Windows XP SP2 开始提供安全中心,杀毒软件会向安全中心注册报道,这样windows就可以检测到系统中是否安装了杀毒软件。
如何在自己的程序中实现这个功能呢?
网上找到的大多是通过WMI来实现的VBScript脚本代码,咱用MASM32来实现之。
完整的代码如下:
(源代码+EXE下载:
1、http://download.youkuaiyun.com/source/2389674
2、http://purpleendurer.ys168.com)
;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
;文件名:WmiAntiVir.asm(控制台程序)
;功能:通过WMI获取反病毒软件信息和软件更新时间
;开发环境:WinXPPROSP3+MASM32v8
;作者:PurpleEndurer,2010-04-19,广西河池
;
;log
;--------------------------------------------------
;2010-05-24开始编写
;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
.586
.MODELFLAT,STDCALL
OPTIONCASEMAP:NONE
INCLUDE\masm32\include\windows.inc
INCLUDE\masm32\include\kernel32.inc
INCLUDELIB\masm32\lib\kernel32.lib
INCLUDE\masm32\include\ole32.inc
INCLUDELIB\masm32\lib\ole32.lib
INCLUDE\masm32\include\user32.inc
INCLUDELIB\masm32\lib\user32.lib
INCLUDE\masm32\include\masm32.inc
INCLUDELIB\masm32\lib\masm32.lib
EnumAntiVirproto
;ssssssssssssssssssssssss
;.const
;ssssssssssssssssssssssss
EOAC_NONEEQU0
COINIT_MULTITHREADEDequ00h
;locatedinRpcDce.h
RPC_C_AUTHN_LEVEL_DEFAULTEQU0
RPC_C_IMP_LEVEL_DEFAULTEQU0
RPC_C_IMP_LEVEL_IMPERSONATEEQU3
GUID2STRUC
dd1DWORD?
dw1WORD?
dw2WORD?
db1BYTE?
db2BYTE?
db3BYTE?
db4BYTE?
db5BYTE?
db6BYTE?
db7BYTE?
db8BYTE?
GUID2ENDS
IWbemLocatorSTRUCT
lpVtblDWORD?
IWbemLocatorENDS
IWbemLocatorVtblSTRUCT
QueryInterfaceDWORD?
AddRefDWORD?
ReleaseDWORD?
ConnectServerDWORD?
IWbemLocatorVtblENDS
IWbemServicesSTRUCT
lpVtblDWORD?
IWbemServicesENDS
IWbemServicesVtblSTRUCT
QueryInterfaceDWORD?
AddRefDWORD?
ReleaseDWORD?
OpenNamespaceDWORD?
CancelAsyncCallDWORD?
QueryObjectSinkDWORD?
GetObjectDWORD?
GetObjectAsyncDWORD?
PutClassDWORD?
PutClassAsyncDWORD?
DeleteClassDWORD?
DeleteClassAsyncDWORD?
CreateClassEnumDWORD?
CreateClassEnumAsyncDWORD?
PutInstanceDWORD?
PutInstanceAsyncDWORD?
DeleteInstanceDWORD?
DeleteInstanceAsyncDWORD?
CreateInstanceEnumDWORD?
CreateInstanceEnumAsyncDWORD?
ExecQueryDWORD?
ExecQueryAsyncDWORD?
ExecNotificationQueryDWORD?
ExecNotificationQueryAsyncDWORD?
ExecMethodDWORD?
ExecMethodAsyncDWORD?
IWbemServicesVtblENDS
IEnumWbemClassObjectSTRUCT
lpVtblDWORD?
IEnumWbemClassObjectENDS
IEnumWbemClassObjectVtblSTRUCT
QueryInterfaceDWORD?
AddRefDWORD?
ReleaseDWORD?
ResetDWORD?
NextDWORD?
NextAsyncDWORD?
CloneDWORD?
SkipDWORD?
