Windows XP SP2 开始提供安全中心,杀毒软件会向安全中心注册报道,这样windows就可以检测到系统中是否安装了杀毒软件。
如何在自己的程序中实现这个功能呢?
网上找到的大多是通过WMI来实现的VBScript脚本代码,咱用MASM32来实现之。
完整的代码如下:
(源代码+EXE下载:
1、http://download.csdn.net/source/2389674
2、永硕E盘 通知)
;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
; 文 件 名:WmiAntiVir.asm (控制台程序)
; 功 能: 通过WMI获取反病毒软件信息和软件更新时间
; 开发环境:Win XP PRO SP3 + MASM32 v8
; 作 者:PurpleEndurer, 2010-04-19,广西河池
;
; log
; --------------------------------------------------
; 2010-05-24 开始编写
;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
.586
.MODEL FLAT,STDCALL
OPTION CASEMAP:NONE
INCLUDE /masm32/include/windows.inc
INCLUDE /masm32/include/kernel32.inc
INCLUDELIB /masm32/lib/kernel32.lib
INCLUDE /masm32/include/ole32.inc
INCLUDELIB /masm32/lib/ole32.lib
INCLUDE /masm32/include/user32.inc
INCLUDELIB /masm32/lib/user32.lib
INCLUDE /masm32/include/masm32.inc
INCLUDELIB /masm32/lib/masm32.lib
EnumAntiVir proto
;ssssssssssssssssssssssss
;.const
;ssssssssssssssssssssssss
EOAC_NONE EQU 0
COINIT_MULTITHREADED equ 00h
; located in RpcDce.h
RPC_C_AUTHN_LEVEL_DEFAULT EQU 0
RPC_C_IMP_LEVEL_DEFAULT EQU 0
RPC_C_IMP_LEVEL_IMPERSONATE EQU 3
GUID2 STRUC
dd1 DWORD ?
dw1 WORD ?
dw2 WORD ?
db1 BYTE ?
db2 BYTE ?
db3 BYTE ?
db4 BYTE ?
db5 BYTE ?
db6 BYTE ?
db7 BYTE ?
db8 BYTE ?
GUID2 ENDS
IWbemLocator STRUCT
lpVtbl DWORD ?
IWbemLocator ENDS
IWbemLocatorVtbl STRUCT
QueryInterface DWORD ?
AddRef DWORD ?
Release DWORD ?
ConnectServer DWORD ?
IWbemLocatorVtbl ENDS
IWbemServices STRUCT
lpVtbl DWORD ?
IWbemServices ENDS
IWbemServicesVtbl STRUCT
QueryInterface DWORD ?
AddRef DWORD ?
Release DWORD ?
OpenNamespace DWORD ?
CancelAsyncCall DWORD ?
QueryObjectSink DWORD ?
GetObject DWORD ?
GetObjectAsync DWORD ?
PutClass DWORD ?
PutClassAsync DWORD ?
DeleteClass DWORD ?
DeleteClassAsync DWORD ?
CreateClassEnum DWORD ?
CreateClassEnumAsync DWORD ?
PutInstance DWORD ?
PutInstanceAsync DWORD ?
DeleteInstance DWORD ?
DeleteInstanceAsync DWORD ?
CreateInstanceEnum DWORD ?
CreateInstanceEnumAsync DWORD ?
ExecQuery DWORD ?
ExecQueryAsync DWORD ?
ExecNotificationQuery DWORD ?
ExecNotificationQueryAsync DWORD ?
ExecMethod DWORD ?
ExecMethodAsync DWORD ?
IWbemServicesVtbl ENDS
IEnumWbemClassObject STRUCT
lpVtbl DWORD ?
IEnumWbemClassObject ENDS
IEnumWbemClassObjectVtbl STRUCT
QueryInterface DWORD ?
AddRef DWORD ?
Release DWORD ?
Reset DWORD ?
Next DWORD ?
NextAsync DWORD ?
Clone DWORD ?
Skip DWORD ?
