check9x.cpp

此为本书的配套光盘.本书不但由浅入深地讲解了软件保护技术

/********************************************************************

	Copyright (c) Beijing Feitian Technologies
	http://www.FTSafe.com

	File :		Check9x.cpp	

	Created:	2003/11/05

	Author:		yihai
	
	Purpose:	?

	Revision:	?

*********************************************************************/
 // Check9x.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include <conio.H>
#include <windows.h>
#include <Winbase.h>

typedef  BOOL (WINAPI *TPFN_IsDebuggerPresent)();
BOOL chk_UserDbg()
{
	HMODULE hMod = LoadLibrary("KERNEL32.DLL");
	
	TPFN_IsDebuggerPresent IsDebuggerPresent =	(TPFN_IsDebuggerPresent)GetProcAddress(hMod,"IsDebuggerPresent");
	
	if(IsDebuggerPresent)
		return IsDebuggerPresent();
	
	FreeLibrary(hMod);
	return FALSE;
}

bool chk_TIB()
{
	DWORD  DebugContext=NULL;
	__asm mov eax,fs:[0x20]	
	__asm mov DebugContext,eax
		
	if(DebugContext!=NULL)
		return true;
	return false;
}

bool chk_SICE()
{
	if(INVALID_HANDLE_VALUE != CreateFile("\\\\.\\SICE",GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_ARCHIVE,NULL) )
	{
		return true;
	}
	return false;
}

BOOL chk_Int68()
{
	BOOL bRet=FALSE;
	__asm
	{
		mov ah,43h
		int 68
		cmp ax,0x0f386
		jnz lbl_no_softice
		mov bRet,TRUE
	}
lbl_no_softice:
		return bRet;	
}


void CrashSoftICE()
{
	__try
	{
		__asm
		{
			mov ax,0x0902
			mov si,0x4647
			mov di,0x4a4d
			int 3			
		}	
	}
	__except(EXCEPTION_EXECUTE_HANDLER)
	{
	}	
}

typedef struct tagInterrupt_Gate
{
	WORD  wLowAddr;
	WORD  wSegSel;
	WORD  wFlags;
	WORD  wHighAddr;
}Interrupt_Gate,*PInterrupt_Gate;

bool chk_IDT()
{
	bool bRet=false;
	BYTE bufIDT[6];
	memset(bufIDT,0,6);
	__asm
	{
		SIDT bufIDT
	}
	
	PDWORD pAddrVal = (PDWORD)(bufIDT+2);
	PInterrupt_Gate pIDTBase = (PInterrupt_Gate)*pAddrVal;
	
	PInterrupt_Gate pInt0Gate = pIDTBase;
	PInterrupt_Gate pInt1Gate = pIDTBase+1;
	PInterrupt_Gate pInt3Gate = pIDTBase+3;
	
	if(pInt0Gate->wHighAddr != pInt1Gate->wHighAddr)
	{
		printf("    Int1 was hooked\n");
		bRet = true;
	}

	if(pInt0Gate->wHighAddr != pInt3Gate->wHighAddr)
	{
		printf("    Int3 was hooked\n");
		bRet = true;
	}

	return bRet;
}

BOOL chk_I3SEH()
{
	BOOL bRet = TRUE;
	__try
	{
		__asm int 3		
		bRet = TRUE;
	}	
	__except(EXCEPTION_EXECUTE_HANDLER)
	{
		bRet = FALSE;
	}
	return bRet;
}

int main(int argc, char* argv[])
{
	printf("[I3SEH]\n");
	if(chk_I3SEH())
		printf("  Debugger dectected.\n");
	else
		printf("  no Debugger.\n");


	printf("[User DBG]\n");
	if(chk_UserDbg())
		printf("  User Debugger detected.\n");
	else
		printf("  no User Debugger.\n");

	printf("[TIB]\n");
	if(chk_TIB())
		printf("  Debugger detected.\n");
	else
		printf("  no Debugger.\n");


	printf("[SICE]\n");
	if(chk_SICE())
		printf("  SICE detected.\n");
	else
		printf("  no SICE.\n");	

	printf("[Int68]\n");
	if(chk_SICE())
		printf("  SICE detected.\n");
	else
		printf("  no SICE.\n");
		
	printf("[IDT]\n");
	if(chk_IDT())
		printf("  Debugger detected.\n");
	else
		printf("  no Debugger.\n");

	printf("SoftICE will be crashed,do you want to continue(y/n)?.\n");
	int ch = getche();
	if( (ch == 'y') || (ch == 'Y') )
		CrashSoftICE();
	return 0;
}