IEnumWbemClassObjectVtblENDS
IWbemClassObjectSTRUCT
lpVtblDWORD?
IWbemClassObjectENDS
IWbemClassObjectVtblSTRUCT
QueryInterfaceDWORD?
AddRefDWORD?
ReleaseDWORD?
GetQualifierSetDWORD?
GetDWORD?
PutDWORD?
DeleteDWORD?
GetNamesDWORD?
BeginEnumerationDWORD?
NextDWORD?
EndEnumerationDWORD?
GetPropertyQualifierSetDWORD?
GetObjectTextDWORD?
SpawnDerivedClassDWORD?
SpawnInstanceDWORD?
CompareToDWORD?
GetPropertyOriginDWORD?
InheritsFromDWORD?
GetMethodDWORD?
PutMethodDWORD?
DeleteMethodDWORD?
BeginMethodEnumerationDWORD?
NextMethodDWORD?
EndMethodEnumerationDWORD?
GetMethodQualifierSetDWORD?
GetMethodOriginDWORD?
IWbemClassObjectVtblENDS
SAFEARRAYBOUNDstruct
cElementsdd?;这一维有多少个元素?
lLbounddd?;它的索引从几开始?
SAFEARRAYBOUNDends
SAFEARRAYstruct
cDimsdw?;Countofdimensionsinthisarray.这个数组有几维?
fFeaturesdw?;FlagsusedbytheSafeArrayroutinesdocumentedbelow.数组有什么特性?
cbElementsdd?;Sizeofanelementofthearray.Doesnotincludesizeofpointed-todata.
;数组的每个元素有多大?
cLocksdd?;Numberoftimesthearrayhasbeenlockedwithoutcorrespondingunlock.
;这个数组被锁定过几次?
pvDatadd?;Pointertothedata.数组里的数据放在什么地方?
rgsaboundSAFEARRAYBOUND<>;Oneboundforeachdimension.真数组
SAFEARRAYends
;ssssssssssssssssssssssss
.DATA
;ssssssssssssssssssssssss
g_wszNameSpaceWORD"r","o","o","t","\","S","e","c","u","r","i","t","y"\
,"C","e","n","t","e","r",0
g_wszQueryLanguageWORD"W","Q","L",0
WBEM_FLAG_CONNECT_USE_MAX_WAITEQU80h
WBEM_FLAG_FORWARD_ONLYEQU20h
WBEM_FLAG_RETURN_IMMEDIATELYEQU10h
WBEM_INFINITEEQU-1
WBEM_E_INVALID_QUERYEQU80041017h
WBEM_E_INVALID_QUERY_TYPEEQU80041018h
IID_IWbemLocatorGUID2<0dc12a687h,0737fh,011cfh,088h,04dh,000h,0aah,000h,04bh,02eh,024h>
IID_IEnumWbemClassObjectGUID2<027947e1h,0d731h,011ceh,0a3h,057h,000h,000h,000h,000h,000h,001h>
IID_IWbemClassObjectGUID2<0dc12a681h,0737fh,011cfh,088h,04dh,000h,0aah,000h,04bh,02eh,024h>
;locatedinWbemProv.h
CLSID_WbemAdministrativeLocatorGUID2<0cb8555cch,09128h,011d1h,0adh,09bh,000h,0c0h,04fh,0d8h,0fdh,0ffh>
locatorIWbemLocator<>
serviceIWbemServices<>
enumeratorIEnumWbemClassObject<>
processorIWbemClassObject<>
retCountDWORD?
var_valDWORD?
DWORD?
DWORD?
