zoukankan      html  css  js  c++  java
  • c# 扫描可疑文件(找到木马)(简)转

    using System;
    using System.IO;
    using System.Text.RegularExpressions;
    using System.Threading;
    using System.Windows.Forms;
    using System.Net;
    
    namespace TrojanScanning
    {
        public partial class Form1 : Form
        {
            public Form1()
            {
                InitializeComponent();
            }
            delegate void SetTextCallback(string text);
            delegate void SetTextCallback2(bool b);
            delegate void SetTextCallback3(ListViewItem item);
            private string fname, code;
            private Thread thr;
            private string[] sArray;
    
            private void button1_Click(object sender, EventArgs e)
            {
                if (folderBrowserDialog1.ShowDialog() == DialogResult.OK)
                {
                    scanpath.Text = folderBrowserDialog1.SelectedPath;
                }
            }
    
            private void startbtn_Click(object sender, EventArgs e)
            {
                list.Items.Clear();
                fname = scanpath.Text;
                thr = new Thread(new ThreadStart(scan));
                thr.IsBackground = true;
                thr.Start();
            }
    
            private void scan(){
                FileSystemInfo s = GetFileSystemInfo(fname);
                if (s != null) { scanbtn(false); ListFiles(s); scantext("扫描完成"); scanbtn(true); } else { MessageBox.Show("请先选择要扫描的目录"); }
            }
    
            public FileSystemInfo GetFileSystemInfo(string path){
                if (File.Exists(path))
                    return new FileInfo(path);
                else if (Directory.Exists(path))
                    return new DirectoryInfo(path);
                else
                    return null; 
            }
    
    
            private void ListFiles(FileSystemInfo info){
                if (info.Exists){
                    DirectoryInfo dir = info as DirectoryInfo;
                    if (dir == null) return;
                    try{
                        FileSystemInfo[] files = dir.GetFileSystemInfos();
                        for (int i = 0; i < files.Length; i++){
                            FileInfo file = files[i] as FileInfo;
                            if (file != null && (file.Extension.ToLower() == ".asp" || file.Extension.ToLower() == ".php" || file.Extension.ToLower() == ".aspx" || file.Extension.ToLower() == ".master"))
                            {
                                scantext("扫描 " + file.FullName);
                                chkfile(file.FullName,file.Length);
                            }else{
                                ListFiles(files[i]);
                            }
                        }
                    }
                    catch{}
                }
    
            }
            private void chkfile(string filepath,long filesize)
            {
                try{
                    if (IsFileInUse(filepath)) { System.Threading.Thread.Sleep(2000); chkfile(filepath,filesize); }
                    StreamReader sr = new StreamReader(filepath);
                    string content = sr.ReadToEnd();
                    sr.Close();
                    string chkr=chkcontent(content);
                    if (chkr!=""){
                        ListViewItem item = new ListViewItem("可疑");
                        item.SubItems.Add(File.GetLastAccessTime(filepath).ToString());
                        item.SubItems.Add(chkr);
                        item.SubItems.Add(filepath);
                        item.SubItems.Add((filesize/1024).ToString() + " kb");
                        addtiem(item);
                    }
                }
                catch { }
            }
    
            private string downurl(string url)
            {
                WebClient client = new WebClient();
                string result = client.DownloadString(url);
                return result;
            }
            private void addtiem(ListViewItem item)
            {
                if (this.list.InvokeRequired){
                    SetTextCallback3 d = new SetTextCallback3(addtiem);
                    this.Invoke(d, new object[] { item });
                }else{
                    this.list.Items.Add(item);
                }
            }
            private void scantext(string text)
            {
                if (this.scanstate.InvokeRequired)
                {
                    SetTextCallback d = new SetTextCallback(scantext);
                    this.Invoke(d, new object[] { text });
                }else{
                    this.scanstate.Text=text;
                }
            }
            private void scanbtn(bool b){
                if (this.startbtn.InvokeRequired){
                    SetTextCallback2 d = new SetTextCallback2(scanbtn);
                    this.Invoke(d, new object[] { b });
                }else{
                    this.startbtn.Enabled = b;
                    this.scanpath.Enabled = b;
                    this.button1.Enabled = b;
                }
            }
            private string chkcontent(string content){
                string returnval = "";
                content = content.ToLower();
                foreach (string i in sArray)
                {
                    if (content.IndexOf(i)> -1){ returnval+=i+","; }
                }
                if (returnval != "") { returnval=returnval.Substring(0, returnval.Length - 1); }
                return returnval;
            }
    
            bool IsFileInUse(string fileName)
            {
                bool inUse = true;
                if (File.Exists(fileName))
                {
                    FileStream fs = null;
                    try { fs = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.None); inUse = false; }
                    catch { }
                    finally { if (fs != null)fs.Close(); }
                    return inUse;
                }
                else { return false; }
            }
            private void Form1_Load(object sender, EventArgs e)
            {
                try{
                    code = downurl("http://www.cqeh.com/txt/trojan.txt");
                    sArray = code.ToLower().Split('|');
                }
                catch (Exception ex)
                {
                    MessageBox.Show("错误:" + ex.Message, "无法启动程序!", MessageBoxButtons.OK); Application.Exit();
                }
            }
    
            private void list_DoubleClick(object sender, EventArgs e)
            {
                System.Diagnostics.Process.Start("NOTEPAD.EXE", list.SelectedItems[0].SubItems[3].Text);
            }
    
        }
    }
    
    源代码包下载
  • 相关阅读:
    建立文件结构
    PCL类的设计结构
    如何编写新的PCL类
    PCL推荐的命名规范(2)
    PCL推荐的命名规范(1)
    PCL中异常处理机制
    如何增加新的PointT类型
    hdoj 1728 逃离迷宫
    ny710 外星人的供给站
    ny714 Card Trick
  • 原文地址:https://www.cnblogs.com/skykang/p/2068803.html
Copyright © 2011-2022 走看看