欢迎来到代码驿站!

.NET代码

当前位置:首页 > 软件编程 > .NET代码

c# 可疑文件扫描代码(找到木马)(简)

时间:2020-11-04 11:10:06|栏目:.NET代码|点击:
复制代码 代码如下:

using System;
using System.IO;
using System.Text.RegularExpressions;
using System.Threading;
using System.Windows.Forms;
using System.Net;
namespace TrojanScanning
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
delegate void SetTextCallback(string text);
delegate void SetTextCallback2(bool b);
delegate void SetTextCallback3(ListViewItem item);
private string fname, code;
private Thread thr;
private string[] sArray;
private void button1_Click(object sender, EventArgs e)
{
if (folderBrowserDialog1.ShowDialog() == DialogResult.OK)
{
scanpath.Text = folderBrowserDialog1.SelectedPath;
}
}
private void startbtn_Click(object sender, EventArgs e)
{
list.Items.Clear();
fname = scanpath.Text;
thr = new Thread(new ThreadStart(scan));
thr.IsBackground = true;
thr.Start();
}
private void scan(){
FileSystemInfo s = GetFileSystemInfo(fname);
if (s != null) { scanbtn(false); ListFiles(s); scantext("扫描完成"); scanbtn(true); } else { MessageBox.Show("请先选择要扫描的目录"); }
}
public FileSystemInfo GetFileSystemInfo(string path){
if (File.Exists(path))
return new FileInfo(path);
else if (Directory.Exists(path))
return new DirectoryInfo(path);
else
return null;
}

private void ListFiles(FileSystemInfo info){
if (info.Exists){
DirectoryInfo dir = info as DirectoryInfo;
if (dir == null) return;
try{
FileSystemInfo[] files = dir.GetFileSystemInfos();
for (int i = 0; i < files.Length; i++){
FileInfo file = files[i] as FileInfo;
if (file != null && (file.Extension.ToLower() == ".asp" || file.Extension.ToLower() == ".php" || file.Extension.ToLower() == ".aspx" || file.Extension.ToLower() == ".master"))
{
scantext("扫描 " + file.FullName);
chkfile(file.FullName,file.Length);
}else{
ListFiles(files[i]);
}
}
}
catch{}
}
}
private void chkfile(string filepath,long filesize)
{
try{
if (IsFileInUse(filepath)) { System.Threading.Thread.Sleep(2000); chkfile(filepath,filesize); }
StreamReader sr = new StreamReader(filepath);
string content = sr.ReadToEnd();
sr.Close();
string chkr=chkcontent(content);
if (chkr!=""){
ListViewItem item = new ListViewItem("可疑");
item.SubItems.Add(File.GetLastAccessTime(filepath).ToString());
item.SubItems.Add(chkr);
item.SubItems.Add(filepath);
item.SubItems.Add((filesize/1024).ToString() + " kb");
addtiem(item);
}
}
catch { }
}
private string downurl(string url)
{
WebClient client = new WebClient();
string result = client.DownloadString(url);
return result;
}
private void addtiem(ListViewItem item)
{
if (this.list.InvokeRequired){
SetTextCallback3 d = new SetTextCallback3(addtiem);
this.Invoke(d, new object[] { item });
}else{
this.list.Items.Add(item);
}
}
private void scantext(string text)
{
if (this.scanstate.InvokeRequired)
{
SetTextCallback d = new SetTextCallback(scantext);
this.Invoke(d, new object[] { text });
}else{
this.scanstate.Text=text;
}
}
private void scanbtn(bool b){
if (this.startbtn.InvokeRequired){
SetTextCallback2 d = new SetTextCallback2(scanbtn);
this.Invoke(d, new object[] { b });
}else{
this.startbtn.Enabled = b;
this.scanpath.Enabled = b;
this.button1.Enabled = b;
}
}
private string chkcontent(string content){
string returnval = "";
content = content.ToLower();
foreach (string i in sArray)
{
if (content.IndexOf(i)> -1){ returnval+=i+","; }
}
if (returnval != "") { returnval=returnval.Substring(0, returnval.Length - 1); }
return returnval;
}
bool IsFileInUse(string fileName)
{
bool inUse = true;
if (File.Exists(fileName))
{
FileStream fs = null;
try { fs = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.None); inUse = false; }
catch { }
finally { if (fs != null)fs.Close(); }
return inUse;
}
else { return false; }
}
private void Form1_Load(object sender, EventArgs e)
{
try{
code = downurl("http://www.cqeh.com/txt/trojan.txt");
sArray = code.ToLower().Split('|');
}
catch (Exception ex)
{
MessageBox.Show("错误:" + ex.Message, "无法启动程序!", MessageBoxButtons.OK); Application.Exit();
}
}
private void list_DoubleClick(object sender, EventArgs e)
{
System.Diagnostics.Process.Start("NOTEPAD.EXE", list.SelectedItems[0].SubItems[3].Text);
}
}
}

/201005/tools/TrojanScanning.rar
哦 写错了个地方 最后修改时间 GetLastAccessTime -> GetLastWriteTime

复制代码 代码如下:

if (file != null && (file.Extension.ToLower() == ".asp" || file.Extension.ToLower() == ".php" || file.Extension.ToLower() == ".aspx" || file.Extension.ToLower() == ".master"))
{
scantext("扫描 " + file.FullName);
chkfile(file.FullName,file.Length);


可改


复制代码 代码如下:

if (file != null)
{
string fe=file.Extension.ToLower();
if (fe == ".asp" || fe == ".php" || fe == ".aspx" || fe == ".master"){
  scantext("扫描 " + file.FullName);
   chkfile(file.FullName, file.Length);
  }

上一篇:asp.net 禁用viewstate在web.config里

栏    目:.NET代码

下一篇:asp.net下日期和时间处理的类库

本文标题:c# 可疑文件扫描代码(找到木马)(简)

本文地址:http://www.codeinn.net/misctech/18976.html

推荐教程

广告投放 | 联系我们 | 版权申明

重要申明:本站所有的文章、图片、评论等,均由网友发表或上传并维护或收集自网络,属个人行为,与本站立场无关。

如果侵犯了您的权利,请与我们联系,我们将在24小时内进行处理、任何非本站因素导致的法律后果,本站均不负任何责任。

联系QQ:914707363 | 邮箱:codeinn#126.com(#换成@)

Copyright © 2020 代码驿站 版权所有