您现在的位置:首页 >> 硬件系统 >> 硬件系统 >> 内容

R3层检测HideToolz的Delphi代码

时间:2011/9/3 15:18:38 点击:

  核心提示:function CheckHideToolz(): Boolean;varToolBarHnd: Cardinal;hProc: HWND;dwPID: DWORD;lpCommon: Pointe...
function CheckHideToolz(): Boolean;
var
  ToolBarHnd: Cardinal;
  hProc: HWND;
  dwPID: DWORD;
  lpCommon: Pointer;
  btnInfo: TTBBUTTON;
  dwBytes: DWORD;
  TrayIconCaption: array[0..512] of char;
  i, nBtnCount: Integer;
begin
  Result := False;
  ToolBarHnd := FindWindowEx(0, 0, 'Shell_TrayWnd', nil);
  ToolBarHnd := FindWindowEx(ToolBarHnd, 0, 'TrayNotifyWnd', nil);
  ToolBarHnd := FindWindowEx(ToolBarHnd, 0, 'SysPager', nil);
  ToolBarHnd := FindWindowEx(ToolBarHnd, 0, 'ToolbarWindow32', nil);
  if ToolBarHnd = 0 then
  begin
    Exit;
  end;
  GetWindowThreadProcessId(ToolBarHnd, @dwPID);
  hProc := OpenProcess(PROCESS_VM_OPERATION or
    PROCESS_VM_READ or PROCESS_VM_WRITE, false, dwPID);
  lpCommon := VirtualAllocEx(hProc, nil, 4096,
    MEM_RESERVE or MEM_COMMIT, PAGE_READWRITE);
  nBtnCount := SendMessage(ToolBarHnd, TB_BUTTONCOUNT, 0, 0);
  for i := 0 to nBtnCount do
  begin
    ZeroMemory(@btnInfo, sizeof(btnInfo));
    WriteProcessMemory(hProc, lpCommon, @btnInfo, sizeof(btnInfo), dwBytes);
    SendMessage(ToolBarHnd, TB_GETBUTTON, i, LPARAM(lpCommon));
    ReadProcessMemory(hProc, lpCommon, @btnInfo, sizeof(btnInfo), dwBytes);
    SendMessage(ToolBarHnd, TB_GETBUTTONTEXT, btnInfo.idCommand,
      LPARAM(LPARAM(lpCommon) + sizeof(btnInfo)));
    ReadProcessMemory(hProc, Pointer(LPARAM(lpCommon) + sizeof(btnInfo)),
      @TrayIconCaption, 512, dwBytes);
    OutputDebugString(TrayIconCaption);
    if TrayIconCaption = 'HideToolz' then
    begin
      Result := True;
      Break;
    end;
  end;
  VirtualFreeEx(hProc, lpCommon, 0, MEM_RELEASE);
  CloseHandle(hProc);
end;

Tags:检测 代码 
作者:pathletboy 来源:转载
共有评论 0相关评论
发表我的评论
  • 大名:
  • 内容:
  • 盒子文章(www.2ccc.com) © 2022 版权所有 All Rights Reserved.
  • 沪ICP备05001939号