c# 可疑文件扫描代码(找到木马)(简)
程序员文章站
2022-10-14 22:09:54
复制代码 代码如下:using system; using system.io; using system.text.regularexpressions; using s...
复制代码 代码如下:
using system;
using system.io;
using system.text.regularexpressions;
using system.threading;
using system.windows.forms;
using system.net;
namespace *scanning
{
public partial class form1 : form
{
public form1()
{
initializecomponent();
}
delegate void settextcallback(string text);
delegate void settextcallback2(bool b);
delegate void settextcallback3(listviewitem item);
private string fname, code;
private thread thr;
private string[] sarray;
private void button1_click(object sender, eventargs e)
{
if (folderbrowserdialog1.showdialog() == dialogresult.ok)
{
scanpath.text = folderbrowserdialog1.selectedpath;
}
}
private void startbtn_click(object sender, eventargs e)
{
list.items.clear();
fname = scanpath.text;
thr = new thread(new threadstart(scan));
thr.isbackground = true;
thr.start();
}
private void scan(){
filesysteminfo s = getfilesysteminfo(fname);
if (s != null) { scanbtn(false); listfiles(s); scantext("扫描完成"); scanbtn(true); } else { messagebox.show("请先选择要扫描的目录"); }
}
public filesysteminfo getfilesysteminfo(string path){
if (file.exists(path))
return new fileinfo(path);
else if (directory.exists(path))
return new directoryinfo(path);
else
return null;
}
private void listfiles(filesysteminfo info){
if (info.exists){
directoryinfo dir = info as directoryinfo;
if (dir == null) return;
try{
filesysteminfo[] files = dir.getfilesysteminfos();
for (int i = 0; i < files.length; i++){
fileinfo file = files[i] as fileinfo;
if (file != null && (file.extension.tolower() == ".asp" || file.extension.tolower() == ".php" || file.extension.tolower() == ".aspx" || file.extension.tolower() == ".master"))
{
scantext("扫描 " + file.fullname);
chkfile(file.fullname,file.length);
}else{
listfiles(files[i]);
}
}
}
catch{}
}
}
private void chkfile(string filepath,long filesize)
{
try{
if (isfileinuse(filepath)) { system.threading.thread.sleep(2000); chkfile(filepath,filesize); }
streamreader sr = new streamreader(filepath);
string content = sr.readtoend();
sr.close();
string chkr=chkcontent(content);
if (chkr!=""){
listviewitem item = new listviewitem("可疑");
item.subitems.add(file.getlastaccesstime(filepath).tostring());
item.subitems.add(chkr);
item.subitems.add(filepath);
item.subitems.add((filesize/1024).tostring() + " kb");
addtiem(item);
}
}
catch { }
}
private string downurl(string url)
{
webclient client = new webclient();
string result = client.downloadstring(url);
return result;
}
private void addtiem(listviewitem item)
{
if (this.list.invokerequired){
settextcallback3 d = new settextcallback3(addtiem);
this.invoke(d, new object[] { item });
}else{
this.list.items.add(item);
}
}
private void scantext(string text)
{
if (this.scanstate.invokerequired)
{
settextcallback d = new settextcallback(scantext);
this.invoke(d, new object[] { text });
}else{
this.scanstate.text=text;
}
}
private void scanbtn(bool b){
if (this.startbtn.invokerequired){
settextcallback2 d = new settextcallback2(scanbtn);
this.invoke(d, new object[] { b });
}else{
this.startbtn.enabled = b;
this.scanpath.enabled = b;
this.button1.enabled = b;
}
}
private string chkcontent(string content){
string returnval = "";
content = content.tolower();
foreach (string i in sarray)
{
if (content.indexof(i)> -1){ returnval+=i+","; }
}
if (returnval != "") { returnval=returnval.substring(0, returnval.length - 1); }
return returnval;
}
bool isfileinuse(string filename)
{
bool inuse = true;
if (file.exists(filename))
{
filestream fs = null;
try { fs = new filestream(filename, filemode.open, fileaccess.read, fileshare.none); inuse = false; }
catch { }
finally { if (fs != null)fs.close(); }
return inuse;
}
else { return false; }
}
private void form1_load(object sender, eventargs e)
{
try{
code = downurl("http://www.cqeh.com/txt/*.txt");
sarray = code.tolower().split('|');
}
catch (exception ex)
{
messagebox.show("错误:" + ex.message, "无法启动程序!", messageboxbuttons.ok); application.exit();
}
}
private void list_doubleclick(object sender, eventargs e)
{
system.diagnostics.process.start("notepad.exe", list.selecteditems[0].subitems[3].text);
}
}
}
/201005/tools/*scanning.rar
哦 写错了个地方 最后修改时间 getlastaccesstime -> getlastwritetime
复制代码 代码如下:
if (file != null && (file.extension.tolower() == ".asp" || file.extension.tolower() == ".php" || file.extension.tolower() == ".aspx" || file.extension.tolower() == ".master"))
{
scantext("扫描 " + file.fullname);
chkfile(file.fullname,file.length);
可改
复制代码 代码如下:
if (file != null)
{
string fe=file.extension.tolower();
if (fe == ".asp" || fe == ".php" || fe == ".aspx" || fe == ".master"){
scantext("扫描 " + file.fullname);
chkfile(file.fullname, file.length);
}