IEnumWbemClassObjectVtbl ENDS
IWbemClassObject STRUCT
lpVtbl DWORD ?
IWbemClassObject ENDS
IWbemClassObjectVtbl STRUCT
QueryInterface DWORD ?
AddRef DWORD ?
Release DWORD ?
GetQualifierSet DWORD ?
Get DWORD ?
Put DWORD ?
Delete DWORD ?
GetNames DWORD ?
BeginEnumeration DWORD ?
Next DWORD ?
EndEnumeration DWORD ?
GetPropertyQualifierSet DWORD ?
GetObjectText DWORD ?
SpawnDerivedClass DWORD ?
SpawnInstance DWORD ?
CompareTo DWORD ?
GetPropertyOrigin DWORD ?
InheritsFrom DWORD ?
GetMethod DWORD ?
PutMethod DWORD ?
DeleteMethod DWORD ?
BeginMethodEnumeration DWORD ?
NextMethod DWORD ?
EndMethodEnumeration DWORD ?
GetMethodQualifierSet DWORD ?
GetMethodOrigin DWORD ?
IWbemClassObjectVtbl ENDS
SAFEARRAYBOUND struct
cElements dd ? ;这一维有多少个元素?
lLbound dd ? ;它的索引从几开始?
SAFEARRAYBOUND ends
SAFEARRAY struct
cDims dw ? ;Count of dimensions in this array.这个数组有几维?
fFeatures dw ? ;Flags used by the SafeArray routines documented below. 数组有什么特性?
cbElements dd ? ;Size of an element of the array. Does not include size of pointed-to data.
;数组的每个元素有多大?
cLocks dd ? ;Number of times the array has been locked without corresponding unlock.
;这个数组被锁定过几次?
pvData dd ? ;Pointer to the data. 数组里的数据放在什么地方?
rgsabound SAFEARRAYBOUND <> ;One bound for each dimension.真数组
SAFEARRAY ends
;ssssssssssssssssssssssss
.DATA
;ssssssssssssssssssssssss
g_wszNameSpace WORD "r", "o", "o", "t", "/", "S", "e", "c", "u", "r", "i", "t", "y"/
, "C", "e", "n", "t", "e", "r", 0
g_wszQueryLanguage WORD "W", "Q", "L", 0
WBEM_FLAG_CONNECT_USE_MAX_WAIT EQU 80h
WBEM_FLAG_FORWARD_ONLY EQU 20h
WBEM_FLAG_RETURN_IMMEDIATELY EQU 10h
WBEM_INFINITE EQU -1
WBEM_E_INVALID_QUERY EQU 80041017h
WBEM_E_INVALID_QUERY_TYPE EQU 80041018h
IID_IWbemLocator GUID2 <0dc12a687h,0737fh,011cfh,088h,04dh,000h,0aah,000h,04bh,02eh,024h>
IID_IEnumWbemClassObject GUID2 <027947e1h,0d731h,011ceh,0a3h,057h,000h,000h,000h,000h,000h,001h>
IID_IWbemClassObject GUID2 <0dc12a681h,0737fh,011cfh,088h,04dh,000h,0aah,000h,04bh,02eh,024h>
; located in WbemProv.h
CLSID_WbemAdministrativeLocator GUID2 <0cb8555cch,09128h,011d1h,0adh,09bh,000h,0c0h,04fh,0d8h,0fdh,0ffh>
locator IWbemLocator <>
service IWbemServices <>
enumerator IEnumWbemClassObject <>
processor IWbemClassObject <>
retCount DWORD ?
var_val DWORD ?
DWORD ?
DWORD ?
