软件的核心原理，以及检测此类软件的方案

2023-01-09 10:17:36 守望者 3617

//检查改变系统运行频率的函数如果返回结果为TRUE则频率已经被修改;

本函数为C语言Windows驱动代码,其适用Windows xp至Windows11的全部Windows系统;

BOOLEAN IsTimeFunctionHooked()
{
PUCHAR pfnKeQueryPerformanceCounter = (PUCHAR)GetNtosFunctionAddress(L"KeQueryPerformanceCounter");
PUCHAR pfnKeUpdateSystemTime = (PUCHAR)GetNtosFunctionAddress(L"KeUpdateSystemTime");
if(pfnKeQueryPerformanceCounter && MmIsAddressValid(pfnKeQueryPerformanceCounter))
{
#ifdef AMD64
if(*pfnKeQueryPerformanceCounter==0xFF && *(pfnKeQueryPerformanceCounter+1)==0x25)
{
return TRUE;
}
#else
if(*pfnKeQueryPerformanceCounter==0xE9)
{
return TRUE;
}
#endif
}
if(pfnKeUpdateSystemTime && MmIsAddressValid(pfnKeUpdateSystemTime))
{
#ifdef AMD64
if(*pfnKeUpdateSystemTime==0xFF && *(pfnKeUpdateSystemTime+1)==0x25)
{
return TRUE;
}
#else
if(*pfnKeUpdateSystemTime==0xE9)
{
return TRUE;
}
#endif
}
return FALSE;
}

守望者加速器是一款驱动级系统变速软件，守望者加速器官网提供免费下载与免费使用