DelphiXe; XP,VISTA,Win7的,WSrv2008R2;
支持0.DEP(数据执行保护)CPU
Function isCpuDEP:bool;
begin
Result:=... //???
end;
1.如何定义,DEP在系统中是ON?
Function isEnableDEP:bool; // Win Xp comparable
begin
Result:=false;if isCpuDEP=false then exit;
Result:=... //???
end;
2.定义,如果DEP已启用,并且还启用了所有程序和服务?
Function isEnableDEPForAllProgram:bool;
begin
Result:=false;if isEnableDEP=false then exit;
Result:=... //???
end;
3.获取DEP程序列表?
Function GetDEPProgramList:TStringList;
begin
Result:=nil;if isEnableDEPForAllProgram=false then exit;
Result:=Tstringlist.Create;
Result:=... //???
end;
答案 0 :(得分:7)
Win32_OperatingSystem
WMi类有4个属性,用于报告DEP的状态
阅读有关这些属性的MSDN文档以查看说明。
检查此示例应用程序
{$APPTYPE CONSOLE}
uses
SysUtils,
ActiveX,
ComObj,
Variants;
function DEPStatus(Status : integer) : string;
begin
case Status of
0 : Result:='Always Off';
1 : Result:='DEP is turned off for all 32-bit applications on the computer with no exceptions. This setting is not available for the user interface.';
2 : Result:='DEP is enabled for all 32-bit applications on the computer. This setting is not available for the user interface.';
3 : Result:='DEP is enabled by default for all 32-bit applications. A user or administrator can explicitly remove support for a 32-bit application by adding the application to an exceptions list.';
else
Result:='unknown';
end;
end;
procedure GetDEPStatusInfo;
const
WbemUser ='';
WbemPassword ='';
WbemComputer ='localhost';
wbemFlagForwardOnly = $00000020;
var
FSWbemLocator : OLEVariant;
FWMIService : OLEVariant;
FWbemObjectSet: OLEVariant;
FWbemObject : OLEVariant;
oEnum : IEnumvariant;
iValue : LongWord;
begin;
FSWbemLocator := CreateOleObject('WbemScripting.SWbemLocator');
FWMIService := FSWbemLocator.ConnectServer(WbemComputer, 'root\CIMV2', WbemUser, WbemPassword);
FWbemObjectSet:= FWMIService.ExecQuery('SELECT * FROM Win32_OperatingSystem','WQL',wbemFlagForwardOnly);
oEnum := IUnknown(FWbemObjectSet._NewEnum) as IEnumVariant;
if oEnum.Next(1, FWbemObject, iValue) = 0 then
begin
Writeln(Format('DataExecutionPrevention_32BitApplications %s',[FWbemObject.DataExecutionPrevention_32BitApplications]));// Boolean
Writeln(Format('DataExecutionPrevention_Available %s',[FWbemObject.DataExecutionPrevention_Available]));// Boolean
Writeln(Format('DataExecutionPrevention_Drivers %s',[FWbemObject.DataExecutionPrevention_Drivers]));// Boolean
Writeln(Format('DataExecutionPrevention_SupportPolicy %s',[FWbemObject.DataExecutionPrevention_SupportPolicy]));// Uint8
Writeln(DEPStatus(FWbemObject.DataExecutionPrevention_SupportPolicy));
end;
end;
begin
try
CoInitialize(nil);
try
GetDEPStatusInfo;
finally
CoUninitialize;
end;
except
on E:EOleException do
Writeln(Format('EOleException %s %x', [E.Message,E.ErrorCode]));
on E:Exception do
Writeln(E.Classname, ':', E.Message);
end;
Writeln('Press Enter to exit');
Readln;
end.
答案 1 :(得分:7)
以下使用GetProcessDEPPolicy
作为第(1)点:
type
TGetProcessDEPPolicy =
function(Process: THandle; out Flags: DWORD; out Permanent: Bool): Bool; stdcall;
const
PROCESS_DEP_ENABLE = $00000001;
PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION = $00000002;
procedure TForm1.Button1Click(Sender: TObject);
var
GetProcessDEPPolicy: TGetProcessDEPPolicy;
DEPFlags: DWORD;
IsPermanent: Bool;
begin
@GetProcessDEPPolicy :=
GetProcAddress(GetModuleHandle(kernel32), 'GetProcessDEPPolicy');
if Assigned(GetProcessDEPPolicy) then begin
if GetProcessDEPPolicy(GetCurrentProcess, DEPFlags, IsPermanent) then begin
if (DEPFlags and PROCESS_DEP_ENABLE) = PROCESS_DEP_ENABLE then
ShowMessage('DEP enabled')
else
ShowMessage('DEP disabled');
end else
raise EOSError.Create(SysErrorMessage(GetLastError));
end else
raise EOSError.Create('Unsupported OS');
end;
对于第(2)点,您可以以类似的方式使用GetSystemDEPPolicy
。
对于第(3)点,您可以枚举进程并找出使用DEP运行的进程。
答案 2 :(得分:6)
这是一种简单但非正统的检查DEP的方法,但它仅适用于当前程序
function IsDepOn:Boolean;
var
shellcode : array [0..1] of byte;
begin
shellcode[0] := $90;
shellcode[1] := $C3;
try
asm
lea eax,shellcode
call eax
end;
Result:=False;
except
Result:=True;
end;
end;