Код:
unit AntiVir_Detect_0_3_beta;
{
Antivirus Detector v0.3 [Beta]
Author: FlipLab Software© 2006-2010
E-mail: fliplab@gmail.com, fliplab@ya.ru
URL: http://www.fls.com/
About: Вспомогательный модуль для обнаружения установленных
антивирусных программ, а также фаерволов. В текщей версии
поддерживаются:
+ ESET SysInspector
+ ESET NOD32 Integrity
+ ESET NOD32 On-Access
+ Kaspersky On-Access Scanner
+ Legacy Kaspersky Service
+ DrWeb
+ AVG Anti-Virus
+ Norton (Symantec) AntiVirus
+ Symantec AntiVirus AutoProtect
+ Symantec AntiVirus Content Filtration
+ Avast!
+ McAfee VirusScan
+ Avira AntiVir
+ BitDefender AntiVirus & 2008
+ Spy Sweeper
+ CA Anti-Virus
+ GDATA AntiVirusKit
+ Aston
+ Sophos Antivirus
+ McAffee Framework Self Protection
+ McAffee Enterprise Self Protection
+ McAffee Online Scan Self Protection
+ Antivirus Stop!
+ Zillya! Antivirus
+ Spy Hunter
+ Lavasoft Firewall
+ Quick Heal Firewall
+ PC Firewall
+ Sophos Client Firewall
+ AGAVA Firewall
+ F-Secure Firewall
+ Jetico Firewall
+ ZoneAlarm Firewall
+ CheckPoint Firewall
+ Online Armor Personal Firewall
+ VirusBuster
+ Comodo FireWall
+ Agnitum Outpost Firewall
+ Malwarebytes' Anti-Malware
+ Advanced SystemCare
+ USBGuard
+ AnVir Task Manager
+ Lavasoft Ad-Aware
+ Microsoft Security Essentials
+ Trend Micro Internet Security
}
interface
uses
Windows, WinSvc;
const
// AntiVirus
TREND_MICRO_INET_SEC_ISSUE = 'Trend Micro Internet Security Issue';
MICROSOFT_SEC_ESSENTIALS_ISSUE = 'Microsoft Security Essentials Issue';
LAVASOFT_ADADWARE_ISSUE = 'Lavasoft Ad-Aware Issue';
ANVIR_TASK_MGR_ISSUE = 'AnVir Task Manager Issue';
USBGUARD_ISSUE = 'USBGuard Issue';
SYSTEMCARE_ISSUE = 'Advanced SystemCare Issue';
MALWAREBYTES_ISSUE = 'Malwarebytes'' Anti-Malware Issue';
NOD32_SYSINSPECTOR_ISSUE = 'ESET SysInspector Issue';
NOD32_INTEGRITY_ISSUE = 'ESET NOD32 Integrity Issue';
NOD32_ON_ACCESS_ISSUE = 'ESET NOD32 On-Access Issue';
KLIF_ISSUE = 'Kaspersky On-Access Scanner Issue';
KAVAVP_ISSUE = 'Legacy Kaspersky Service Issue';
DRWEB_ISSUE = 'DrWeb Issue';
AVG_AV_ISSUE = 'AVG Anti-Virus Issue';
SYMANTEC_ISSUE = 'Norton (Symantec) AntiVirus Issue';
SYMANTEC_AUTOPROTECT_ISSUE = 'Symantec AntiVirus AutoProtect Issue';
SYMANTEC_FILTRATION_ISSUE = 'Symantec AntiVirus Content Filtration Issue';
AVAST_ISSUE = 'Avast! Issue';
MCAFEE_ISSUE = 'McAfee VirusScan Issue';
AVIRA_ISSUE = 'Avira AntiVir Issue';
BITDEFENDER_AV_ISSUE = 'BitDefender AntiVirus Issue';
BITDEFENDER_AV_2008_ISSUE = 'BitDefender Antivirus 2008 Issue';
SPYSWEEPER_ISSUE = 'Spy Sweeper Issue';
CA_ISSUE = 'CA Anti-Virus Issue';
GDATA_AVK_ISSUE = 'GDATA AntiVirusKit Issue';
ASTON_ISSUE = 'Aston Issue';
SOPHOS_ISSUE = 'Sophos Antivirus Issue';
MCAFEE_FRAMEWORK_ISSUE = 'McAffee Framework Self Protection Issue';
MCAFEE_ENTERPRISE_ISSUE = 'McAffee Enterprise Self Protection Issue';
