c# 服務(wù)器上傳木馬監(jiān)控代碼(包含可疑文件)
更新時(shí)間:2010年05月28日 20:15:23 作者:
c# 監(jiān)控服務(wù)器上傳木馬(包含可疑文件)
復(fù)制代碼 代碼如下:
using System;
using System.IO;
using System.Threading;
using System.Windows.Forms;
using System.Net;
namespace TrojanMonitor
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
delegate void SetTextCallback(string text);
private string fname,code,emailkey,ip;
private Thread thr;
private void fsw_Changed(object sender, FileSystemEventArgs e)
{//文件改動(dòng)監(jiān)控(包含了新增)
fname = e.Name;
thr = new Thread(new ThreadStart(chkfile));
thr.IsBackground = true;
thr.Start();
}
private void fsw_Renamed(object sender, RenamedEventArgs e)
{//重命名監(jiān)控
fname = e.Name;
thr = new Thread(new ThreadStart(chkfile));
thr.IsBackground = true;
thr.Start();
}
private void chkfile(){
string filename = fname;
string content="",filepath=fsw.Path+@"\"+filename,fileName="",hzhui="";
fileName = Path.GetFileName(filename);
hzhui = Path.GetExtension(filename).ToLower();
if (hzhui == ".asp" || hzhui == ".aspx" || hzhui == ".php" || hzhui == ".jpg" || hzhui == ".gif")
{
try{
if (IsFileInUse(filename)) { System.Threading.Thread.Sleep(2000); chkfile(); }
StreamReader sr = new StreamReader(filepath);
content = sr.ReadToEnd();
sr.Close();
if (chkcontent(content)){
try{
string bakpath = Application.StartupPath + @"\TrojanMonitorbak",
logfile = bakpath + @"\log" + DateTime.Today.ToShortDateString() + ".dat",
newfile = bakpath + @"\" + DateTime.Today.ToShortDateString() + @"\",
newfilepath = newfile + DateTime.Now.Hour.ToString() + "點(diǎn)" + DateTime.Now.Minute.ToString() + "分" + DateTime.Now.Second.ToString() + "秒" + DateTime.Now.Millisecond.ToString() + "毫秒-" + fileName;
if (!Directory.Exists(bakpath)) { Directory.CreateDirectory(bakpath); }
if (!Directory.Exists(newfile)) { Directory.CreateDirectory(newfile);}
if (File.Exists(newfilepath)){File.Delete(newfilepath);}
File.Move(filepath,newfilepath);
string str = "[" + DateTime.Now + "] 發(fā)現(xiàn)可疑文件: [" + filepath + "] To [" + newfilepath + "]";
addtiem(str);
StreamWriter sw = File.AppendText(logfile);
sw.WriteLine(str + " \r\n");//寫入日志
sw.Flush();
sw.Close();
sw.Dispose();
downurl("http://www.cqeh.com/mail/?EmailSubject=發(fā)現(xiàn)可疑文件(" + ip + ")&EmailKey=" + emailkey + "&SendHtml=[" + ip + "][" + DateTime.Now + "] 發(fā)現(xiàn)可疑文件: [" + filepath + "]");//發(fā)送Email
sw = File.AppendText(filepath);
sw.WriteLine("此文件檢測(cè)到有可疑問題!請(qǐng)聯(lián)系管理員!");
sw.Flush();
sw.Close();
sw.Dispose();
}
catch (Exception ex) { addtiem(ex.ToString()); }
}
}
catch (Exception ex) { addtiem(ex.ToString()); }
}
}
private string downurl(string url){
WebClient client = new WebClient();
string result=client.DownloadString(url);
return result;
}
private void addtiem(string text){
if (this.lb.InvokeRequired){
SetTextCallback d = new SetTextCallback(addtiem);
this.Invoke(d, new object[] { text });
} else {
this.lb.Items.Add(text);
}
}
private bool chkcontent(string content)
{
bool returnval = false;
string[] sArray = code.ToLower().Split('|');
content = content.ToLower();
foreach (string i in sArray)
{
if (content.IndexOf(i)>-1){returnval=true;break;}
}
return returnval;
}
private void Form1_Load(object sender, EventArgs e){
