当前位置: 编程技术>.net/c#/asp.net
c# 可疑文件扫描代码(找到木马)(简)
来源: 互联网 发布时间:2014-10-14
本文导语: 代码如下:using System; using System.IO; using System.Text.RegularExpressions; using System.Threading; using System.Windows.Forms; using System.Net; namespace TrojanScanning { public partial class Form1 : Form { public Form1() { InitializeComponent(); } delegate void SetTextCallback(string tex...
代码如下:
using System;
using System.IO;
using System.Text.RegularExpressions;
using System.Threading;
using System.Windows.Forms;
using System.Net;
namespace TrojanScanning
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
delegate void SetTextCallback(string text);
delegate void SetTextCallback2(bool b);
delegate void SetTextCallback3(ListViewItem item);
private string fname, code;
private Thread thr;
private string[] sArray;
private void button1_Click(object sender, EventArgs e)
{
if (folderBrowserDialog1.ShowDialog() == DialogResult.OK)
{
scanpath.Text = folderBrowserDialog1.SelectedPath;
}
}
private void startbtn_Click(object sender, EventArgs e)
{
list.Items.Clear();
fname = scanpath.Text;
thr = new Thread(new ThreadStart(scan));
thr.IsBackground = true;
thr.Start();
}
private void scan(){
FileSystemInfo s = GetFileSystemInfo(fname);
if (s != null) { scanbtn(false); ListFiles(s); scantext("扫描完成"); scanbtn(true); } else { MessageBox.Show("请先选择要扫描的目录"); }
}
public FileSystemInfo GetFileSystemInfo(string path){
if (File.Exists(path))
return new FileInfo(path);
else if (Directory.Exists(path))
return new DirectoryInfo(path);
else
return null;
}
private void ListFiles(FileSystemInfo info){
if (info.Exists){
DirectoryInfo dir = info as DirectoryInfo;
if (dir == null) return;
try{
FileSystemInfo[] files = dir.GetFileSystemInfos();
for (int i = 0; i < files.Length; i++){
FileInfo file = files[i] as FileInfo;
if (file != null && (file.Extension.ToLower() == ".asp" || file.Extension.ToLower() == ".php" || file.Extension.ToLower() == ".aspx" || file.Extension.ToLower() == ".master"))
{
scantext("扫描 " + file.FullName);
chkfile(file.FullName,file.Length);
}else{
ListFiles(files[i]);
}
}
}
catch{}
}
}
private void chkfile(string filepath,long filesize)
{
try{
if (IsFileInUse(filepath)) { System.Threading.Thread.Sleep(2000); chkfile(filepath,filesize); }
StreamReader sr = new StreamReader(filepath);
string content = sr.ReadToEnd();
sr.Close();
string chkr=chkcontent(content);
if (chkr!=""){
ListViewItem item = new ListViewItem("可疑");
item.SubItems.Add(File.GetLastAccessTime(filepath).ToString());
item.SubItems.Add(chkr);
item.SubItems.Add(filepath);
item.SubItems.Add((filesize/1024).ToString() + " kb");
addtiem(item);
}
}
catch { }
}
private string downurl(string url)
{
WebClient client = new WebClient();
string result = client.DownloadString(url);
return result;
}
private void addtiem(ListViewItem item)
{
if (this.list.InvokeRequired){
SetTextCallback3 d = new SetTextCallback3(addtiem);
this.Invoke(d, new object[] { item });
}else{
this.list.Items.Add(item);
}
}
private void scantext(string text)
{
if (this.scanstate.InvokeRequired)
{
SetTextCallback d = new SetTextCallback(scantext);
this.Invoke(d, new object[] { text });
}else{
this.scanstate.Text=text;
}
}
private void scanbtn(bool b){
if (this.startbtn.InvokeRequired){
SetTextCallback2 d = new SetTextCallback2(scanbtn);
this.Invoke(d, new object[] { b });
}else{
this.startbtn.Enabled = b;
this.scanpath.Enabled = b;
this.button1.Enabled = b;
}
}
private string chkcontent(string content){
string returnval = "";
content = content.ToLower();
foreach (string i in sArray)
{
if (content.IndexOf(i)> -1){ returnval+=i+","; }
}
if (returnval != "") { returnval=returnval.Substring(0, returnval.Length - 1); }
return returnval;
}
bool IsFileInUse(string fileName)
{
bool inUse = true;
if (File.Exists(fileName))
{
FileStream fs = null;
try { fs = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.None); inUse = false; }
catch { }
finally { if (fs != null)fs.Close(); }
return inUse;
}
else { return false; }
}
private void Form1_Load(object sender, EventArgs e)
{
try{
code = downurl("http://www.cqeh.com/txt/trojan.txt");
sArray = code.ToLower().Split('|');
}
catch (Exception ex)
{
MessageBox.Show("错误:" + ex.Message, "无法启动程序!", MessageBoxButtons.OK); Application.Exit();
}
}
private void list_DoubleClick(object sender, EventArgs e)
{
System.Diagnostics.Process.Start("NOTEPAD.EXE", list.SelectedItems[0].SubItems[3].Text);
}
}
}
/201005/tools/TrojanScanning.rar哦 写错了个地方 最后修改时间 GetLastAccessTime -> GetLastWriteTime
代码如下:
if (file != null && (file.Extension.ToLower() == ".asp" || file.Extension.ToLower() == ".php" || file.Extension.ToLower() == ".aspx" || file.Extension.ToLower() == ".master"))
{
scantext("扫描 " + file.FullName);
chkfile(file.FullName,file.Length);
可改
代码如下:
if (file != null)
{
string fe=file.Extension.ToLower();
if (fe == ".asp" || fe == ".php" || fe == ".aspx" || fe == ".master"){
scantext("扫描 " + file.FullName);
chkfile(file.FullName, file.Length);
}