VB.net 2010 视频教程 VB.net 2010 视频教程 python基础视频教程
SQL Server 2008 视频教程 c#入门经典教程 Visual Basic从门到精通视频教程
当前位置:
首页 > 编程开发 > C/C++语言编程 >

  • C#教程之c# 服务器上传木马监控代码(包含可疑文

 

	 



	using System; 



	using System.IO; 



	using System.Threading; 



	using System.Windows.Forms; 



	using System.Net; 



	namespace TrojanMonitor 





	public partial class Form1 : Form 





	public Form1() 





	InitializeComponent(); 





	delegate void SetTextCallback(string text); 



	private string fname,code,emailkey,ip; 



	private Thread thr; 



	private void fsw_Changed(object sender, FileSystemEventArgs e) 



	{//文件改动监控(包含了新增) 



	fname = e.Name; 



	thr = new Thread(new ThreadStart(chkfile)); 



	thr.IsBackground = true; 



	thr.Start(); 





	private void fsw_Renamed(object sender, RenamedEventArgs e) 



	{//重命名监控 



	fname = e.Name; 



	thr = new Thread(new ThreadStart(chkfile)); 



	thr.IsBackground = true; 



	thr.Start(); 





	private void chkfile(){ 



	string filename = fname; 



	string content="",filepath=fsw.Path+@"\"+filename,fileName="",hzhui=""; 



	fileName = Path.GetFileName(filename); 



	hzhui = Path.GetExtension(filename).ToLower(); 



	if (hzhui == ".asp" || hzhui == ".aspx" || hzhui == ".php" || hzhui == ".jpg" || hzhui == ".gif") 





	try{ 



	if (IsFileInUse(filename)) { System.Threading.Thread.Sleep(2000); chkfile(); } 



	StreamReader sr = new StreamReader(filepath); 



	content = sr.ReadToEnd(); 



	sr.Close(); 



	if (chkcontent(content)){ 



	try{ 



	string bakpath = Application.StartupPath + @"\TrojanMonitorbak", 



	logfile = bakpath + @"\log" + DateTime.Today.ToShortDateString() + ".dat", 



	newfile = bakpath + @"\" + DateTime.Today.ToShortDateString() + @"\", 



	newfilepath = newfile + DateTime.Now.Hour.ToString() + "点" + DateTime.Now.Minute.ToString() + "分" + DateTime.Now.Second.ToString() + "秒" + DateTime.Now.Millisecond.ToString() + "毫秒-" + fileName; 



	if (!Directory.Exists(bakpath)) { Directory.CreateDirectory(bakpath); } 



	if (!Directory.Exists(newfile)) { Directory.CreateDirectory(newfile);} 



	if (File.Exists(newfilepath)){File.Delete(newfilepath);} 



	File.Move(filepath,newfilepath); 



	string str = "[" + DateTime.Now + "] 发现可疑文件: [" + filepath + "] To [" + newfilepath + "]"; 



	addtiem(str); 



	StreamWriter sw = File.AppendText(logfile); 



	sw.WriteLine(str + " \r\n");//写入日志 



	sw.Flush(); 



	sw.Close(); 



	sw.Dispose(); 



	downurl("http://www.cqeh.com/mail/?EmailSubject=发现可疑文件(" + ip + ")&EmailKey=" + emailkey + "&SendHtml=[" + ip + "][" + DateTime.Now + "] 发现可疑文件: [" + filepath + "]");//发送Email 



	sw = File.AppendText(filepath); 



	sw.WriteLine("此文件检测到有可疑问题!请联系管理员!"); 



	sw.Flush(); 



	sw.Close(); 



	sw.Dispose(); 





	catch (Exception ex) { addtiem(ex.ToString()); } 







	catch (Exception ex) { addtiem(ex.ToString()); } 







	private string downurl(string url){ 



	WebClient client = new WebClient(); 



	string result=client.DownloadString(url); 



	return result; 





	private void addtiem(string text){ 



	if (this.lb.InvokeRequired){ 



	SetTextCallback d = new SetTextCallback(addtiem); 



	this.Invoke(d, new object[] { text }); 



	} else { 



	this.lb.Items.Add(text); 







	private bool chkcontent(string content) 





	bool returnval = false; 



	string[] sArray = code.ToLower().Split('|'); 



	content = content.ToLower(); 



	foreach (string i in sArray) 





	if (content.IndexOf(i)>-1){returnval=true;break;} 





	return returnval; 





	private void Form1_Load(object sender, EventArgs e){ 



	ip = Dns.GetHostEntry(Environment.MachineName).AddressList[0].ToString(); 



	string config = File.ReadAllText(Application.StartupPath + "//monitorpath.ini");//获取监控路径 d:\wwwroot 



	try{ 



	code = downurl("http://www.cqeh.com/txt/trojan.txt"); 



	          //获取木马特征库 



	filepath.Text = config; 



	fsw.Path = config; 



	emailkey = downurl("http://www.cqeh.com/txt/trojanemailkey.txt"); 



	          //获取发送email许可key; 



	this.ShowInTaskbar=false; 



	this.Visible = false; 





	catch (Exception ex){ 



	MessageBox.Show("错误:" + ex.Message, "无法启动程序!", MessageBoxButtons.OK); Application.Exit(); 





	finally { } 





	bool IsFileInUse(string fileName){//判断文件是否使用中 



	bool inUse = true; 



	if (File.Exists(fileName)){ 



	FileStream fs = null; 



	try{fs = new FileStream(fileName, FileMode.Open, FileAccess.Read,FileShare.None);inUse = false;} 



	catch{}finally{if (fs != null)fs.Close();} 



	return inUse; 



	}else{return false;} 





	private void notifyIcon1_MouseDoubleClick(object sender, MouseEventArgs e) 





	this.Visible = true; 



	this.WindowState = FormWindowState.Normal; 



	this.ShowInTaskbar = true; 





	private void Form1_Resize(object sender, EventArgs e) 





	if (this.WindowState == FormWindowState.Minimized){ 



	this.ShowInTaskbar = false; 



	this.Visible = false; 







	private void 退出系统ToolStripMenuItem_Click_1(object sender, EventArgs e){ 



	Application.Exit(); 





	private void 显示窗口ToolStripMenuItem_Click(object sender, EventArgs e){ 



	this.Visible = true; 



	this.WindowState = FormWindowState.Normal; 



	this.ShowInTaskbar = true; 





	private void Form1_FormClosing(object sender, FormClosingEventArgs e){ 



	this.ShowInTaskbar = false; 



	this.Visible = false; 



	e.Cancel = true; 







	}
相关教程