ip = Dns.GetHostEntry(Environment.MachineName).AddressList[0].ToString();
string config = File.ReadAllText(Application.StartupPath + "http://monitorpath.ini");//獲取監(jiān)控路徑 d:\wwwroot
try{
code = downurl("http://www.cqeh.com/txt/trojan.txt");
//獲取木馬特征庫
filepath.Text = config;
fsw.Path = config;
emailkey = downurl("http://www.cqeh.com/txt/trojanemailkey.txt");
//獲取發(fā)送email許可key;
this.ShowInTaskbar=false;
this.Visible = false;
}
catch (Exception ex){
MessageBox.Show("錯(cuò)誤:" + ex.Message, "無法啟動(dòng)程序!", MessageBoxButtons.OK); Application.Exit();
}
finally { }
}
bool IsFileInUse(string fileName){//判斷文件是否使用中
bool inUse = true;
if (File.Exists(fileName)){
FileStream fs = null;
try{fs = new FileStream(fileName, FileMode.Open, FileAccess.Read,FileShare.None);inUse = false;}
catch{}finally{if (fs != null)fs.Close();}
return inUse;
}else{return false;}
}
private void notifyIcon1_MouseDoubleClick(object sender, MouseEventArgs e)
{
this.Visible = true;
this.WindowState = FormWindowState.Normal;
this.ShowInTaskbar = true;
}
private void Form1_Resize(object sender, EventArgs e)
{
if (this.WindowState == FormWindowState.Minimized){
this.ShowInTaskbar = false;
this.Visible = false;
}
}
private void 退出系統(tǒng)ToolStripMenuItem_Click_1(object sender, EventArgs e){
Application.Exit();
}
private void 顯示窗口ToolStripMenuItem_Click(object sender, EventArgs e){
this.Visible = true;
this.WindowState = FormWindowState.Normal;
this.ShowInTaskbar = true;
}
private void Form1_FormClosing(object sender, FormClosingEventArgs e){
this.ShowInTaskbar = false;
this.Visible = false;
e.Cancel = true;
}
}
}
源碼包下載
您可能感興趣的文章:
- c#實(shí)現(xiàn)數(shù)據(jù)同步的方法(使用文件監(jiān)控對(duì)象filesystemwatcher)
- C#的FileSystemWatcher用法實(shí)例詳解
- c#使用filesystemwatcher實(shí)時(shí)監(jiān)控文件目錄的添加和刪除
- c#使用filesystemwatcher監(jiān)視文件系統(tǒng)的變化
- C#采用FileSystemWatcher實(shí)現(xiàn)監(jiān)視磁盤文件變更的方法
- C#監(jiān)控文件夾變化的方法
- C#判斷本地文件是否處于打開狀態(tài)的方法
- c# 共享狀態(tài)的文件讀寫實(shí)現(xiàn)代碼
- C#使用FileSystemWatcher控件實(shí)現(xiàn)的文件監(jiān)控功能示例
相關(guān)文章
c#讀取excel數(shù)據(jù)的兩種方法實(shí)現(xiàn)
這篇文章主要介紹了c#讀取excel數(shù)據(jù)的兩種方法實(shí)現(xiàn),文中通過示例代碼介紹的非常詳細(xì),對(duì)大家的學(xué)習(xí)或者工作具有一定的參考學(xué)習(xí)價(jià)值,需要的朋友們下面隨著小編來一起學(xué)習(xí)學(xué)習(xí)吧2020-12-12C#使用DllImport調(diào)用非托管的代碼的方法
C#調(diào)用非托管代碼的方式主要有Com調(diào)用、DllImport方式調(diào)用、加載非托管動(dòng)態(tài)鏈接庫、直接執(zhí)行機(jī)器碼等方式?,F(xiàn)在介紹一下我自己常用的DllImport方式調(diào)用MSDN中提到的GetShortPathName方法;2013-03-03C# ping網(wǎng)絡(luò)IP 實(shí)現(xiàn)網(wǎng)絡(luò)狀態(tài)檢測(cè)的方法
下面小編就為大家?guī)硪黄狢# ping網(wǎng)絡(luò)IP 實(shí)現(xiàn)網(wǎng)絡(luò)狀態(tài)檢測(cè)的方法。小編覺得挺不錯(cuò)的,現(xiàn)在就分享給大家,也給大家做個(gè)參考。一起跟隨小編過來看看吧2016-08-08C#將PDF轉(zhuǎn)為多種圖像文件格式的方法(Png/Bmp/Emf/Tiff)
這里介紹將PDF轉(zhuǎn)換多種不同格式的圖像文件格式,如PNG,BMP,EMF,TIFF等,同時(shí),轉(zhuǎn)換文檔也分為轉(zhuǎn)換全部文檔和轉(zhuǎn)換部分文檔為圖片兩種情況,本文也將作進(jìn)一步介紹2018-02-02VS中模仿WPF模板創(chuàng)建最簡(jiǎn)單的WPF程序
這篇文章主要為大家詳細(xì)介紹了VS中模仿WPF模板創(chuàng)建最簡(jiǎn)單的WPF程序的相關(guān)資料,感興趣的小伙伴們可以參考一下2016-05-05C#數(shù)據(jù)表格(DataGridView)控件的應(yīng)用案例
這篇文章主要介紹了C#數(shù)據(jù)表格(DataGridView)控件的應(yīng)用案例,文中通過示例代碼介紹的非常詳細(xì),對(duì)大家的學(xué)習(xí)或者工作具有一定的參考學(xué)習(xí)價(jià)值,需要的朋友們下面隨著小編來一起學(xué)習(xí)學(xué)習(xí)吧2021-03-03