MCAFEE_SCAN_ONLINE_ISSUE = 'McAffee Online Scan Self Protection Issue';
STOP_ISSUE = 'Antivirus Stop! Issue';
ZILLYA_ISSUE = 'Zillya! Antivirus Issue';
SPYHUNTER_ISSUE = 'Spy Hunter Issue';
// Firewalls
LAVASOFT_FIREWALL_ISSUE = 'Lavasoft Firewall Issue';
QUICKHEAL_FIREWALL_ISSUE = 'Quick Heal Firewall Issue';
BUHL_FIREWALL_ISSUE = 'PC Firewall Issue';
SOPHOS_FIREWALL_ISSUE = 'Sophos Client Firewall Issue';
AGAVA_FIREWALL_ISSUE = 'AGAVA Firewall Issue';
FSECURE_FIREWALL_ISSUE = 'F-Secure Firewall Issue';
JETICO_FIREWALL_ISSUE = 'Jetico Firewall Issue';
ZONEALARM_FIREWALL_ISSUE = 'ZoneAlarm Firewall Issue';
CHECKPOINT_FIREWALL_ISSUE = 'CheckPoint Firewall Issue';
ONLINEARMOR_FIREWALL_ISSUE = 'Online Armor Personal Firewall Issue';
VIRUSBUSTER_ISSUE = 'VirusBuster Issue';
COMODO_ISSUE = 'Comodo FireWall Issue';
AGNITUM_ISSUE = 'Agnitum Outpost Firewall Issue';
function IsPCProtect: Boolean;
function IsNod32Integrity: Boolean;
function IsNod32OnAccess: Boolean;
function IsEsetSysInspector: Boolean;
function IsKlif: Boolean;
function IsKavAVP: Boolean;
function IsTrendMicro: Boolean;
function IsAntiMalware: Boolean;
function IsZillya: Boolean;
function IsAdAware: Boolean;
function IsMSecEssentials: Boolean;
function IsAdvancedSysCare: Boolean;
function IsAvirStop: Boolean;
function IsUSBGuard: Boolean;
function IsAnvitTaskMgr: Boolean;
function IsSpyHunter: Boolean;
function IsDrWeb: Boolean;
function IsAvgAv: Boolean;
function IsOutpostFire: Boolean;
function IsSymantec: Boolean;
function IsSymantecAutoProtect: Boolean;
function IsSymantecFiltr: Boolean;
function IsAvast: Boolean;
function IsAvira: Boolean;
function IsBitDefender: Boolean;
function IsBitDefender2008: Boolean;
function IsCaAv: Boolean;
function IsGDATA: Boolean;
function IsSpyWeeper: Boolean;
function IsMcAfeeVirScan: Boolean;
function IsAston: Boolean;
function IsLavasoftFire: Boolean;
function IsQuickHealFire: Boolean;
function IsBuhlFire: Boolean;
function IsSophosFire: Boolean;
function IsAgavaFire: Boolean;
function IsFSecureFire: Boolean;
function IsJeticoFire: Boolean;
function IsZoneAlarmFire: Boolean;
function IsCheckPointFire: Boolean;
function IsOnlineArmorFire: Boolean;
function IsVirusBuster: Boolean;
function IsMcAfeeFramework: Boolean;
function IsMcAfeeEenterprise: Boolean;
function IsMcAfeeScanOnline: Boolean;
function IsSophos: Boolean;
function IsComodoFire: Boolean;
function GetProtectProgs: PChar;
implementation
function ImportKernelFunc(const Name: String): Pointer;
var
KernelModule: THandle;
begin
KernelModule := GetModuleHandle('kernel32.dll');
Result := GetProcAddress(KernelModule, PChar(Name));
end;
function DriveExist(const DrivePath: String): Boolean;
var
GetSystemDirectory: function(lpBuffer: PChar; uSize: LongWord): LongWord; cdecl;
