公告

本软件运行原理和检测方案

发布:2020-02-20

//检查改变系统运行频率的函数如果返回结果为TRUE则频率已经被修改;


//本函数为C语言Windows驱动代码,其适用Windows xp至Windows11的全部Windows系统;



BOOLEAN IsTimeFunctionHooked()


{


PUCHAR pfnKeQueryPerformanceCounter = (PUCHAR)GetNtosFunctionAddress(L"KeQueryPerformanceCounter");


PUCHAR pfnKeUpdateSystemTime = (PUCHAR)GetNtosFunctionAddress(L"KeUpdateSystemTime");


if(pfnKeQueryPerformanceCounter && MmIsAddressValid(pfnKeQueryPerformanceCounter))


{


#ifdef AMD64


if(*pfnKeQueryPerformanceCounter==0xFF && *(pfnKeQueryPerformanceCounter+1)==0x25)


{


return TRUE;


}


#else


if(*pfnKeQueryPerformanceCounter==0xE9)


{


return TRUE;


}


#endif


}


if(pfnKeUpdateSystemTime && MmIsAddressValid(pfnKeUpdateSystemTime))


{


#ifdef AMD64


if(*pfnKeUpdateSystemTime==0xFF && *(pfnKeUpdateSystemTime+1)==0x25)


{


return TRUE;


}


#else


if(*pfnKeUpdateSystemTime==0xE9)


{


return TRUE;


}


#endif


}


return FALSE;


}

标签: 检测变速代码
上一篇
请勿贪图便宜相信所谓的破解版!
下一篇
系统驱动内核级变速的“老牌软件”有什么优点
返回列表