• c# 监控服务器上传木马(包含可疑文件)


    using System;
    using System.IO;
    using System.Threading;
    using System.Windows.Forms;
    using System.Net;

    namespace TrojanMonitor
    {
        
    public partial class Form1 : Form
        {
            
    public Form1()
            {
                InitializeComponent();
            }
            
    delegate void SetTextCallback(string text);
            
    private string fname,code,emailkey,ip;
            
    private Thread thr;

            
    private void fsw_Changed(object sender, FileSystemEventArgs e)
            {//文件改动监控(包含了新增)
                fname 
    = e.Name;
                thr 
    = new Thread(new ThreadStart(chkfile));
                thr.IsBackground 
    = true;
                thr.Start();
            }
            
    private void fsw_Renamed(object sender, RenamedEventArgs e)
            {//重命名监控
                fname 
    = e.Name;
                thr 
    = new Thread(new ThreadStart(chkfile));
                thr.IsBackground 
    = true;
                thr.Start();
            }

            
    private void chkfile(){
                
    string filename = fname;
               
    string content="",filepath=fsw.Path+@"\"+filename,fileName="",hzhui="";
                
              fileName 
    = Path.GetFileName(filename);
              hzhui 
    = Path.GetExtension(filename).ToLower();
              
    if (hzhui == ".asp" || hzhui == ".aspx" || hzhui == ".php" || hzhui == ".jpg" || hzhui == ".gif")
              {
                  
    try{
                  
    if (IsFileInUse(filename)) { System.Threading.Thread.Sleep(2000); chkfile(); }
                  StreamReader sr 
    = new StreamReader(filepath);
                  content 
    = sr.ReadToEnd();
                  sr.Close();             
                  
    if (chkcontent(content)){
                      
    try{
                      
    string bakpath = Application.StartupPath + @"\TrojanMonitorbak"
                          logfile 
    = bakpath + @"\log" + DateTime.Today.ToShortDateString() + ".dat",
                        newfile 
    = bakpath + @"\" + DateTime.Today.ToShortDateString() + @"\",
                        newfilepath 
    = newfile + DateTime.Now.Hour.ToString() + "" + DateTime.Now.Minute.ToString() + "" + DateTime.Now.Second.ToString() + "" + DateTime.Now.Millisecond.ToString() + "毫秒-" + fileName;

                      
    if (!Directory.Exists(bakpath)) { Directory.CreateDirectory(bakpath); }
                      
    if (!Directory.Exists(newfile)) { Directory.CreateDirectory(newfile);}
                      
    if (File.Exists(newfilepath)){File.Delete(newfilepath);}

                      File.Move(filepath,newfilepath);
                          
    string str = "[" + DateTime.Now + "] 发现可疑文件: [" + filepath + "] To [" + newfilepath + "]";
                          addtiem(str);

                      StreamWriter sw 
    = File.AppendText(logfile);
                      sw.WriteLine(str 
    + " \r\n");//写入日志
                      sw.Flush();
                      sw.Close();
                      sw.Dispose();
                      downurl(
    "http://www.cqeh.com/mail/?EmailSubject=发现可疑文件(" + ip + ")&EmailKey=" + emailkey + "&SendHtml=[" + ip + "][" + DateTime.Now + "] 发现可疑文件: [" + filepath + "]");//发送Email
                      sw 
    = File.AppendText(filepath);
                      sw.WriteLine(
    "此文件检测到有可疑问题!请联系管理员!");
                      sw.Flush();
                      sw.Close();
                      sw.Dispose();
                  }
                  
    catch (Exception ex) { addtiem(ex.ToString()); }
                 }
                }
                
    catch (Exception ex) { addtiem(ex.ToString()); }
              }
            }

            
    private string downurl(string url){
                WebClient client 
    = new WebClient();
                
    string result=client.DownloadString(url);
                
    return result;
            }

            
    private void addtiem(string text){
                
    if (this.lb.InvokeRequired){
                    SetTextCallback d 
    = new SetTextCallback(addtiem); 
                    
    this.Invoke(d, new object[] { text }); 
                } 
    else {
                    
    this.lb.Items.Add(text); 
                }
            }
            
    private bool chkcontent(string content)
            {
                
    bool returnval = false;
                
    string[] sArray = code.ToLower().Split('|');
                content 
    = content.ToLower();
                
    foreach (string i in sArray)
                {
                    
    if (content.IndexOf(i)>-1){returnval=true;break;}
                }
                
    return returnval;
            }
            
    private void Form1_Load(object sender, EventArgs e){
                ip 
    = Dns.GetHostEntry(Environment.MachineName).AddressList[0].ToString();
                
    string config = File.ReadAllText(Application.StartupPath + "//monitorpath.ini");//获取监控路径 d:\wwwroot
                
    try{
                    code 
    = downurl("http://www.cqeh.com/txt/trojan.txt");
              //获取木马特征库
                    filepath.Text 
    = config;
                    fsw.Path 
    = config;
                    emailkey 
    = downurl("http://www.cqeh.com/txt/trojanemailkey.txt");
              //获取发送email许可key;
                    
    this.ShowInTaskbar=false;
                    
    this.Visible = false;
                }
                
    catch (Exception ex){
                    MessageBox.Show(
    "错误:" + ex.Message, "无法启动程序!", MessageBoxButtons.OK); Application.Exit();
                }
                
    finally { }
                
            }
            
    bool IsFileInUse(string fileName){//判断文件是否使用中
                
    bool inUse = true;
                
    if (File.Exists(fileName)){
                    FileStream fs 
    = null;
                    
    try{fs = new FileStream(fileName, FileMode.Open, FileAccess.Read,FileShare.None);inUse = false;}
                    
    catch{}finally{if (fs != null)fs.Close();}
                    
    return inUse;
                }
    else{return false;}
            }
            
    private void notifyIcon1_MouseDoubleClick(object sender, MouseEventArgs e)
            {
                
    this.Visible = true;
                
    this.WindowState = FormWindowState.Normal;
                
    this.ShowInTaskbar = true;
            }
            
    private void Form1_Resize(object sender, EventArgs e)
            {
                
    if (this.WindowState == FormWindowState.Minimized){
                    
    this.ShowInTaskbar = false;
                    
    this.Visible = false;
                }
            }
            
    private void 退出系统ToolStripMenuItem_Click_1(object sender, EventArgs e){
                Application.Exit();
            }
            
    private void 显示窗口ToolStripMenuItem_Click(object sender, EventArgs e){
                
    this.Visible = true;
                
    this.WindowState = FormWindowState.Normal;
                
    this.ShowInTaskbar = true;
            }
            
    private void Form1_FormClosing(object sender, FormClosingEventArgs e){
                
    this.ShowInTaskbar = false;
                
    this.Visible = false;
                e.Cancel 
    = true;
            }
        }
    }

    源码包下载  

  • 相关阅读:
    明白了最基本的压缩原理
    sys.path.insert(0, os.path.join('..', '..', '..', '..','...')) 解释
    《MongoDB权威指南》读书笔记 第二章 入门 (一)
    __str__简单用法
    python 中使用memcache
    《MongoDB权威指南》读书笔记 第三章 创建、更新及删除文档
    __call__ 函数简单用法
    《MongoDB权威指南》读书笔记 第一章 简介
    chr() ord() 的用法
    python 验证数据类型函数
  • 原文地址:https://www.cnblogs.com/Task/p/1741429.html
Copyright © 2020-2023  润新知