Windows XP SP2 开始提供安全中心,杀毒软件会向安全中心注册报道,这样windows就可以检测到系统中是否安装了杀毒软件。
如何在自己的程序中实现这个功能呢?
网上找到的大多是通过WMI来实现的VBScript脚本代码,咱用MASM32来实现之。
完整的代码如下:
(源代码+EXE下载:
1、
2、 http://purpleendurer.ys168.com)
;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
; 文 件 名:WmiAntiVir.asm (控制台程序)
; 功 能: 通过WMI获取反病毒软件信息和软件更新时间
; 开发环境:Win XP PRO SP3 + MASM32 v8
; 作 者:PurpleEndurer, 2010-04-19,广西河池
;
; log
; --------------------------------------------------
; 2010-05-24 开始编写
;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
.586 .MODEL FLAT,STDCALL OPTION CASEMAP:NONE INCLUDE /masm32/include/windows.inc INCLUDE /masm32/include/kernel32.inc INCLUDELIB /masm32/lib/kernel32.lib INCLUDE /masm32/include/ole32.inc INCLUDELIB /masm32/lib/ole32.lib INCLUDE /masm32/include/user32.inc INCLUDELIB /masm32/lib/user32.lib INCLUDE /masm32/include/masm32.inc INCLUDELIB /masm32/lib/masm32.lib EnumAntiVir proto ;ssssssssssssssssssssssss ;.const ;ssssssssssssssssssssssss EOAC_NONE EQU 0 COINIT_MULTITHREADED equ 00h ; located in RpcDce.h RPC_C_AUTHN_LEVEL_DEFAULT EQU 0 RPC_C_IMP_LEVEL_DEFAULT EQU 0 RPC_C_IMP_LEVEL_IMPERSONATE EQU 3 GUID2 STRUC dd1 DWORD ? dw1 WORD ? dw2 WORD ? db1 BYTE ? db2 BYTE ? db3 BYTE ? db4 BYTE ? db5 BYTE ? db6 BYTE ? db7 BYTE ? db8 BYTE ? GUID2 ENDS IWbemLocator STRUCT lpVtbl DWORD ? IWbemLocator ENDS IWbemLocatorVtbl STRUCT QueryInterface DWORD ? AddRef DWORD ? Release DWORD ? ConnectServer DWORD ? IWbemLocatorVtbl ENDS IWbemServices STRUCT lpVtbl DWORD ? IWbemServices ENDS IWbemServicesVtbl STRUCT QueryInterface DWORD ? AddRef DWORD ? Release DWORD ? OpenNamespace DWORD ? CancelAsyncCall DWORD ? QueryObjectSink DWORD ? GetObject DWORD ? GetObjectAsync DWORD ? PutClass DWORD ? PutClassAsync DWORD ? DeleteClass DWORD ? DeleteClassAsync DWORD ? CreateClassEnum DWORD ? CreateClassEnumAsync DWORD ? PutInstance DWORD ? PutInstanceAsync DWORD ? DeleteInstance DWORD ? DeleteInstanceAsync DWORD ? CreateInstanceEnum DWORD ? CreateInstanceEnumAsync DWORD ? ExecQuery DWORD ? ExecQueryAsync DWORD ? ExecNotificationQuery DWORD ? ExecNotificationQueryAsync DWORD ? ExecMethod DWORD ? ExecMethodAsync DWORD ? IWbemServicesVtbl ENDS IEnumWbemClassObject STRUCT lpVtbl DWORD ? IEnumWbemClassObject ENDS IEnumWbemClassObjectVtbl STRUCT QueryInterface DWORD ? AddRef DWORD ? Release DWORD ? Reset DWORD ? Next DWORD ? NextAsync DWORD ? Clone DWORD ? Skip DWORD ? IEnumWbemClassObjectVtbl ENDS IWbemClassObject STRUCT lpVtbl DWORD ? IWbemClassObject ENDS IWbemClassObjectVtbl STRUCT QueryInterface DWORD ? AddRef DWORD ? Release DWORD ? GetQualifierSet DWORD ? Get DWORD ? Put DWORD ? Delete DWORD ? GetNames DWORD ? BeginEnumeration DWORD ? Next DWORD ? EndEnumeration DWORD ? GetPropertyQualifierSet DWORD ? GetObjectText DWORD ? SpawnDerivedClass DWORD ? SpawnInstance DWORD ? CompareTo DWORD ? GetPropertyOrigin DWORD ? InheritsFrom DWORD ? GetMethod DWORD ? PutMethod DWORD ? DeleteMethod DWORD ? BeginMethodEnumeration DWORD ? NextMethod DWORD ? EndMethodEnumeration DWORD ? GetMethodQualifierSet DWORD ? GetMethodOrigin DWORD ? IWbemClassObjectVtbl ENDS SAFEARRAYBOUND struct cElements dd ? ;这一维有多少个元素? lLbound dd ? ;它的索引从几开始? SAFEARRAYBOUND ends SAFEARRAY struct cDims dw ? ;Count of dimensions in this array.这个数组有几维? fFeatures dw ? ;Flags used by the SafeArray routines documented below. 数组有什么特性? cbElements dd ? ;Size of an element of the array. Does not include size of pointed-to data. ;数组的每个元素有多大? cLocks dd ? ;Number of times the array has been locked without corresponding unlock. ;这个数组被锁定过几次? pvData dd ? ;Pointer to the data. 数组里的数据放在什么地方? rgsabound SAFEARRAYBOUND <> ;One bound for each dimension.