DWORD?
g_szAppInfodb"通过WMI获取反病毒软件信息",0dh,0ah
db"作者:PurpleEndurer,2010-05-24,广西河池",0dh,0ah,0
g_wszSelectAntiVirusWORD"S","E","L","E","C","T","","*","","F","R","O","M",""
g_wszAntiVirusWORD"A","n","t","i","V","i","r","u","s","P","r","o","d","u","c","t",0
;classAntiVirusProduct
;{
;[key,Not_Null]stringinstanceGuid;
;[Not_Null]stringdisplayName;
;[Not_Null]booleanproductUptoDate;
;booleanonAccessScanningEnabled;
;booleanproductHasNotifiedUser;
;booleanproductWantsWscNotifications;
;uint8productState;
;stringcompanyName;
;stringversionNumber;
;stringpathToSignedProductExe;
;};
g_szdisplayNamedb0dh,0ah,"displayName:",0
g_wszdisplayNameWORD"d","i","s","p","l","a","y","N","a","m","e",0
g_szcompanyNamedb0dh,0ah,"companyName:",0
g_wszcompanyNameWORD"c","o","m","p","a","n","y","N","a","m","e",0
g_szinstanceGuiddb0dh,0ah,"instanceGuid:",0
g_wszinstanceGuidWORD"i","n","s","t","a","n","c","e","G","u","i","d",0
g_szpathToSignedProductExedb0dh,0ah,"pathToSignedProductExe",0
g_wszpathToSignedProductExeword"p","a","t","h","T","o","S","i","g","n","e","d","P","r","o","d","u","c","t","E","x","e",0
g_szversionNumberdb0dh,0ah,"versionNumber:",0
g_wszversionNumberWORD"v","e","r","s","i","o","n","N","u","m","b","e","r",0
g_szonAccessScanningEnableddb0dh,0ah,"onAccessScanningEnabled:",0
g_wszonAccessScanningEnabledWORD"o","n","A","c","c","e","s","s"\
,"S","c","a","n","n","i","n","g","E","n","a","b","l","e","d",0
g_szproductUptoDatedb0dh,0ah,"productUptoDate:",0;自动更新
g_wszproductUptoDateWORD"p","r","o","d","u","c","t","U","p","t","o","D","a","t","e",0
g_szPerSCrdb"%S"
g_szCrLfdb0dh,0ah,0
g_szPerXCrdb"%x",0dh,0ah,0
g_szFaildb"Fail",0dh,0ah,0
g_szFalsedb"FALSE",0
g_szTruedb"TRUE",0
;ssssssssssssssssssssssss
.CODE
;ssssssssssssssssssssssss
start:
invokeCoInitializeEx,NULL,COINIT_MULTITHREADED
invokeCoInitializeSecurity,NULL,-1,NULL,NULL,RPC_C_AUTHN_LEVEL_DEFAULT,\
RPC_C_IMP_LEVEL_IMPERSONATE,NULL,EOAC_NONE,NULL
invokeCoCreateInstance,ADDRCLSID_WbemAdministrativeLocator,NULL,\
CLSCTX_INPROC_SERVER,ADDRIID_IWbemLocator,ADDRlocator
invokeStdOut,ADDRg_szAppInfo
invokeEnumAntiVir
invokeCoUninitialize
invokeExitProcess,0
;======================================================
wmiConnectServerproc
;======================================================
movesi,locator
lodsd
pushOFFSETservice
pushNULL
pushNULL
pushWBEM_FLAG_CONNECT_USE_MAX_WAIT
pushNULL
pushNULL
pushNULL
pushOFFSETg_wszNameSpace
pushDWORDPTR[locator]
callDWORDPTR[eax][IWbemLocatorVtbl.ConnectServer]
ret
wmiConnectServerendp
;======================================================
wmiExecQueryproclpwszSQL:LPWSTR
;======================================================
movesi,service
lodsd
pushOFFSETenumerator
pushNULL
pushWBEM_FLAG_FORWARD_ONLYorWBEM_FLAG_RETURN_IMMEDIATELY
pushlpwszSQL
pushOFFSETg_wszQueryLanguage
pushDWORDPTR[service]
