c# 服务器上传木马监控代码(包含可疑文件)
程序员文章站
2023-11-27 20:54:04
复制代码 代码如下:using system; using system.io; using system.threading; using system.windows....
复制代码 代码如下:
using system;
using system.io;
using system.threading;
using system.windows.forms;
using system.net;
namespace *monitor
{
public partial class form1 : form
{
public form1()
{
initializecomponent();
}
delegate void settextcallback(string text);
private string fname,code,emailkey,ip;
private thread thr;
private void fsw_changed(object sender, filesystemeventargs e)
{//文件改动监控(包含了新增)
fname = e.name;
thr = new thread(new threadstart(chkfile));
thr.isbackground = true;
thr.start();
}
private void fsw_renamed(object sender, renamedeventargs e)
{//重命名监控
fname = e.name;
thr = new thread(new threadstart(chkfile));
thr.isbackground = true;
thr.start();
}
private void chkfile(){
string filename = fname;
string content="",filepath=fsw.path+@"\"+filename,filename="",hzhui="";
filename = path.getfilename(filename);
hzhui = path.getextension(filename).tolower();
if (hzhui == ".asp" || hzhui == ".aspx" || hzhui == ".php" || hzhui == ".jpg" || hzhui == ".gif")
{
try{
if (isfileinuse(filename)) { system.threading.thread.sleep(2000); chkfile(); }
streamreader sr = new streamreader(filepath);
content = sr.readtoend();
sr.close();
if (chkcontent(content)){
try{
string bakpath = application.startuppath + @"\*monitorbak",
logfile = bakpath + @"\log" + datetime.today.toshortdatestring() + ".dat",
newfile = bakpath + @"\" + datetime.today.toshortdatestring() + @"\",
newfilepath = newfile + datetime.now.hour.tostring() + "点" + datetime.now.minute.tostring() + "分" + datetime.now.second.tostring() + "秒" + datetime.now.millisecond.tostring() + "毫秒-" + filename;
if (!directory.exists(bakpath)) { directory.createdirectory(bakpath); }
if (!directory.exists(newfile)) { directory.createdirectory(newfile);}
if (file.exists(newfilepath)){file.delete(newfilepath);}
file.move(filepath,newfilepath);
string str = "[" + datetime.now + "] 发现可疑文件: [" + filepath + "] to [" + newfilepath + "]";
addtiem(str);
streamwriter sw = file.appendtext(logfile);
sw.writeline(str + " \r\n");//写入日志
sw.flush();
sw.close();
sw.dispose();
downurl("http://www.cqeh.com/mail/?emailsubject=发现可疑文件(" + ip + ")&emailkey=" + emailkey + "&sendhtml=[" + ip + "][" + datetime.now + "] 发现可疑文件: [" + filepath + "]");//发送email
sw = file.appendtext(filepath);
sw.writeline("此文件检测到有可疑问题!请联系管理员!");
sw.flush();
sw.close();
sw.dispose();
}
catch (exception ex) { addtiem(ex.tostring()); }
}
}
catch (exception ex) { addtiem(ex.tostring()); }
}
}
private string downurl(string url){
webclient client = new webclient();
string result=client.downloadstring(url);
return result;
}
private void addtiem(string text){
if (this.lb.invokerequired){
settextcallback d = new settextcallback(addtiem);
this.invoke(d, new object[] { text });
} else {
this.lb.items.add(text);
}
}
private bool chkcontent(string content)
{
bool returnval = false;
string[] sarray = code.tolower().split('|');
content = content.tolower();
foreach (string i in sarray)
{
if (content.indexof(i)>-1){returnval=true;break;}
}
return returnval;
}
private void form1_load(object sender, eventargs e){
ip = dns.gethostentry(environment.machinename).addresslist[0].tostring();
string config = file.readalltext(application.startuppath + "//monitorpath.ini");//获取监控路径 d:\wwwroot
try{
code = downurl("http://www.cqeh.com/txt/*.txt");
//获取木马特征库
filepath.text = config;
fsw.path = config;
emailkey = downurl("http://www.cqeh.com/txt/*emailkey.txt");
//获取发送email许可key;
this.showintaskbar=false;
this.visible = false;
}
catch (exception ex){
messagebox.show("错误:" + ex.message, "无法启动程序!", messageboxbuttons.ok); application.exit();
}
finally { }
}
bool isfileinuse(string filename){//判断文件是否使用中
bool inuse = true;
if (file.exists(filename)){
filestream fs = null;
try{fs = new filestream(filename, filemode.open, fileaccess.read,fileshare.none);inuse = false;}
catch{}finally{if (fs != null)fs.close();}
return inuse;
}else{return false;}
}
private void notifyicon1_mousedoubleclick(object sender, mouseeventargs e)
{
this.visible = true;
this.windowstate = formwindowstate.normal;
this.showintaskbar = true;
}
private void form1_resize(object sender, eventargs e)
{
if (this.windowstate == formwindowstate.minimized){
this.showintaskbar = false;
this.visible = false;
}
}
private void 退出系统toolstripmenuitem_click_1(object sender, eventargs e){
application.exit();
}
private void 显示窗口toolstripmenuitem_click(object sender, eventargs e){
this.visible = true;
this.windowstate = formwindowstate.normal;
this.showintaskbar = true;
}
private void form1_formclosing(object sender, formclosingeventargs e){
this.showintaskbar = false;
this.visible = false;
e.cancel = true;
}
}
}
源码包下载