如何定义,DEP在系统中是ON

时间:2011-08-14 15:16:37

标签: delphi dep

DelphiXe; XP,VISTA,Win7的,WSrv2008R2;

enter image description here

支持0.DEP(数据执行保护)CPU

Function isCpuDEP:bool; 
begin
Result:=... //???
end;

1.如何定义,DEP在系统中是ON?

Function isEnableDEP:bool; // Win Xp comparable
begin
Result:=false;if isCpuDEP=false then exit;
Result:=... //???
end;

2.定义,如果DEP已启用,并且还启用了所有程序和服务?

Function isEnableDEPForAllProgram:bool;
begin
Result:=false;if isEnableDEP=false then exit;
Result:=... //???
end;

3.获取DEP程序列表?

Function GetDEPProgramList:TStringList;
begin
Result:=nil;if isEnableDEPForAllProgram=false then exit;
Result:=Tstringlist.Create;
Result:=... //???
end;

3 个答案:

答案 0 :(得分:7)

Win32_OperatingSystem WMi类有4个属性,用于报告DEP的状态

  • DataExecutionPrevention_Available
  • DataExecutionPrevention_32BitApplications
  • DataExecutionPrevention_Drivers
  • DataExecutionPrevention_SupportPolicy

阅读有关这些属性的MSDN文档以查看说明。

检查此示例应用程序

{$APPTYPE CONSOLE}

uses
  SysUtils,
  ActiveX,
  ComObj,
  Variants;


function DEPStatus(Status : integer) : string;
begin
  case Status of
   0 : Result:='Always Off';
   1 : Result:='DEP is turned off for all 32-bit applications on the computer with no exceptions. This setting is not available for the user interface.';
   2 : Result:='DEP is enabled for all 32-bit applications on the computer. This setting is not available for the user interface.';
   3 : Result:='DEP is enabled by default for all 32-bit applications. A user or administrator can explicitly remove support for a 32-bit application by adding the application to an exceptions list.';
   else
       Result:='unknown';
  end;
end;


procedure  GetDEPStatusInfo;
const
  WbemUser            ='';
  WbemPassword        ='';
  WbemComputer        ='localhost';
  wbemFlagForwardOnly = $00000020;
var
  FSWbemLocator : OLEVariant;
  FWMIService   : OLEVariant;
  FWbemObjectSet: OLEVariant;
  FWbemObject   : OLEVariant;
  oEnum         : IEnumvariant;
  iValue        : LongWord;
begin;
  FSWbemLocator := CreateOleObject('WbemScripting.SWbemLocator');
  FWMIService   := FSWbemLocator.ConnectServer(WbemComputer, 'root\CIMV2', WbemUser, WbemPassword);
  FWbemObjectSet:= FWMIService.ExecQuery('SELECT * FROM Win32_OperatingSystem','WQL',wbemFlagForwardOnly);
  oEnum         := IUnknown(FWbemObjectSet._NewEnum) as IEnumVariant;
  if oEnum.Next(1, FWbemObject, iValue) = 0 then
  begin
    Writeln(Format('DataExecutionPrevention_32BitApplications    %s',[FWbemObject.DataExecutionPrevention_32BitApplications]));// Boolean
    Writeln(Format('DataExecutionPrevention_Available            %s',[FWbemObject.DataExecutionPrevention_Available]));// Boolean
    Writeln(Format('DataExecutionPrevention_Drivers              %s',[FWbemObject.DataExecutionPrevention_Drivers]));// Boolean
    Writeln(Format('DataExecutionPrevention_SupportPolicy        %s',[FWbemObject.DataExecutionPrevention_SupportPolicy]));// Uint8
    Writeln(DEPStatus(FWbemObject.DataExecutionPrevention_SupportPolicy));
  end;
end;


begin
 try
    CoInitialize(nil);
    try
      GetDEPStatusInfo;
    finally
      CoUninitialize;
    end;
 except
    on E:EOleException do
        Writeln(Format('EOleException %s %x', [E.Message,E.ErrorCode]));
    on E:Exception do
        Writeln(E.Classname, ':', E.Message);
 end;
 Writeln('Press Enter to exit');
 Readln;
end.

答案 1 :(得分:7)

以下使用GetProcessDEPPolicy作为第(1)点:

type
  TGetProcessDEPPolicy =
      function(Process: THandle; out Flags: DWORD; out Permanent: Bool): Bool; stdcall;
const
  PROCESS_DEP_ENABLE = $00000001;
  PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION = $00000002;

procedure TForm1.Button1Click(Sender: TObject);
var
  GetProcessDEPPolicy: TGetProcessDEPPolicy;
  DEPFlags: DWORD;
  IsPermanent: Bool;
begin
  @GetProcessDEPPolicy :=
      GetProcAddress(GetModuleHandle(kernel32), 'GetProcessDEPPolicy');
  if Assigned(GetProcessDEPPolicy) then begin
    if GetProcessDEPPolicy(GetCurrentProcess, DEPFlags, IsPermanent) then begin

      if (DEPFlags and PROCESS_DEP_ENABLE) = PROCESS_DEP_ENABLE then
        ShowMessage('DEP enabled')
      else
        ShowMessage('DEP disabled');

    end else
      raise EOSError.Create(SysErrorMessage(GetLastError));
  end else
    raise EOSError.Create('Unsupported OS');
end;


对于第(2)点,您可以以类似的方式使用GetSystemDEPPolicy

对于第(3)点,您可以枚举进程并找出使用DEP运行的进程。

答案 2 :(得分:6)

这是一种简单但非正统的检查DEP的方法,但它仅适用于当前程序

function IsDepOn:Boolean;
var
shellcode : array [0..1] of byte;
begin
  shellcode[0] := $90;
  shellcode[1] := $C3;
  try
  asm
      lea eax,shellcode
      call eax
  end;
      Result:=False;
  except
      Result:=True;
  end;
end;