L
louqing_2
Unregistered / Unconfirmed
GUEST, unregistred user!
我用以下代码防DEDE反编译,在2000编译的程序可以防,但是在XP下编译的程序不能防,请问是原因?高手帮一下,我试了几天都不能成功....
procedure MyCheckParentProc;
var //检查自己的进程的父进程
Pn: TProcesseNtry32;
sHandle:THandle;
H,ExplProc,ParentProc:Hwnd;
Found,found2:Boolean;
Buffer:array[0..255]of Char;
Path:string;
fHandle:THandle;
fm32:tmoduleentry32;
begin
H:= 0;
ExplProc:= 0;
ParentProc:= 0;
//得到Windows的目录
SetString(Path,Buffer,256);
//取系统的Windows目录
GetWindowsDirectory(Buffer,Sizeof(Buffer)- 1);
Path := UpperCase(Buffer)+ '/EXPLORER.EXE';//得到Explorer的路径
//showmessage(Path);
//得到所有进程的列表快照
sHandle:= CreateToolHelp32SnapShot(TH32CS_SNAPALL,0);
Pn.dwSize:= SizeOf(PROCESSENTRY32);
Found:= Process32First(sHandle,Pn);//查找进程
while Found do //遍历所有进程
begin
//showmessage(Pn.szExeFile +#13#10+' 进程ID:'+inttostr(Pn.th32ProcessID)
// +#13#10+' 父进程id:'+inttostr(Pn.th32ParentProcessID ));
//取进程的文件路径,
if UpperCase(Pn.szExeFile) <> UpperCase('[System Process]') then
begin
fHandle := CreateToolhelp32Snapshot(th32cs_snapmodule,Pn.th32ProcessID);
fm32.dwSize := sizeof(tmoduleentry32);
{
found2 := Module32First(fHandle,fm32);
form1.Memo2.Lines.Add(
'父: '+ Pn.szExeFile +#13#10+
' 子: '+fm32.szExePath +#13#10
+' 进程ID:'+inttostr(Pn.th32ProcessID)
+' 进程th32ParentProcessID:'+inttostr( Pn.th32ParentProcessID)
+#13#10+' 进程th32ModuleID:'+inttostr(fm32.th32ModuleID)
+#13#10+' 进程th32ProcessID:'+inttostr(fm32.th32ProcessID )
);
{}
if fm32.szExePath = ParamStr(0) then //自己的进程
begin
ParentProc := Pn.th32ParentProcessID;//得到父进程的进程ID
end
else if UpperCase(fm32.szExePath)= Path then //取系统的EXPLORER.EXE的进程ID号
ExplProc:= Pn.th32ProcessID;//Ex plorer的PID
{while found2 do
begin
found2 := Module32Next(fHandle,fm32);
end;
{}
closehandle(fHandle);
end;
Found:= Process32Next(sHandle,Pn);//查找下一个
end;
closehandle(sHandle);
//父进程不是Explorer,是调试器……
if ParentProc <> ExplProc then
begin
TerminateProcess(H,0);//杀之!除之而后快也!
//你还可以加上其它什么死机代码来消遣消遣这位可爱的Cracker
end;
end;
procedure MyCheckParentProc;
var //检查自己的进程的父进程
Pn: TProcesseNtry32;
sHandle:THandle;
H,ExplProc,ParentProc:Hwnd;
Found,found2:Boolean;
Buffer:array[0..255]of Char;
Path:string;
fHandle:THandle;
fm32:tmoduleentry32;
begin
H:= 0;
ExplProc:= 0;
ParentProc:= 0;
//得到Windows的目录
SetString(Path,Buffer,256);
//取系统的Windows目录
GetWindowsDirectory(Buffer,Sizeof(Buffer)- 1);
Path := UpperCase(Buffer)+ '/EXPLORER.EXE';//得到Explorer的路径
//showmessage(Path);
//得到所有进程的列表快照
sHandle:= CreateToolHelp32SnapShot(TH32CS_SNAPALL,0);
Pn.dwSize:= SizeOf(PROCESSENTRY32);
Found:= Process32First(sHandle,Pn);//查找进程
while Found do //遍历所有进程
begin
//showmessage(Pn.szExeFile +#13#10+' 进程ID:'+inttostr(Pn.th32ProcessID)
// +#13#10+' 父进程id:'+inttostr(Pn.th32ParentProcessID ));
//取进程的文件路径,
if UpperCase(Pn.szExeFile) <> UpperCase('[System Process]') then
begin
fHandle := CreateToolhelp32Snapshot(th32cs_snapmodule,Pn.th32ProcessID);
fm32.dwSize := sizeof(tmoduleentry32);
{
found2 := Module32First(fHandle,fm32);
form1.Memo2.Lines.Add(
'父: '+ Pn.szExeFile +#13#10+
' 子: '+fm32.szExePath +#13#10
+' 进程ID:'+inttostr(Pn.th32ProcessID)
+' 进程th32ParentProcessID:'+inttostr( Pn.th32ParentProcessID)
+#13#10+' 进程th32ModuleID:'+inttostr(fm32.th32ModuleID)
+#13#10+' 进程th32ProcessID:'+inttostr(fm32.th32ProcessID )
);
{}
if fm32.szExePath = ParamStr(0) then //自己的进程
begin
ParentProc := Pn.th32ParentProcessID;//得到父进程的进程ID
end
else if UpperCase(fm32.szExePath)= Path then //取系统的EXPLORER.EXE的进程ID号
ExplProc:= Pn.th32ProcessID;//Ex plorer的PID
{while found2 do
begin
found2 := Module32Next(fHandle,fm32);
end;
{}
closehandle(fHandle);
end;
Found:= Process32Next(sHandle,Pn);//查找下一个
end;
closehandle(sHandle);
//父进程不是Explorer,是调试器……
if ParentProc <> ExplProc then
begin
TerminateProcess(H,0);//杀之!除之而后快也!
//你还可以加上其它什么死机代码来消遣消遣这位可爱的Cracker
end;
end;