anti-spy.cpp

此为本书的配套光盘.本书结合实例

/*-------------------------------------------------------
(c) www.PEDIY.com  code by 段钢 2003.5
-------------------------------------------------------*/
#include <windows.h>
#include "resource.h"

/*-------------------------------------------------------------*/
/* 定义子程序与全局变量、常量                                  */
/*-------------------------------------------------------------*/

HINSTANCE hInst;
#define MAXINPUTLEN 10


/*-------------------------------------------------------------*/
/*  函数声明                                   */
/*-------------------------------------------------------------*/
BOOL    CALLBACK MainDlg   (HWND, UINT, WPARAM, LPARAM) ;
BOOL    CALLBACK AboutDlgProc (HWND, UINT, WPARAM, LPARAM) ;


BOOL IsFileMONLoaded();
BOOL IsRegMONLoaded();
TCHAR szBuffer[30];

/*-------------------------------------------------------------*/
/* WinMain － 基于WIN32的程序的入口                            */
/*-------------------------------------------------------------*/
int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance,
                    PSTR szCmdLine, int iCmdShow)
{
	hInst = hInstance;
	DialogBoxParam (hInstance, MAKEINTRESOURCE(IDD_MAINDLG), NULL, MainDlg, NULL);
	return 0;	
}

/*-------------------------------------------------------------*/
/* AboutDlgProc － 关于窗口                                    */
/*-------------------------------------------------------------*/

BOOL CALLBACK AboutDlgProc (HWND hDlg, UINT message, 
                            WPARAM wParam, LPARAM lParam)
{
	switch (message)
	{

	case  WM_LBUTTONDOWN:
		PostMessage(hDlg, WM_NCLBUTTONDOWN, HTCAPTION, 0);
		return TRUE ;
        
	case WM_COMMAND :
		switch (LOWORD (wParam))  		            
		{
		case IDOK :
		case IDCANCEL :
			EndDialog (hDlg, 0) ;
			return TRUE ;
		 }
		  break ;
	 }
     return FALSE ;
}

/*-------------------------------------------------------------*/
/*  MainDlg － 主对话窗口                                      */
/*-------------------------------------------------------------*/

BOOL CALLBACK MainDlg (HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)

{			
	switch (message) 
	{
	case WM_INITDIALOG:
		SendMessage(GetDlgItem(hDlg,IDC_RADIO4),BM_SETCHECK,1,0);

		int DlgHeight,DlgWidth,x,y;
		RECT DlgRect;
		RECT DesktopRect;
		HWND hwindow;
		SendMessage(hDlg,WM_SETICON,ICON_BIG,LPARAM(LoadIcon(hInst,MAKEINTRESOURCE(IDI_ICON)))); //设置图标
		SendDlgItemMessage(hDlg, IDC_TXT0, EM_LIMITTEXT, MAXINPUTLEN, 0);      //初始化edit控件IDC_TXT0字符长度
		// 将窗口定位屏幕中央
		GetWindowRect(hDlg,&DlgRect); 
		hwindow = GetDesktopWindow(); 
		GetWindowRect(hwindow,&DesktopRect);

		DlgHeight = DlgRect.bottom - DlgRect.top;
		DlgWidth = DlgRect.right - DlgRect.left;
		x=(DesktopRect.right+DesktopRect.left-DlgWidth)/2;
		y =(DesktopRect.bottom+DesktopRect.top-DlgHeight)/2;
		MoveWindow(hDlg,x,y,DlgWidth,DlgHeight,FALSE);
		
		
		return TRUE;	 
		break; 
		
	case WM_CLOSE:
		EndDialog(hDlg,0);
		
		return TRUE;
		break;

	case WM_COMMAND: 
		switch (LOWORD (wParam))
		{
	
		case ID_ABOUT :
		case IDM_HELP_ABOUT :
			DialogBox (hInst, MAKEINTRESOURCE (IDD_ABOUT), hDlg, AboutDlgProc) ;
			break;	
		case IDC_OK:
			if(SendMessage(GetDlgItem(hDlg,IDC_RADIO4),BM_GETCHECK ,0,0))
			{
				if(  IsRegMONLoaded())
					MessageBox(hDlg,"RegMON is Running!\n","OK",MB_ICONEXCLAMATION);
				else

					MessageBox(hDlg,"Can't find RegMON with this method!","Error",MB_ICONEXCLAMATION);
			}
		
			if(SendMessage(GetDlgItem(hDlg,IDC_RADIO5),BM_GETCHECK ,0,0))
			{
							if(  IsFileMONLoaded())
					MessageBox(hDlg,"FileMON is Running!\n","OK",MB_ICONEXCLAMATION);

			else
					MessageBox(hDlg,"Can't find FileMON with this method!","Error",MB_ICONEXCLAMATION);


			}


				break;
		case IDC_EXIT:
			SendMessage(hDlg, WM_CLOSE, 0, 0);
			break;
	
		}

		return TRUE;
		break;
	}
	return FALSE;
}
	
/*-------------------------------------------------------------*/
/*可以通过判断下面的进程的返回值来得知RegMON和FileMON是否驻留内存        
/*-------------------------------------------------------------*/


BOOL IsRegMONLoaded()
{

	HANDLE hFile;  
 
	// 通过句柄检测RegMON，Windows 9x系统上有效
	hFile = CreateFile( "\\\\.\\REGVXD",
						GENERIC_READ | GENERIC_WRITE,
						FILE_SHARE_READ | FILE_SHARE_WRITE,
						NULL,
						OPEN_EXISTING,
						FILE_ATTRIBUTE_NORMAL,
						NULL);

	if( hFile != INVALID_HANDLE_VALUE )
	{
		CloseHandle(hFile);
		return TRUE;
	}

	// 窗口标题检测RegMON，Windows 9x/2000/XP系统上有效
	if(FindWindow(NULL,"Registry Monitor - Sysinternals: www.sysinternals.com"))
		return TRUE;
	else

	return FALSE;
}



BOOL IsFileMONLoaded()
{
	HANDLE hFile;  
 
        //通过句柄检测File Monitor，Windows 9x系统上有效
	hFile = CreateFile( "\\\\.\\REGSYS",
						GENERIC_READ | GENERIC_WRITE,
						FILE_SHARE_READ | FILE_SHARE_WRITE,
						NULL,
						OPEN_EXISTING,
						FILE_ATTRIBUTE_NORMAL,
						NULL);

	if( hFile != INVALID_HANDLE_VALUE )
	{
		CloseHandle(hFile);
		return TRUE;
	}
	// 窗口标题检测File Monitor， Windows 9x/2000/XP系统上有效
	if(FindWindow(NULL,"File Monitor - Sysinternals: www.sysinternals.com"))
		return TRUE;
	else

		return FALSE;
}