Result := (Size >= 4)
      and (p[1] = ':') and (P[2] = '\') and (P[3] = '\')
      and (P[0] >= 'C') and (P[0] <= 'Z');

function IsCatalogDecrypted(P: PAnsiChar; Size: DWORD): Boolean;

  function HasDriveSignature: Boolean;
  begin
    Result := (Size >= 4)
      and (p[1] = ':') and (P[2] = '\') and (P[3] = '\')
      and (P[0] >= 'C') and (P[0] <= 'Z');
  end;

  function HasValidCharacters: Boolean;
  var
    n: DWORD;
  begin
    Result := True;
    for n := 0 to Size - 1 do
      if ((P[n] < #32) and not (P[n] in [#10, #13]))
        or (P[n] in ['*', '?', '<', '>', '|', '"', '/', #127]) then
      begin
        Result := False;
        break;
      end
  end;

  function IsRndString(s: string; minlen, maxlen: Integer): Boolean;
  const // Thanks Martin!
    A = ['q', 'e', 't', 'u', 'o', 'a', 'd', 'g', 'j', 'l', 'x', 'v', 'n', 'p',
      'f', 'r', 'y', 's', 'Q', 'E', 'T', 'U', 'O', 'A', 'D', 'G', 'J', 'L', 'X',
      'V', 'N'];
  var
    i, l: Integer;
  begin
    l := length(s);
    Result := (l >= minlen) and (l <= maxlen);
    if Result then
      for i := 1 to l do
        if not (s[i] in A) then
        begin
          Result := False;
          Break;
        end;
  end;

  function HasCatalogFormat: Boolean;
  var
    sl: TStringList;
    i: Integer;
  begin
    sl := TStringlist.create;
    sl.text := copy(p, 1, size);
    result := sl.count mod 4 = 0;
    if result then
    begin
      i := 0;
      while i < sl.count - 4 do
      begin
        Result := (ExtractFilePath(sl[i]) = ExtractFilePath(sl[i + 1]))
          and IsRndString(ExtractFilename(sl[i + 1]), 14, 21) //Neuname
          and IsRndString(sl[i + 2], 30, 61) //Passwort
          and (sl[i + 3] = ''); //Leerzeile
        if not Result then
          break;
        inc(i, 4);
      end;
    end;
    sl.free;
  end;

begin
  Result := HasDriveSignature and HasValidCharacters and HasCatalogFormat
end;