真数组 SAFEARRAY ends ;ssssssssssssssssssssssss .DATA ;ssssssssssssssssssssssss g_wszNameSpace WORD "r", "o", "o", "t", "/", "S", "e", "c", "u", "r", "i", "t", "y"/ , "C", "e", "n", "t", "e", "r", 0 g_wszQueryLanguage WORD "W", "Q", "L", 0 WBEM_FLAG_CONNECT_USE_MAX_WAIT EQU 80h WBEM_FLAG_FORWARD_ONLY EQU 20h WBEM_FLAG_RETURN_IMMEDIATELY EQU 10h WBEM_INFINITE EQU -1 WBEM_E_INVALID_QUERY EQU 80041017h WBEM_E_INVALID_QUERY_TYPE EQU 80041018h IID_IWbemLocator GUID2 <0dc12a687h,0737fh,011cfh,088h,04dh,000h,0aah,000h,04bh,02eh,024h> IID_IEnumWbemClassObject GUID2 <027947e1h,0d731h,011ceh,0a3h,057h,000h,000h,000h,000h,000h,001h> IID_IWbemClassObject GUID2 <0dc12a681h,0737fh,011cfh,088h,04dh,000h,0aah,000h,04bh,02eh,024h> ; located in WbemProv.h CLSID_WbemAdministrativeLocator GUID2 <0cb8555cch,09128h,011d1h,0adh,09bh,000h,0c0h,04fh,0d8h,0fdh,0ffh> locator IWbemLocator <> service IWbemServices <> enumerator IEnumWbemClassObject <> processor IWbemClassObject <> retCount DWORD ? var_val DWORD ? DWORD ? DWORD ? DWORD ? g_szAppInfo db "通过WMI获取反病毒软件信息", 0dh ,0ah db "作 者:PurpleEndurer, 2010-05-24,广西河池", 0dh ,0ah, 0 g_wszSelectAntiVirus WORD "S","E","L","E","C","T"," ","*"," ","F","R","O","M"," " g_wszAntiVirus WORD "A", "n", "t", "i", "V", "i", "r", "u", "s", "P", "r", "o", "d", "u", "c", "t", 0 ; class AntiVirusProduct ; { ; [key, Not_Null] string instanceGuid; ; [Not_Null] string displayName; ; [Not_Null] boolean productUptoDate; ; boolean onAccessScanningEnabled; ; boolean productHasNotifiedUser; ; boolean productWantsWscNotifications; ; uint8 productState; ; string companyName; ; string versionNumber; ; string pathToSignedProductExe; ; }; g_szdisplayName db 0dh, 0ah, "displayName:", 0 g_wszdisplayName WORD "d", "i", "s", "p", "l", "a", "y", "N", "a", "m", "e", 0 g_szcompanyName db 0dh, 0ah, "companyName:", 0 g_wszcompanyName WORD "c", "o", "m", "p", "a", "n", "y", "N", "a", "m", "e", 0 g_szinstanceGuid db 0dh, 0ah, "instanceGuid:", 0 g_wszinstanceGuid WORD "i", "n", "s", "t", "a", "n", "c", "e", "G", "u", "i", "d", 0 g_szpathToSignedProductExe db 0dh, 0ah, "pathToSignedProductExe", 0 g_wszpathToSignedProductExe word "p", "a", "t", "h", "T", "o", "S", "i", "g", "n", "e", "d", "P", "r", "o", "d", "u", "c", "t", "E", "x", "e", 0 g_szversionNumber db 0dh, 0ah, "versionNumber:", 0 g_wszversionNumber WORD "v", "e", "r", "s", "i", "o", "n", "N", "u", "m", "b", "e", "r", 0 g_szonAccessScanningEnabled db 0dh, 0ah, "onAccessScanningEnabled:", 0 g_wszonAccessScanningEnabled WORD "o", "n", "A", "c", "c", "e", "s", "s"/ , "S", "c", "a", "n", "n", "i", "n", "g", "E", "n", "a", "b", "l", "e", "d", 0 g_szproductUptoDate db 0dh, 0ah, "productUptoDate:", 0 ;自动更新 g_wszproductUptoDate WORD "p", "r", "o", "d", "u", "c", "t", "U", "p", "t", "o", "D", "a", "t", "e", 0 g_szPerSCr db "%S" g_szCrLf db 0dh, 0ah, 0 g_szPerXCr db "%x", 0dh, 0ah, 0 g_szFail db "Fail", 0dh, 0ah, 0 g_szFalse db "FALSE", 0 g_szTrue db "TRUE", 0 ;ssssssssssssssssssssssss .CODE ;ssssssssssssssssssssssss start: invoke CoInitializeEx, NULL, COINIT_MULTITHREADED invoke CoInitializeSecurity, NULL, -1, NULL, NULL, RPC_C_AUTHN_LEVEL_DEFAULT,/ RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE, NULL invoke CoCreateInstance, ADDR CLSID_WbemAdministrativeLocator, NULL,/ CLSCTX_INPROC_SERVER, ADDR IID_IWbemLocator, ADDR locator invoke StdOut, ADDR g_szAppInfo invoke EnumAntiVir invoke CoUninitialize invoke ExitProcess, 0 ;====================================================== wmiConnectServer proc ;====================================================== mov esi, locator