c# 服务器上传木马监控代码(包含可疑文件)__private_string_this_DateTime_object_

当前位置: 编程技术>.net/c#/asp.net

c# 服务器上传木马监控代码(包含可疑文件)

来源: 互联网发布时间：2014-10-14

本文导语: 代码如下:using System; using System.IO; using System.Threading; using System.Windows.Forms; using System.Net; namespace TrojanMonitor { public partial class Form1 : Form { public Form1() { InitializeComponent(); } delegate void SetTextCallback(string text); private string fname,code,emailkey,...

代码如下:

using System; 
using System.IO; 
using System.Threading; 
using System.Windows.Forms; 
using System.Net; 
namespace TrojanMonitor 
{ 
public partial class Form1 : Form 
{ 
public Form1() 
{ 
InitializeComponent(); 
} 
delegate void SetTextCallback(string text); 
private string fname,code,emailkey,ip; 
private Thread thr; 
private void fsw_Changed(object sender, FileSystemEventArgs e) 
{//文件改动监控（包含了新增） 
fname = e.Name; 
thr = new Thread(new ThreadStart(chkfile)); 
thr.IsBackground = true; 
thr.Start(); 
} 
private void fsw_Renamed(object sender, RenamedEventArgs e) 
{//重命名监控 
fname = e.Name; 
thr = new Thread(new ThreadStart(chkfile)); 
thr.IsBackground = true; 
thr.Start(); 
} 
private void chkfile(){ 
string filename = fname; 
string content="",filepath=fsw.Path+@""+filename,fileName="",hzhui=""; 
fileName = Path.GetFileName(filename); 
hzhui = Path.GetExtension(filename).ToLower(); 
if (hzhui == ".asp" || hzhui == ".aspx" || hzhui == ".php" || hzhui == ".jpg" || hzhui == ".gif") 
{ 
try{ 
if (IsFileInUse(filename)) { System.Threading.Thread.Sleep(2000); chkfile(); } 
StreamReader sr = new StreamReader(filepath); 
content = sr.ReadToEnd(); 
sr.Close(); 
if (chkcontent(content)){ 
try{ 
string bakpath = Application.StartupPath + @"TrojanMonitorbak", 
logfile = bakpath + @"log" + DateTime.Today.ToShortDateString() + ".dat", 
newfile = bakpath + @"" + DateTime.Today.ToShortDateString() + @"", 
newfilepath = newfile + DateTime.Now.Hour.ToString() + "点" + DateTime.Now.Minute.ToString() + "分" + DateTime.Now.Second.ToString() + "秒" + DateTime.Now.Millisecond.ToString() + "毫秒-" + fileName; 
if (!Directory.Exists(bakpath)) { Directory.CreateDirectory(bakpath); } 
if (!Directory.Exists(newfile)) { Directory.CreateDirectory(newfile);} 
if (File.Exists(newfilepath)){File.Delete(newfilepath);} 
File.Move(filepath,newfilepath); 
string str = "[" + DateTime.Now + "] 发现可疑文件: [" + filepath + "] To [" + newfilepath + "]"; 
addtiem(str); 
StreamWriter sw = File.AppendText(logfile); 
sw.WriteLine(str + " rn");//写入日志 
sw.Flush(); 
sw.Close(); 
sw.Dispose(); 
downurl("http://www.cqeh.com/mail/?EmailSubject=发现可疑文件(" + ip + ")&EmailKey=" + emailkey + "&SendHtml=[" + ip + "][" + DateTime.Now + "] 发现可疑文件: [" + filepath + "]");//发送Email 
sw = File.AppendText(filepath); 
sw.WriteLine("此文件检测到有可疑问题！请联系管理员！"); 
sw.Flush(); 
sw.Close(); 
sw.Dispose(); 
} 
catch (Exception ex) { addtiem(ex.ToString()); } 