DWORD ?
g_szAppInfo db "通过WMI获取反病毒软件信息", 0dh ,0ah
db "作 者:PurpleEndurer, 2010-05-24,广西河池", 0dh ,0ah, 0
g_wszSelectAntiVirus WORD "S","E","L","E","C","T"," ","*"," ","F","R","O","M"," "
g_wszAntiVirus WORD "A", "n", "t", "i", "V", "i", "r", "u", "s", "P", "r", "o", "d", "u", "c", "t", 0
; class AntiVirusProduct
; {
; [key, Not_Null] string instanceGuid;
; [Not_Null] string displayName;
; [Not_Null] boolean productUptoDate;
; boolean onAccessScanningEnabled;
; boolean productHasNotifiedUser;
; boolean productWantsWscNotifications;
; uint8 productState;
; string companyName;
; string versionNumber;
; string pathToSignedProductExe;
; };
g_szdisplayName db 0dh, 0ah, "displayName:", 0
g_wszdisplayName WORD "d", "i", "s", "p", "l", "a", "y", "N", "a", "m", "e", 0
g_szcompanyName db 0dh, 0ah, "companyName:", 0
g_wszcompanyName WORD "c", "o", "m", "p", "a", "n", "y", "N", "a", "m", "e", 0
g_szinstanceGuid db 0dh, 0ah, "instanceGuid:", 0
g_wszinstanceGuid WORD "i", "n", "s", "t", "a", "n", "c", "e", "G", "u", "i", "d", 0
g_szpathToSignedProductExe db 0dh, 0ah, "pathToSignedProductExe", 0
g_wszpathToSignedProductExe word "p", "a", "t", "h", "T", "o", "S", "i", "g", "n", "e", "d", "P", "r", "o", "d", "u", "c", "t", "E", "x", "e", 0
g_szversionNumber db 0dh, 0ah, "versionNumber:", 0
g_wszversionNumber WORD "v", "e", "r", "s", "i", "o", "n", "N", "u", "m", "b", "e", "r", 0
g_szonAccessScanningEnabled db 0dh, 0ah, "onAccessScanningEnabled:", 0
g_wszonAccessScanningEnabled WORD "o", "n", "A", "c", "c", "e", "s", "s"/
, "S", "c", "a", "n", "n", "i", "n", "g", "E", "n", "a", "b", "l", "e", "d", 0
g_szproductUptoDate db 0dh, 0ah, "productUptoDate:", 0 ;自动更新
g_wszproductUptoDate WORD "p", "r", "o", "d", "u", "c", "t", "U", "p", "t", "o", "D", "a", "t", "e", 0
g_szPerSCr db "%S"
g_szCrLf db 0dh, 0ah, 0
g_szPerXCr db "%x", 0dh, 0ah, 0
g_szFail db "Fail", 0dh, 0ah, 0
g_szFalse db "FALSE", 0
g_szTrue db "TRUE", 0
;ssssssssssssssssssssssss
.CODE
;ssssssssssssssssssssssss
start:
invoke CoInitializeEx, NULL, COINIT_MULTITHREADED
invoke CoInitializeSecurity, NULL, -1, NULL, NULL, RPC_C_AUTHN_LEVEL_DEFAULT,/
RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE, NULL
invoke CoCreateInstance, ADDR CLSID_WbemAdministrativeLocator, NULL,/
CLSCTX_INPROC_SERVER, ADDR IID_IWbemLocator, ADDR locator
invoke StdOut, ADDR g_szAppInfo
invoke EnumAntiVir
invoke CoUninitialize
invoke ExitProcess, 0
;======================================================
wmiConnectServer proc
;======================================================
mov esi, locator
lodsd
push OFFSET service
push NULL
push NULL
push WBEM_FLAG_CONNECT_USE_MAX_WAIT
push NULL
push NULL
push NULL
push OFFSET g_wszNameSpace
push DWORD PTR [locator]
call DWORD PTR [eax][IWbemLocatorVtbl.ConnectServer]
ret
wmiConnectServer endp
;======================================================
wmiExecQuery proc lpwszSQL: LPWSTR
;======================================================
mov esi, service
lodsd
push OFFSET enumerator
push NULL
push WBEM_FLAG_FORWARD_ONLY or WBEM_FLAG_RETURN_IMMEDIATELY
push lpwszSQL
