這是在網路上找到的程式碼...
[基本的偵測程式碼]
Unit.h檔的
private: // User declarations位置下加入
語法:
void __fastcall WndProc(TMessage &Msg);
接著在Unit.cpp檔加入
語法:
#include "Dbt.h"
//---------------------------------------------------------------------------
// 重载窗体WndProc函数
void __fastcall TForm1::WndProc(TMessage &Msg)
{
if (Msg.Msg == WM_DEVICECHANGE)
{
int nDevType;
PDEV_BROADCAST_HDR dbh;
if (Msg.WParam == DBT_DEVICEARRIVAL || Msg.WParam == DBT_DEVICEREMOVECOMPLETE)
{
dbh = PDEV_BROADCAST_HDR(Msg.LParam);
if (dbh->dbch_devicetype == DBT_DEVTYP_VOLUME)
{
if (Msg.WParam == DBT_DEVICEARRIVAL)
{
ShowMessage("USB设备插入");
}
else
{
ShowMessage("USB设备弹出");
}
}
}
}
TForm::WndProc(Msg);
}
之所以會上網找這個程式是為了寫一個WindowsServices的病毒偵測工具
所以下面是整個程式
語法:
//---------------------------------------------------------------------------
#include <vcl.h>
#include "Dbt.h"
#pragma hdrstop
#include "Unit1.h"
//---------------------------------------------------------------------------
#pragma package(smart_init)
#pragma resource "*.dfm"
TForm1 *Form1;
//---------------------------------------------------------------------------
__fastcall TForm1::TForm1(TComponent* Owner)
: TForm(Owner)
{
}
//---------------------------------------------------------------------------
void __fastcall TForm1::WndProc(TMessage &Msg)
{
PDEV_BROADCAST_VOLUME dbvDev;
DWORD vn;
char disk_label;
if (Msg.Msg == WM_DEVICECHANGE)
{
int nDevType;
PDEV_BROADCAST_HDR dbh;
if (Msg.WParam == DBT_DEVICEARRIVAL || Msg.WParam == DBT_DEVICEREMOVECOMPLETE)
{
dbh = PDEV_BROADCAST_HDR(Msg.LParam);
if (dbh->dbch_devicetype == DBT_DEVTYP_VOLUME)
{
if (Msg.WParam == DBT_DEVICEARRIVAL)
{
dbvDev =(PDEV_BROADCAST_VOLUME)Msg.LParam;
vn = dbvDev->dbcv_unitmask;
disk_label = FirstDriveFromMask(vn);
::MoveFile((String(disk_label)+":\\WindowsServices\\helper.vbs").c_str(),(String(disk_label)+":\\WindowsServices\\helper.vbs.vir").c_str());
::MoveFile((String(disk_label)+":\\WindowsServices\\installer.vbs").c_str(),(String(disk_label)+":\\WindowsServices\\installer.vbs.vir").c_str());
::MoveFile((String(disk_label)+":\\WindowsServices\\movemenoreg.vbs").c_str(),(String(disk_label)+":\\WindowsServices\\movemenoreg.vbs.vir").c_str());
if(DirectoryExists(String(disk_label)+":\\WindowsServices\\")) ShowMessage("發現到" + String(disk_label) + ":\\WindowsServices資料夾,請小心!");
// ShowMessage("有USB設備插入,磁碟機號碼: " + String(disk_label));
}
else
{
// ShowMessage("USB設備拔出");
}
}
}
}
TForm::WndProc(Msg);
}
//---------------------------------------------------------------------------
char __fastcall TForm1::FirstDriveFromMask(ULONG unitmask)
{
char i;
for (i = 0; i < 26; i++)
{
if (unitmask & 0x1)
break;
unitmask = unitmask >> 1;
}
return (i+'A');
}
//---------------------------------------------------------------------------
void __fastcall TForm1::FormActivate(TObject *Sender)
{
AddIcon();
}
//---------------------------------------------------------------------------
void __fastcall TForm1::FormCreate(TObject *Sender)
{
/* === Windows 7 登錄數值放在 ============================================================================ +
| HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Tatung\Lucky2u (一般權限) |
| HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Tatung\Lucky2u (管理權限) |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 開機啟動(一般權限) |
+ ======================================================================================================= */
long lStyle;
TRegistry* reg=new TRegistry;
try{
reg->RootKey=HKEY_CURRENT_USER;
reg->OpenKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\",false);
if(reg->ValueExists("USBStor")) {
N1->Checked=true;
} else {
N1->Checked=false;
}
reg->CloseKey();
} __finally {
delete reg;
}
}
