C++Builder Programming Forum
C++Builder  |  Delphi  |  FireMonkey  |  C/C++  |  Free Pascal  |  Firebird
볼랜드포럼 BorlandForum
 경고! 게시물 작성자의 사전 허락없는 메일주소 추출행위 절대 금지
C++빌더 포럼
Q & A
FAQ
팁&트릭
강좌/문서
자료실
컴포넌트/라이브러리
메신저 프로젝트
볼랜드포럼 홈
헤드라인 뉴스
IT 뉴스
공지사항
자유게시판
해피 브레이크
공동 프로젝트
구인/구직
회원 장터
건의사항
운영진 게시판
회원 메뉴
북마크
볼랜드포럼 광고 모집

C++빌더 팁&트릭
C++Builder Programming Tip&Tricks
[1168] 안티 백신프로그램 탐지
사탄 [kdhs] 2436 읽음    2015-11-13 10:09
윈도우 관리센터에 보면 백신 프로그램 설치 목록이 있습니다.

그항목을 가져오는 방법입니다.

해당 목록에 백신 이름을 가져와야됬었는데 포럼에는 없어서 올려봅니다.



#include 
#include 

#pragma hdrstop
#pragma argsused

using namespace std;

int _tmain(int argc, _TCHAR* argv[]) {

  HRESULT hres;
  BSTR wstr;
  // Initialize COM. ------------------------------------------
  hres = CoInitializeEx(0, COINIT_MULTITHREADED);

  if (FAILED(hres)) {
    cout << "Failed to initialize COM library. Error code = 0x" << hex <<
      hres << endl;
      return 1; // Program has failed.
  }

  // Set general COM security levels --------------------------

  hres = CoInitializeSecurity(NULL, -1, NULL, NULL, RPC_C_AUTHN_LEVEL_DEFAULT,
    RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE, NULL);

  /* COM authentication
   Authentication services
   Reserved
   Default authentication
   Default Impersonation
   Authentication info
   Additional capabilities
   Reserved
   */

  if (FAILED(hres)) {
    cout << "Failed to initialize security. Error code = 0x" << hex << hres << endl;
    CoUninitialize();
     return 1; // Program has failed.
  }

  // Obtain the initial locator to WMI -------------------------
  IWbemLocator* pLoc = NULL;
  hres = CoCreateInstance(CLSID_WbemLocator, 0, CLSCTX_INPROC_SERVER,
    IID_IWbemLocator, (LPVOID*)&pLoc);

  if (FAILED(hres)) {
    cout << "Failed to create IWbemLocator object." << " Err code = 0x" << hex << hres << endl;
    CoUninitialize();
    return 1; // Program has failed.
  }

  // Connect to WMI through the IWbemLocator::ConnectServer method
  IWbemServices* pSvc = NULL;
  /*
   Object path of WMI namespace
   User name. NULL = current user
   User password. NULL = current
   Locale. NULL indicates current
   Security flags.
   Authority (e.g. Kerberos)
   Context object
   pointer to IWbemServices proxy
   */
  hres = pLoc->ConnectServer((BSTR)WideString(L"ROOT/SecurityCenter2"), NULL,
    NULL, 0, NULL, 0, 0, &pSvc);

  if (FAILED(hres)) {
    cout << "Could not connect. Error code = 0x" << hex << hres << endl;
    pLoc->Release();
    CoUninitialize();
    return 1; // Program has failed.
  }

   cout << "Connected to ROOT//SecurityCenter WMI namespace" << endl;

  // Set security levels on the proxy -------------------------
  /*
   Indicates the proxy to set
   RPC_C_AUTHN_xxx
   RPC_C_AUTHZ_xxx
   Server principal name
   RPC_C_AUTHN_LEVEL_xxx
   RPC_C_IMP_LEVEL_xxx
   client identity
   proxy capabilities
   */
  hres = CoSetProxyBlanket(pSvc, RPC_C_AUTHN_WINNT, RPC_C_AUTHZ_NONE, NULL,
    RPC_C_AUTHN_LEVEL_CALL, RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE);

  if (FAILED(hres)) {
    cout << "Could not set proxy blanket. Error code = 0x" << hex << hres << endl;
    pSvc->Release();
    pLoc->Release();
    CoUninitialize();
    return 1; // Program has failed.
  }

  // Use the IWbemServices pointer to make requests of WMI ----
  IEnumWbemClassObject* pEnumerator = NULL;
  hres = pSvc->ExecQuery((BSTR)WideString("WQL"),
    (BSTR)WideString("SELECT * FROM AntiVirusProduct"),
    WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY, NULL, &pEnumerator);

  if (FAILED(hres)) {
    cout << "Query for operating system name failed." << " Error code = 0x" <<
      hex << hres << endl;
    pSvc->Release();
    pLoc->Release();
    CoUninitialize();
    return 1; // Program has failed.
  }

  // Get the data from the query in step 6 -------------------
  IWbemClassObject* pclsObj;
  ULONG uReturn = 0;

  while (pEnumerator) {
    HRESULT hr = pEnumerator->Next(WBEM_INFINITE, 1, &pclsObj, &uReturn);

    if (0 == uReturn) {
      break;
    }

    VARIANT vtProp;

    // Get the value of the Name property

    std::wcout.imbue(std::locale("korean"));

    hr = pclsObj->Get(L"displayName", 0, &vtProp, 0, 0);
    std::wcout << "displayName : " << vtProp.bstrVal << endl;

     hr = pclsObj->Get(L"companyName", 0, &vtProp, 0, 0);
     std::wcout << "companyName : " << vtProp.bstrVal << endl;

     hr = pclsObj->Get(L"pathToSignedProductExe", 0, &vtProp, 0, 0);
     std::wcout << "pathToSignedProductExe : " << vtProp.bstrVal << endl;

     hr = pclsObj->Get(L"versionNumber", 0, &vtProp, 0, 0);
     std::wcout << "versionNumber : " << vtProp.bstrVal << endl;
     

    VariantClear(& vtProp);
    pclsObj->Release();
  }

  // Cleanup
  pSvc->Release();
  pLoc->Release();
  pEnumerator->Release();
  // pclsObj->Release();
  CoUninitialize();
  return 0;
}

+ -

관련 글 리스트
1168 안티 백신프로그램 탐지 사탄 2436 2015-11-13
Google
Copyright © 1999-2015, borlandforum.com. All right reserved.