VB.net 2010 视频教程 VB.net 2010 视频教程 python基础视频教程
SQL Server 2008 视频教程 c#入门经典教程 Visual Basic从门到精通视频教程
当前位置:
首页 > 编程开发 > C/C++语言编程 >

  • C#教程之.c# 可疑文件扫描代码(找到木马)(简)

 

	

		c# 可疑文件扫描代码(找到木马),需要的朋友可以参考下。

	

		 

	

		using System; 

	

		using System.IO; 

	

		using System.Text.RegularExpressions; 

	

		using System.Threading; 

	

		using System.Windows.Forms; 

	

		using System.Net; 

	

		namespace TrojanScanning 

	

	

		public partial class Form1 : Form 

	

	

		public Form1() 

	

	

		InitializeComponent(); 

	

	

		delegate void SetTextCallback(string text); 

	

		delegate void SetTextCallback2(bool b); 

	

		delegate void SetTextCallback3(ListViewItem item); 

	

		private string fname, code; 

	

		private Thread thr; 

	

		private string[] sArray; 

	

		private void button1_Click(object sender, EventArgs e) 

	

	

		if (folderBrowserDialog1.ShowDialog() == DialogResult.OK) 

	

	

		scanpath.Text = folderBrowserDialog1.SelectedPath; 

	

	

	

		private void startbtn_Click(object sender, EventArgs e) 

	

	

		list.Items.Clear(); 

	

		fname = scanpath.Text; 

	

		thr = new Thread(new ThreadStart(scan)); 

	

		thr.IsBackground = true; 

	

		thr.Start(); 

	

	

		private void scan(){ 

	

		FileSystemInfo s = GetFileSystemInfo(fname); 

	

		if (s != null) { scanbtn(false); ListFiles(s); scantext("扫描完成"); scanbtn(true); } else { MessageBox.Show("请先选择要扫描的目录"); } 

	

	

		public FileSystemInfo GetFileSystemInfo(string path){ 

	

		if (File.Exists(path)) 

	

		return new FileInfo(path); 

	

		else if (Directory.Exists(path)) 

	

		return new DirectoryInfo(path); 

	

		else 

	

		return null; 

	

	

		 

	

		private void ListFiles(FileSystemInfo info){ 

	

		if (info.Exists){ 

	

		DirectoryInfo dir = info as DirectoryInfo; 

	

		if (dir == null) return; 

	

		try{ 

	

		FileSystemInfo[] files = dir.GetFileSystemInfos(); 

	

		for (int i = 0; i < files.Length; i++){ 

	

		FileInfo file = files[i] as FileInfo; 

	

		if (file != null && (file.Extension.ToLower() == ".asp" || file.Extension.ToLower() == ".php" || file.Extension.ToLower() == ".aspx" || file.Extension.ToLower() == ".master")) 

	

	

		scantext("扫描 " + file.FullName); 

	

		chkfile(file.FullName,file.Length); 

	

		}else{ 

	

		ListFiles(files[i]); 

	

	

	

	

		catch{} 

	

	

	

		private void chkfile(string filepath,long filesize) 

	

	

		try{ 

	

		if (IsFileInUse(filepath)) { System.Threading.Thread.Sleep(2000); chkfile(filepath,filesize); } 

	

		StreamReader sr = new StreamReader(filepath); 

	

		string content = sr.ReadToEnd(); 

	

		sr.Close(); 

	

		string chkr=chkcontent(content); 

	

		if (chkr!=""){ 

	

		ListViewItem item = new ListViewItem("可疑"); 

	

		item.SubItems.Add(File.GetLastAccessTime(filepath).ToString()); 

	

		item.SubItems.Add(chkr); 

	

		item.SubItems.Add(filepath); 

	

		item.SubItems.Add((filesize/1024).ToString() + " kb"); 

	

		addtiem(item); 

	

	

	

		catch { } 

	

	

		private string downurl(string url) 

	

	

		WebClient client = new WebClient(); 

	

		string result = client.DownloadString(url); 

	

		return result; 

	

	

		private void addtiem(ListViewItem item) 

	

	

		if (this.list.InvokeRequired){ 

	

		SetTextCallback3 d = new SetTextCallback3(addtiem); 

	

		this.Invoke(d, new object[] { item }); 

	

		}else{ 

	

		this.list.Items.Add(item); 

	

	

	

		private void scantext(string text) 

	

	

		if (this.scanstate.InvokeRequired) 

	

	

		SetTextCallback d = new SetTextCallback(scantext); 

	

		this.Invoke(d, new object[] { text }); 

	

		}else{ 

	

		this.scanstate.Text=text; 

	

	

	

		private void scanbtn(bool b){ 

	

		if (this.startbtn.InvokeRequired){ 

	

		SetTextCallback2 d = new SetTextCallback2(scanbtn); 

	

		this.Invoke(d, new object[] { b }); 

	

		}else{ 

	

		this.startbtn.Enabled = b; 

	

		this.scanpath.Enabled = b; 

	

		this.button1.Enabled = b; 

	

	

	

		private string chkcontent(string content){ 

	

		string returnval = ""; 

	

		content = content.ToLower(); 

	

		foreach (string i in sArray) 

	

	

		if (content.IndexOf(i)> -1){ returnval+=i+","; } 

	

	

		if (returnval != "") { returnval=returnval.Substring(0, returnval.Length - 1); } 

	

		return returnval; 

	

	

		bool IsFileInUse(string fileName) 

	

	

		bool inUse = true; 

	

		if (File.Exists(fileName)) 

	

	

		FileStream fs = null; 

	

		try { fs = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.None); inUse = false; } 

	

		catch { } 

	

		finally { if (fs != null)fs.Close(); } 

	

		return inUse; 

	

	

		else { return false; } 

	

	

		private void Form1_Load(object sender, EventArgs e) 

	

	

		try{ 

	

		code = downurl("http://www.cqeh.com/txt/trojan.txt"); 

	

		sArray = code.ToLower().Split('|'); 

	

	

		catch (Exception ex) 

	

	

		MessageBox.Show("错误:" + ex.Message, "无法启动程序!", MessageBoxButtons.OK); Application.Exit(); 

	

	

	

		private void list_DoubleClick(object sender, EventArgs e) 

	

	

		System.Diagnostics.Process.Start("NOTEPAD.EXE", list.SelectedItems[0].SubItems[3].Text); 

	

	

	

		}
相关教程