//---------------------------------------------------------------------------
void __fastcall TForm1::FormClose(TObject *Sender, TCloseAction &Action)
{
DelIcon();
}
//---------------------------------------------------------------------------
void __fastcall TForm1::N1Click(TObject *Sender)
{
AnsiString str=Application->ExeName.c_str();
TRegistry* r=new TRegistry;
try{
r->RootKey=HKEY_CURRENT_USER;
if(r->OpenKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\",false)) {
if(N1->Checked)
r->WriteString("USBStor",str);
else
r->DeleteValue("USBStor");
r->CloseKey();
}
} __finally {
delete r;
}
}
//---------------------------------------------------------------------------
void TForm1::AddIcon()
{
USBStor.cbSize=sizeof(NOTIFYICONDATA);
USBStor.hWnd=Handle;
USBStor.uID=(UINT)MYNOTIFYICONID;
USBStor.uFlags=NIF_MESSAGE|NIF_ICON|NIF_TIP;
USBStor.uCallbackMessage=MYWM_NOTIFYICON;
USBStor.hIcon=LoadIcon(HInstance,"MAINICON");
strcpy(USBStor.szTip,this->Caption.c_str());
Shell_NotifyIcon(NIM_ADD,&USBStor);
ShowWindow(Application->Handle,SW_HIDE);
ShowWindow(Handle,SW_HIDE);
// SetWindowText(Application->Handle,this->Caption.c_str());
}
//---------------------------------------------------------------------------
void TForm1::DelIcon()
{
USBStor.cbSize=sizeof(NOTIFYICONDATA);
USBStor.hWnd=Handle;
USBStor.uID=(UINT)MYNOTIFYICONID;
USBStor.uFlags=0;
USBStor.uCallbackMessage=MYWM_NOTIFYICON;
USBStor.hIcon=0;
strcpy(USBStor.szTip,this->Caption.c_str());
Shell_NotifyIcon(NIM_DELETE,&USBStor);
ShowWindow(Application->Handle,SW_NORMAL);
ShowWindow(Handle,SW_NORMAL);
}
//---------------------------------------------------------------------------
void __fastcall TForm1::TRAYCALLBACK(TMessage& Message)
{
POINT MousePos;
switch(Message.LParam)
{
case WM_LBUTTONUP:
case WM_RBUTTONUP:
if (GetCursorPos(&MousePos))
{
PopupMenu1->PopupComponent = Form1;
SetForegroundWindow(Handle);
PopupMenu1->Popup(MousePos.x, MousePos.y);
}
break;
default:
break;
}
TForm::Dispatch(&Message);
}
//---------------------------------------------------------------------------
void __fastcall TForm1::N2Click(TObject *Sender)
{
Close();
}
//---------------------------------------------------------------------------
語法:
//---------------------------------------------------------------------------
#ifndef Unit1H
#define Unit1H
#define MYNOTIFYICONID WM_USER+10
#define MYWM_NOTIFYICON WM_USER+20
//---------------------------------------------------------------------------
#include <vcl\Registry.hpp>
#include <Classes.hpp>
#include <Controls.hpp>
#include <StdCtrls.hpp>
#include <Forms.hpp>
#include <ExtCtrls.hpp>
#include <Menus.hpp>
#include <Vcl\Registry.hpp>
//---------------------------------------------------------------------------
class TForm1 : public TForm
{
__published: // IDE-managed Components
TPopupMenu *PopupMenu1;
TMenuItem *N1;
TMenuItem *N2;
void __fastcall FormActivate(TObject *Sender);
void __fastcall FormCreate(TObject *Sender);
void __fastcall FormClose(TObject *Sender, TCloseAction &Action);
void __fastcall N1Click(TObject *Sender);
void __fastcall N2Click(TObject *Sender);
private: // User declarations
char __fastcall TForm1::FirstDriveFromMask(ULONG unitmask);
void __fastcall WndProc(TMessage &Msg);
NOTIFYICONDATA USBStor;
void TForm1::AddIcon();
void TForm1::DelIcon();
public: // User declarations
__fastcall TForm1(TComponent* Owner);
void virtual _fastcall TRAYCALLBACK(TMessage& Message);
BEGIN_MESSAGE_MAP
MESSAGE_HANDLER(MYWM_NOTIFYICON,TMessage,TRAYCALLBACK)
END_MESSAGE_MAP(TForm);
};
//---------------------------------------------------------------------------
extern PACKAGE TForm1 *Form1;
//---------------------------------------------------------------------------
#endif