lodsd push OFFSET service push NULL push NULL push WBEM_FLAG_CONNECT_USE_MAX_WAIT push NULL push NULL push NULL push OFFSET g_wszNameSpace push DWORD PTR [locator] call DWORD PTR [eax][IWbemLocatorVtbl.ConnectServer] ret wmiConnectServer endp ;====================================================== wmiExecQuery proc lpwszSQL: LPWSTR ;====================================================== mov esi, service lodsd push OFFSET enumerator push NULL push WBEM_FLAG_FORWARD_ONLY or WBEM_FLAG_RETURN_IMMEDIATELY push lpwszSQL push OFFSET g_wszQueryLanguage push DWORD PTR [service] call DWORD PTR [eax][IWbemServicesVtbl.ExecQuery] ret wmiExecQuery endp ;====================================================== wmiNext proc ;====================================================== mov esi, enumerator lodsd push OFFSET retCount push OFFSET processor push TRUE push WBEM_INFINITE push DWORD PTR [enumerator] call DWORD PTR [eax][IEnumWbemClassObjectVtbl.Next] ret wmiNext endp ;====================================================== wmiGet proc lpwszItem: LPWSTR ;====================================================== mov esi, processor lodsd push NULL push NULL push OFFSET var_val push 0 push lpwszItem push DWORD PTR [processor] call DWORD PTR [eax][IWbemClassObjectVtbl.Get] ret wmiGet endp ;====================================================== writeWmiArray proc ;====================================================== LOCAL szbuf[256]: byte mov ecx, [var_val + 8] mov esi,[ecx].SAFEARRAY.pvData mov edi,[ecx].SAFEARRAY.rgsabound.cElements .repeat ; while edi push esi push edi mov ecx, [esi] invoke wsprintf, ADDR szbuf, ADDR g_szPerSCr, ecx invoke StdOut, ADDR szbuf pop edi dec edi pop esi add esi,4 .until edi==0 ;endw ret writeWmiArray endp ;====================================================== writeWmiStr proc lpszItem: LPSTR, lpwszItem: LPWSTR, lpszFmt: LPSTR ;====================================================== LOCAL szbuf[256]: byte invoke RtlZeroMemory, addr szbuf, sizeof szbuf invoke StdOut, lpszItem invoke wmiGet, lpwszItem test eax, eax .if ZERO? mov eax, [var_val] cmp eax, VT_EMPTY je @writeWmiStrRet cmp eax, VT_NULL je @writeWmiStrRet .IF eax==VT_BSTR invoke wsprintf, ADDR szbuf, lpszFmt, [var_val + 8] invoke StdOut, ADDR szbuf .ELSE .if eax==VT_ARRAY invoke writeWmiArray .else .IF eax==VT_BOOL mov eax, [var_val + 8] and eax, 0ffffh .if eax==VARIANT_TRUE push OFFSET g_szTrue .else push OFFSET g_szFalse .endif call StdOut .ENDIF .endif .ENDIF .else invoke StdOut, ADDR g_szFail .endif @writeWmiStrRet: ret writeWmiStr endp ;====================================================== EnumAntiVir proc ;====================================================== invoke wmiConnectServer test eax, eax jnz @EnumAntiVirRet invoke wmiExecQuery, OFFSET g_wszSelectAntiVirus test eax, eax jnz @EnumAntiVirRet @EnumAntiVirNext1: invoke wmiNext test eax, eax jnz @EnumAntiVirRet invoke writeWmiStr, ADDR g_szdisplayName, ADDR g_wszdisplayName, ADDR g_szPerSCr invoke writeWmiStr, ADDR g_szcompanyName, ADDR g_wszcompanyName, ADDR g_szPerSCr invoke writeWmiStr, ADDR g_szinstanceGuid, ADDR g_wszinstanceGuid, ADDR g_szPerSCr invoke writeWmiStr, ADDR g_szpathToSignedProductExe, ADDR g_wszpathToSignedProductExe, ADDR g_szPerSCr invoke writeWmiStr, ADDR g_szversionNumber, ADDR g_wszversionNumber, ADDR g_szPerSCr invoke writeWmiStr, ADDR g_szonAccessScanningEnabled, ADDR g_wszonAccessScanningEnabled, ADDR g_szPerSCr invoke writeWmiStr, ADDR g_szproductUptoDate, ADDR g_wszproductUptoDate, ADDR g_szPerSCr jmp @EnumAntiVirNext1 @EnumAntiVirRet: ret EnumAntiVir endp END