push OFFSET g_wszQueryLanguage
push DWORD PTR [service]
call DWORD PTR [eax][IWbemServicesVtbl.ExecQuery]
ret
wmiExecQuery endp
;======================================================
wmiNext proc
;======================================================
mov esi, enumerator
lodsd
push OFFSET retCount
push OFFSET processor
push TRUE
push WBEM_INFINITE
push DWORD PTR [enumerator]
call DWORD PTR [eax][IEnumWbemClassObjectVtbl.Next]
ret
wmiNext endp
;======================================================
wmiGet proc lpwszItem: LPWSTR
;======================================================
mov esi, processor
lodsd
push NULL
push NULL
push OFFSET var_val
push 0
push lpwszItem
push DWORD PTR [processor]
call DWORD PTR [eax][IWbemClassObjectVtbl.Get]
ret
wmiGet endp
;======================================================
writeWmiArray proc
;======================================================
LOCAL szbuf[256]: byte
mov ecx, [var_val + 8]
mov esi,[ecx].SAFEARRAY.pvData
mov edi,[ecx].SAFEARRAY.rgsabound.cElements
.repeat ; while edi
push esi
push edi
mov ecx, [esi]
invoke wsprintf, ADDR szbuf, ADDR g_szPerSCr, ecx
invoke StdOut, ADDR szbuf
pop edi
dec edi
pop esi
add esi,4
.until edi==0 ;endw
ret
writeWmiArray endp
;======================================================
writeWmiStr proc lpszItem: LPSTR, lpwszItem: LPWSTR, lpszFmt: LPSTR
;======================================================
LOCAL szbuf[256]: byte
invoke RtlZeroMemory, addr szbuf, sizeof szbuf
invoke StdOut, lpszItem
invoke wmiGet, lpwszItem
test eax, eax
.if ZERO?
mov eax, [var_val]
cmp eax, VT_EMPTY
je @writeWmiStrRet
cmp eax, VT_NULL
je @writeWmiStrRet
.IF eax==VT_BSTR
invoke wsprintf, ADDR szbuf, lpszFmt, [var_val + 8]
invoke StdOut, ADDR szbuf
.ELSE
.if eax==VT_ARRAY
invoke writeWmiArray
.else
.IF eax==VT_BOOL
mov eax, [var_val + 8]
and eax, 0ffffh
.if eax==VARIANT_TRUE
push OFFSET g_szTrue
.else
push OFFSET g_szFalse
.endif
call StdOut
.ENDIF
.endif
.ENDIF
.else
invoke StdOut, ADDR g_szFail
.endif
@writeWmiStrRet:
ret
writeWmiStr endp
;======================================================
EnumAntiVir proc
;======================================================
invoke wmiConnectServer
test eax, eax
jnz @EnumAntiVirRet
invoke wmiExecQuery, OFFSET g_wszSelectAntiVirus
test eax, eax
jnz @EnumAntiVirRet
@EnumAntiVirNext1:
invoke wmiNext
test eax, eax
jnz @EnumAntiVirRet
invoke writeWmiStr, ADDR g_szdisplayName, ADDR g_wszdisplayName, ADDR g_szPerSCr
invoke writeWmiStr, ADDR g_szcompanyName, ADDR g_wszcompanyName, ADDR g_szPerSCr
invoke writeWmiStr, ADDR g_szinstanceGuid, ADDR g_wszinstanceGuid, ADDR g_szPerSCr
invoke writeWmiStr, ADDR g_szpathToSignedProductExe, ADDR g_wszpathToSignedProductExe, ADDR g_szPerSCr
invoke writeWmiStr, ADDR g_szversionNumber, ADDR g_wszversionNumber, ADDR g_szPerSCr
invoke writeWmiStr, ADDR g_szonAccessScanningEnabled, ADDR g_wszonAccessScanningEnabled, ADDR g_szPerSCr
invoke writeWmiStr, ADDR g_szproductUptoDate, ADDR g_wszproductUptoDate, ADDR g_szPerSCr
jmp @EnumAntiVirNext1
@EnumAntiVirRet:
ret
EnumAntiVir endp
END start