-
C#教程之c# 服务器上传木马监控代码(包含可疑文
using System;
using System.IO;
using System.Threading;
using System.Windows.Forms;
using System.Net;
namespace TrojanMonitor
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
delegate void SetTextCallback(string text);
private string fname,code,emailkey,ip;
private Thread thr;
private void fsw_Changed(object sender, FileSystemEventArgs e)
{//文件改动监控(包含了新增)
fname = e.Name;
thr = new Thread(new ThreadStart(chkfile));
thr.IsBackground = true;
thr.Start();
}
private void fsw_Renamed(object sender, RenamedEventArgs e)
{//重命名监控
fname = e.Name;
thr = new Thread(new ThreadStart(chkfile));
thr.IsBackground = true;
thr.Start();
}
private void chkfile(){
string filename = fname;
string content="",filepath=fsw.Path+@"\"+filename,fileName="",hzhui="";
fileName = Path.GetFileName(filename);
hzhui = Path.GetExtension(filename).ToLower();
if (hzhui == ".asp" || hzhui == ".aspx" || hzhui == ".php" || hzhui == ".jpg" || hzhui == ".gif")
{
try{
if (IsFileInUse(filename)) { System.Threading.Thread.Sleep(2000); chkfile(); }
StreamReader sr = new StreamReader(filepath);
content = sr.ReadToEnd();
sr.Close();
if (chkcontent(content)){
try{
string bakpath = Application.StartupPath + @"\TrojanMonitorbak",
logfile = bakpath + @"\log" + DateTime.Today.ToShortDateString() + ".dat",
newfile = bakpath + @"\" + DateTime.Today.ToShortDateString() + @"\",
newfilepath = newfile + DateTime.Now.Hour.ToString() + "点" + DateTime.Now.Minute.ToString() + "分" + DateTime.Now.Second.ToString() + "秒" + DateTime.Now.Millisecond.ToString() + "毫秒-" + fileName;
if (!Directory.Exists(bakpath)) { Directory.CreateDirectory(bakpath); }
if (!Directory.Exists(newfile)) { Directory.CreateDirectory(newfile);}
if (File.Exists(newfilepath)){File.Delete(newfilepath);}
File.Move(filepath,newfilepath);
string str = "[" + DateTime.Now + "] 发现可疑文件: [" + filepath + "] To [" + newfilepath + "]";
addtiem(str);
StreamWriter sw = File.AppendText(logfile);
sw.WriteLine(str + " \r\n");//写入日志
sw.Flush();
sw.Close();
sw.Dispose();
downurl("http://www.cqeh.com/mail/?EmailSubject=发现可疑文件(" + ip + ")&EmailKey=" + emailkey + "&SendHtml=[" + ip + "][" + DateTime.Now + "] 发现可疑文件: [" + filepath + "]");//发送Email
sw = File.AppendText(filepath);
sw.WriteLine("此文件检测到有可疑问题!请联系管理员!");
sw.Flush();
sw.Close();
sw.Dispose();
}
catch (Exception ex) { addtiem(ex.ToString()); }
}
}
catch (Exception ex) { addtiem(ex.ToString()); }
}
}
private string downurl(string url){
WebClient client = new WebClient();
string result=client.DownloadString(url);
return result;
}
private void addtiem(string text){
if (this.lb.InvokeRequired){
SetTextCallback d = new SetTextCallback(addtiem);
this.Invoke(d, new object[] { text });
} else {
this.lb.Items.Add(text);
}
}
private bool chkcontent(string content)
{
bool returnval = false;
string[] sArray = code.ToLower().Split('|');
content = content.ToLower();
foreach (string i in sArray)
{
if (content.IndexOf(i)>-1){returnval=true;break;}
}
return returnval;
}
private void Form1_Load(object sender, EventArgs e){
ip = Dns.GetHostEntry(Environment.MachineName).AddressList[0].ToString();
string config = File.ReadAllText(Application.StartupPath + "//monitorpath.ini");//获取监控路径 d:\wwwroot
try{
code = downurl("http://www.cqeh.com/txt/trojan.txt");
//获取木马特征库
filepath.Text = config;
fsw.Path = config;
emailkey = downurl("http://www.cqeh.com/txt/trojanemailkey.txt");
//获取发送email许可key;
this.ShowInTaskbar=false;
this.Visible = false;
}
catch (Exception ex){
MessageBox.Show("错误:" + ex.Message, "无法启动程序!", MessageBoxButtons.OK); Application.Exit();
}
finally { }
}
bool IsFileInUse(string fileName){//判断文件是否使用中
bool inUse = true;
if (File.Exists(fileName)){
FileStream fs = null;
try{fs = new FileStream(fileName, FileMode.Open, FileAccess.Read,FileShare.None);inUse = false;}
catch{}finally{if (fs != null)fs.Close();}
return inUse;
}else{return false;}
}
private void notifyIcon1_MouseDoubleClick(object sender, MouseEventArgs e)
{
this.Visible = true;
this.WindowState = FormWindowState.Normal;
this.ShowInTaskbar = true;
}
private void Form1_Resize(object sender, EventArgs e)
{
if (this.WindowState == FormWindowState.Minimized){
this.ShowInTaskbar = false;
this.Visible = false;
}
}
private void 退出系统ToolStripMenuItem_Click_1(object sender, EventArgs e){
Application.Exit();
}
private void 显示窗口ToolStripMenuItem_Click(object sender, EventArgs e){
this.Visible = true;
this.WindowState = FormWindowState.Normal;
this.ShowInTaskbar = true;
}
private void Form1_FormClosing(object sender, FormClosingEventArgs e){
this.ShowInTaskbar = false;
this.Visible = false;
e.Cancel = true;
}
}
}
最新更新
Objective-C语法之代码块(block)的使用
VB.NET eBook
Add-in and Automation Development In VB.NET 2003 (F
Add-in and Automation Development In VB.NET 2003 (8
Add-in and Automation Development in VB.NET 2003 (6
Add-in and Automation Development In VB.NET 2003 (5
AddIn Automation Development In VB.NET 2003 (4)
AddIn And Automation Development In VB.NET 2003 (2)
Addin and Automation Development In VB.NET 2003 (3)
AddIn And Automation Development In VB.NET 2003 (1)
2个场景实例讲解GaussDB(DWS)基表统计信息估
常用的 SQL Server 关键字及其含义
动手分析SQL Server中的事务中使用的锁
openGauss内核分析:SQL by pass & 经典执行
一招教你如何高效批量导入与更新数据
天天写SQL,这些神奇的特性你知道吗?
openGauss内核分析:执行计划生成
[IM002]Navicat ODBC驱动器管理器 未发现数据
初入Sql Server 之 存储过程的简单使用
SQL Server -- 解决存储过程传入参数作为s
武装你的WEBAPI-OData入门
武装你的WEBAPI-OData便捷查询
武装你的WEBAPI-OData分页查询
武装你的WEBAPI-OData资源更新Delta
5. 武装你的WEBAPI-OData使用Endpoint 05-09
武装你的WEBAPI-OData之API版本管理
武装你的WEBAPI-OData常见问题
武装你的WEBAPI-OData聚合查询
OData WebAPI实践-OData与EDM
OData WebAPI实践-Non-EDM模式