GetFileAttributes: function(lpFileName: PChar): LongWord; cdecl;
GSys: array[0..MAX_PATH] of Char;
SysPath: String;
Code: Integer;
begin
@GetSystemDirectory := ImportKernelFunc('GetSystemDirectoryA');
@GetFileAttributes := ImportKernelFunc('GetFileAttributesA');
GetSystemDirectory(GSys, MAX_PATH);
SysPath := String(GSys);
if Length(SysPath) > 0 then
if SysPath[Length(SysPath)] <> '\' then
SysPath := SysPath + '\';
SysPath := SysPath + DrivePath;
Code := GetFileAttributes(PChar(SysPath));
Result := (Code <> -1) and (FILE_ATTRIBUTE_DIRECTORY and Code = 0);
end;
function IsRing0(const Device: String): Boolean;
var
hFile: THandle;
begin
Result := False;
hFile := CreateFileA(PChar(Device), GENERIC_READ or GENERIC_WRITE, 0, nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
if (hFile <> INVALID_HANDLE_VALUE) then
begin
CloseHandle(hFile);
Result := True;
end;
end;
function RegValueExists(RootKey: HKEY; Name: String): Boolean;
var
SubKey: String;
n: Integer;
hTemp: HKEY;
function LastPos(Needle: Char; Haystack: String): Integer;
begin
for Result := Length(Haystack) downto 1 do
if Haystack[Result] = Needle then
Break;
end;
begin
Result := False;
n := LastPos('\', Name);
if n > 0 then
begin
SubKey := Copy(Name, 1, n - 1);
if RegOpenKeyEx(RootKey, PChar(SubKey), 0, KEY_READ, hTemp) = ERROR_SUCCESS then
begin
SubKey := Copy(Name, n + 1, Length(Name) - n);
Result := (RegQueryValueEx(hTemp, PChar(SubKey), nil, nil, nil, nil) = ERROR_SUCCESS);
RegCloseKey(hTemp);
end;
end;
end;
function RegKeyExists(RootKey: HKEY; Name: String): Boolean;
var
hTemp: HKEY;
begin
Result := False;
if RegOpenKeyEx(RootKey, PChar(Name), 0, KEY_READ, hTemp) = ERROR_SUCCESS then
begin
Result := True;
RegCloseKey(hTemp);
end;
end;
function UpperCase(const S: string): string;
asm
push ebx
push esi
push edi
mov esi, eax // s
mov eax, edx
test esi, esi
jz @Nil
mov edx, [esi-4] // Length(s)
mov edi, eax // @Result
test edx, edx
jle @Nil
mov ecx, [eax]
mov ebx, edx
test ecx, ecx
jz @Realloc // Jump if Result not allocated
test edx, 3
jnz @Length3
xor edx, [ecx-4]
cmp edx, 3
jbe @TestRef
jmp @Realloc
@Length3:
or edx, 2
xor edx, [ecx-4]
cmp edx, 1
ja @Realloc
@TestRef:
cmp [ecx-8], 1
je @LengthOK // Jump if Result RefCt=1
@Realloc:
mov edx, ebx
or edx, 3
call System.@LStrSetLength
@LengthOK:
mov edi, [edi] // Result
mov [edi-4], ebx // Correct Result length
mov byte ptr [ebx+edi], 0
add ebx, -1
and ebx, -4
mov eax, [ebx+esi]
@Loop: mov ecx, eax
or eax, $80808080 // $E1..$FA
mov edx, eax
sub eax, $7B7B7B7B // $66..$7F
xor edx, ecx // $80
or eax, $80808080 // $E6..$FF
sub eax, $66666666 // $80..$99
and eax, edx // $80
shr eax, 2 // $20
xor eax, ecx // Upper
mov [ebx+edi], eax
mov eax, [ebx+esi-4]
sub ebx, 4
jge @Loop
pop edi
pop esi
pop ebx
ret
@Nil: pop edi
pop esi
pop ebx
jmp System.@LStrClr // Result:=''
end;