callDWORDPTR[eax][IWbemServicesVtbl.ExecQuery]
ret
wmiExecQueryendp
;======================================================
wmiNextproc
;======================================================
movesi,enumerator
lodsd
pushOFFSETretCount
pushOFFSETprocessor
pushTRUE
pushWBEM_INFINITE
pushDWORDPTR[enumerator]
callDWORDPTR[eax][IEnumWbemClassObjectVtbl.Next]
ret
wmiNextendp
;======================================================
wmiGetproclpwszItem:LPWSTR
;======================================================
movesi,processor
lodsd
pushNULL
pushNULL
pushOFFSETvar_val
push0
pushlpwszItem
pushDWORDPTR[processor]
callDWORDPTR[eax][IWbemClassObjectVtbl.Get]
ret
wmiGetendp
;======================================================
writeWmiArrayproc
;======================================================
LOCALszbuf[256]:byte
movecx,[var_val+8]
movesi,[ecx].SAFEARRAY.pvData
movedi,[ecx].SAFEARRAY.rgsabound.cElements
.repeat;whileedi
pushesi
pushedi
movecx,[esi]
invokewsprintf,ADDRszbuf,ADDRg_szPerSCr,ecx
invokeStdOut,ADDRszbuf
popedi
decedi
popesi
addesi,4
.untiledi==0;endw
ret
writeWmiArrayendp
;======================================================
writeWmiStrproclpszItem:LPSTR,lpwszItem:LPWSTR,lpszFmt:LPSTR
;======================================================
LOCALszbuf[256]:byte
invokeRtlZeroMemory,addrszbuf,sizeofszbuf
invokeStdOut,lpszItem
invokewmiGet,lpwszItem
testeax,eax
.ifZERO?
moveax,[var_val]
cmpeax,VT_EMPTY
je@writeWmiStrRet
cmpeax,VT_NULL
je@writeWmiStrRet
.IFeax==VT_BSTR
invokewsprintf,ADDRszbuf,lpszFmt,[var_val+8]
invokeStdOut,ADDRszbuf
.ELSE
.ifeax==VT_ARRAY
invokewriteWmiArray
.else
.IFeax==VT_BOOL
moveax,[var_val+8]
andeax,0ffffh
.ifeax==VARIANT_TRUE
pushOFFSETg_szTrue
.else
pushOFFSETg_szFalse
.endif
callStdOut
.ENDIF
.endif
.ENDIF
.else
invokeStdOut,ADDRg_szFail
.endif
@writeWmiStrRet:
ret
writeWmiStrendp
;======================================================
EnumAntiVirproc
;======================================================
invokewmiConnectServer
testeax,eax
jnz@EnumAntiVirRet
invokewmiExecQuery,OFFSETg_wszSelectAntiVirus
testeax,eax
jnz@EnumAntiVirRet
@EnumAntiVirNext1:
invokewmiNext
testeax,eax
jnz@EnumAntiVirRet
invokewriteWmiStr,ADDRg_szdisplayName,ADDRg_wszdisplayName,ADDRg_szPerSCr
invokewriteWmiStr,ADDRg_szcompanyName,ADDRg_wszcompanyName,ADDRg_szPerSCr
invokewriteWmiStr,ADDRg_szinstanceGuid,ADDRg_wszinstanceGuid,ADDRg_szPerSCr
invokewriteWmiStr,ADDRg_szpathToSignedProductExe,ADDRg_wszpathToSignedProductExe,ADDRg_szPerSCr
invokewriteWmiStr,ADDRg_szversionNumber,ADDRg_wszversionNumber,ADDRg_szPerSCr
invokewriteWmiStr,ADDRg_szonAccessScanningEnabled,ADDRg_wszonAccessScanningEnabled,ADDRg_szPerSCr
invokewriteWmiStr,ADDRg_szproductUptoDate,ADDRg_wszproductUptoDate,ADDRg_szPerSCr
jmp@EnumAntiVirNext1
@EnumAntiVirRet:
ret
EnumAntiVirendp
ENDstart