if IsAvast then ProgNames := ProgNames + AVAST_ISSUE + ';'; if IsAvira then ProgNames := ProgNames + AVIRA_ISSUE + ';'; if IsBitDefender then ProgNames := ProgNames + BITDEFENDER_AV_ISSUE + ';'; if IsBitDefender2008 then ProgNames := ProgNames + BITDEFENDER_AV_2008_ISSUE + ';'; if IsCaAv then ProgNames := ProgNames + CA_ISSUE + ';'; if IsGDATA then ProgNames := ProgNames + GDATA_AVK_ISSUE + ';'; if IsSpyWeeper then ProgNames := ProgNames + SPYSWEEPER_ISSUE + ';'; if IsMcAfeeVirScan then ProgNames := ProgNames + MCAFEE_ISSUE + ';'; if IsAston then ProgNames := ProgNames + ASTON_ISSUE + ';'; if IsLavasoftFire then ProgNames := ProgNames + LAVASOFT_FIREWALL_ISSUE + ';'; if IsQuickHealFire then ProgNames := ProgNames + QUICKHEAL_FIREWALL_ISSUE + ';'; if IsBuhlFire then ProgNames := ProgNames + BUHL_FIREWALL_ISSUE + ';'; if IsSophosFire then ProgNames := ProgNames + SOPHOS_FIREWALL_ISSUE + ';'; if IsAgavaFire then ProgNames := ProgNames + AGAVA_FIREWALL_ISSUE + ';'; if IsFSecureFire then ProgNames := ProgNames + FSECURE_FIREWALL_ISSUE + ';'; if IsJeticoFire then ProgNames := ProgNames + JETICO_FIREWALL_ISSUE + ';'; if IsZoneAlarmFire then ProgNames := ProgNames + ZONEALARM_FIREWALL_ISSUE + ';'; if IsCheckPointFire then ProgNames := ProgNames + CHECKPOINT_FIREWALL_ISSUE + ';'; if IsOnlineArmorFire then ProgNames := ProgNames + ONLINEARMOR_FIREWALL_ISSUE + ';'; if IsVirusBuster then ProgNames := ProgNames + VIRUSBUSTER_ISSUE + ';'; if IsMcAfeeFramework then ProgNames := ProgNames + MCAFEE_FRAMEWORK_ISSUE + ';'; if IsMcAfeeEenterprise then ProgNames := ProgNames + MCAFEE_ENTERPRISE_ISSUE + ';'; if IsMcAfeeScanOnline then ProgNames := ProgNames + MCAFEE_SCAN_ONLINE_ISSUE + ';'; if IsSophos then ProgNames := ProgNames + SOPHOS_ISSUE + ';'; if IsComodoFire then ProgNames := ProgNames + COMODO_ISSUE + ';'; Result := PChar(ProgNames); end; end. http://slil.ru/28697373 - Скачать Antivirus Detector v0.3 [Beta] (Delphi Module)