delphi 检查父进程
delphi 检查父进程
uses TLHelp32
procedure CheckParentProc;
var
Pn: TProcesseNtry32;
sHandle: THandle;
ParentProc: HWND;
Found: Boolean;
begin
ParentProc := 0;
sHandle := CreateToolHelp32SnapShot(TH32CS_SNAPALL, 0);
try
Found := Process32First(sHandle, Pn); //Search process
while Found do //Loop all processes
begin
if CompareText(ExtractFileName(Pn.szExeFile), ExtractFileName(ParamStr(0))) = 0 then //It's me
begin
ParentProc := Pn.th32ParentProcessID; //Get parent process ID
Break;
end;
Found := Process32Next(sHandle, Pn); //Find next
end;
if ParentProc > 0 then //Valid
begin
Found := Process32First(sHandle, Pn);
while Found do
begin
if Pn.th32ProcessID = ParentProc then //It's my parent process
begin
ParentProc := Pn.th32ParentProcessID; //Get its parent process, my grandfather process :)
Break;
end;
Found := Process32Next(sHandle, Pn); //Find next
end;
if ParentProc > 0 then
begin
Found := Process32First(sHandle, Pn);
while Found do
begin
if Pn.th32ProcessID = ParentProc then
begin
if CompareText(UpperCase(ExtractFileName(Pn.szExeFile)), 'EXPLORER.EXE') = 0 then //Grandfather process is Explorer.exe
begin
ShowMessage('Debugger detected! Doggone it all!');
Break;
end;
end;
Found := Process32Next(sHandle, Pn); //Find next
end;
end;
end;
finally
CloseHandle(sHandle);
end;
end;
uses TLHelp32
procedure CheckParentProc;
var
Pn: TProcesseNtry32;
sHandle: THandle;
ParentProc: HWND;
Found: Boolean;
begin
ParentProc := 0;
sHandle := CreateToolHelp32SnapShot(TH32CS_SNAPALL, 0);
try
Found := Process32First(sHandle, Pn); //Search process
while Found do //Loop all processes
begin
if CompareText(ExtractFileName(Pn.szExeFile), ExtractFileName(ParamStr(0))) = 0 then //It's me
begin
ParentProc := Pn.th32ParentProcessID; //Get parent process ID
Break;
end;
Found := Process32Next(sHandle, Pn); //Find next
end;
if ParentProc > 0 then //Valid
begin
Found := Process32First(sHandle, Pn);
while Found do
begin
if Pn.th32ProcessID = ParentProc then //It's my parent process
begin
ParentProc := Pn.th32ParentProcessID; //Get its parent process, my grandfather process :)
Break;
end;
Found := Process32Next(sHandle, Pn); //Find next
end;
if ParentProc > 0 then
begin
Found := Process32First(sHandle, Pn);
while Found do
begin
if Pn.th32ProcessID = ParentProc then
begin
if CompareText(UpperCase(ExtractFileName(Pn.szExeFile)), 'EXPLORER.EXE') = 0 then //Grandfather process is Explorer.exe
begin
ShowMessage('Debugger detected! Doggone it all!');
Break;
end;
end;
Found := Process32Next(sHandle, Pn); //Find next
end;
end;
end;
finally
CloseHandle(sHandle);
end;
end;
推荐分享
图文皆来源于网络,内容仅做公益性分享,版权归原作者所有,如有侵权请告知删除!
Copyright © 2014 DelphiW.com 开发 源码 文档 技巧 All Rights Reserved
晋ICP备14006235号-8 晋公网安备 14108102000087号
执行时间: 0.054641008377075 seconds