不知道这个怎么样,效果:
procedure TForm1.FormCreate(Sender: TObject);
var
isDebuggerPresent: function:Boolean;
DllModule: THandle;
begin
DllModule := LoadLibrary('kernel32.dll');
isDebuggerPresent := GetProcAddress(DllModule, 'IsDebuggerPresent');
if isDebuggerPresent then
begin
MessageBox(self.Handle, '请不要调试我!', '抗议',
MB_OK or MB_ICONASTERISK);
Application.Terminate;
end;
end;
Procedure Anti_DeDe();//检测DEDE;
var
DeDeHandle:THandle;
i:integer;
begin
DeDeHandle:=FindWindow(nil,chr($64)+chr($65)+chr($64)+chr($65));
if DeDeHandle<>0 then
begin
For i:=1 to 4500 do
SendMessage(DeDeHandle,WM_CLOSE,0,0);
end;
end;
Function SofticeLoaded:Boolean;
Procedure Anti_DeDe();
Function RegLoaded:Boolean;
Function FileLoaded:Boolean;
Function SoftIceXPLoaded:Boolean;
Function IsBPX(addr:Pointer):Boolean;
Function IsDebug():Boolean;
implementation
////////////////////////////////////////////////////////////////////////////////
//Anti-Debug
Function SoftIceLoaded: Boolean; //检测Win98下SoftICE
var
hFile: Thandle;
Begin
Result := false;
hFile := CreateFileA('\\.\SICE', GENERIC_READ or GENERIC_WRITE,
FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL, 0);
if( hFile <> INVALID_HANDLE_VALUE ) then begin
CloseHandle(hFile);
Result := TRUE;
end;
End;
Function SoftIceXPLoaded:Boolean;//检测Win2000/XP下的SoftIce
var
mark:Integer;
YesInt,NoInt:Integer;
begin
YesInt:=0;NoInt:=0;
mark:=0;
asm
push offset @handler
push dword ptr fs:[0]
mov dword ptr fs:[0],esp
xor eax,eax
int 1
inc eax
inc eax
pop dword ptr fs:[0]
add esp,4
or eax,eax
jz @found
cmp mark, 0
jnz @found
jmp @Nofound
@handler:
mov ebx,[esp+0ch]
add dword ptr [ebx+0b8h],02h
mov ebx,[esp+4]
cmp [ebx], 80000004h
jz @Table
inc mark
@Table:
xor eax,eax
ret
@found:
mov YesInt,1
@Nofound:
mov NoInt,1
end;
if Yesint=1 then
Result:=True;
if NoInt=1 then
Result:=False;
end;
////////////////////////////////////////////////////////////////////////////////
//Anti-Monitor
Function DumpLoaded: Boolean; //检测RegMON;
var
hFile: Thandle;
Begin
Result:= false;
hFile := FindWindow(nil,'ProcDump32 (C) 1998, 1999, 2000 G-RoM, Lorian & Stone');
if( hFile <> 0 ) then
begin
Result:= TRUE;
end;
End;
Function RegLoaded: Boolean; //检测RegMON;
var
hFile: Thandle;
Begin
Result:= false;
hFile := FindWindow(nil,'Registry Monitor - Sysinternals: www.sysinternals.com');
if( hFile <> 0 ) then
begin
Result:= TRUE;
end;
End;
Function FileLoaded: Boolean; //检测FileMON;
var
hFile: Thandle;
Begin
Result:= false;
hFile := FindWindow(nil,'File Monitor - Sysinternals: www.sysinternals.com');
if( hFile <> 0 ) then
begin
Result:= TRUE;
end;
End;
////////////////////////////////////////////////////////////////////////////////
//Anti-loader
Function IsDebug():Boolean; //检测调试器;
var
YInt,NInt:Integer;
begin
asm
mov eax,fs:[30h]
movzx eax,byte ptr[eax+2h]
or al,al
jz @No
jnz @Yes
@No:
mov NInt,1
@Yes:
Mov YInt,1
end;
if YInt=1 then
Result:=True;
if NInt=1 then
Result:=False;
end;
////////////////////////////////////////////////////////////////////////////////
//DetectBreakpoint
Function IsBPX(addr:Pointer):Boolean;//防范BPX断点
var
YInt,NInt:Integer;
begin
asm
mov esi,addr
mov al,[esi]
cmp al,$CC
je @Yes
jne @No
@Yes:
mov YInt,1
@No:
mov NInt,1
end;
if YInt=1 then
Result:=True;
if NInt=1 then
Result:=False;
end;
Procedure Anti_DeDe();//检测DEDE;
var
DeDeHandle:THandle;
i:integer;
begin
DeDeHandle:=FindWindow(nil,chr($64)+chr($65)+chr($64)+chr($65));
if DeDeHandle<>0 then
begin
For i:=1 to 4500 do
SendMessage(DeDeHandle,WM_CLOSE,0,0);
end;
end;