} 
} 
catch (Exception ex) { addtiem(ex.ToString()); } 
} 
} 
private string downurl(string url){ 
WebClient client = new WebClient(); 
string result=client.DownloadString(url); 
return result; 
} 
private void addtiem(string text){ 
if (this.lb.InvokeRequired){ 
SetTextCallback d = new SetTextCallback(addtiem); 
this.Invoke(d, new object[] { text }); 
} else { 
this.lb.Items.Add(text); 
} 
} 
private bool chkcontent(string content) 
{ 
bool returnval = false; 
string[] sArray = code.ToLower().Split('|'); 
content = content.ToLower(); 
foreach (string i in sArray) 
{ 
if (content.IndexOf(i)>-1){returnval=true;break;} 
} 
return returnval; 
} 
private void Form1_Load(object sender, EventArgs e){ 
ip = Dns.GetHostEntry(Environment.MachineName).AddressList[0].ToString(); 
string config = File.ReadAllText(Application.StartupPath + "//monitorpath.ini");//获取监控路径 d:wwwroot 
try{ 
code = downurl("http://www.cqeh.com/txt/trojan.txt"); 
　　　　　　　　　　//获取木马特征库 
filepath.Text = config; 
fsw.Path = config; 
emailkey = downurl("http://www.cqeh.com/txt/trojanemailkey.txt"); 
　　　　　　　　　　//获取发送email许可key; 
this.ShowInTaskbar=false; 
this.Visible = false; 
} 
catch (Exception ex){ 
MessageBox.Show("错误：" + ex.Message, "无法启动程序!", MessageBoxButtons.OK); Application.Exit(); 
} 
finally { } 
} 
bool IsFileInUse(string fileName){//判断文件是否使用中 
bool inUse = true; 
if (File.Exists(fileName)){ 
FileStream fs = null; 
try{fs = new FileStream(fileName, FileMode.Open, FileAccess.Read,FileShare.None);inUse = false;} 
catch{}finally{if (fs != null)fs.Close();} 
return inUse; 
}else{return false;} 
} 
private void notifyIcon1_MouseDoubleClick(object sender, MouseEventArgs e) 
{ 
this.Visible = true; 
this.WindowState = FormWindowState.Normal; 
this.ShowInTaskbar = true; 
} 
private void Form1_Resize(object sender, EventArgs e) 
{ 
if (this.WindowState == FormWindowState.Minimized){ 
this.ShowInTaskbar = false; 
this.Visible = false; 
} 
} 
private void 退出系统ToolStripMenuItem_Click_1(object sender, EventArgs e){ 
Application.Exit(); 
} 
private void 显示窗口ToolStripMenuItem_Click(object sender, EventArgs e){ 
this.Visible = true; 
this.WindowState = FormWindowState.Normal; 
this.ShowInTaskbar = true; 
} 
private void Form1_FormClosing(object sender, FormClosingEventArgs e){ 
this.ShowInTaskbar = false; 
this.Visible = false; 
e.Cancel = true; 
} 
} 
}

源码包下载

您可能感兴趣的文章:

用C#，asp.net 做的网站，能用Linux做服务器吗？

C#列出局域网中可用SQL Server服务器

c#判断数据库服务器是否启动

c#判断数据库服务器是否已经启动的方法

c#分页显示服务器上指定目录下的所有图片示例

C#自动设置IE代理服务器（翻墙软件）代码实现

C#实现的Socket服务器端、客户端代码分享

c# HttpWebRequest通过代理服务器抓取网页内容应用介绍

c#批量上传图片到服务器示例分享

c#获得目标服务器中所有数据库名、表名、列名的实现代码

服务器端C#实现的CSS解析器

c#多线程网络聊天程序代码分享(服务器端和客户端)

c#实现服务器性能监控并发送邮件保存日志

C#利用WMI操作DNS服务器(可远程操作,需要相应权限)

本站(WWW.)旨在分享和传播互联网科技相关的资讯和技术，将尽最大努力为读者提供更好的信息聚合和浏览方式。
本站(WWW.)站内文章除注明原创外，均为转载、整理或搜集自网络。欢迎任何形式的转载，转载请注明出处。