Csharp/C#教程:c# 服务器上传木马监控代码(包含可疑文件)分享

代码如下:
usingSystem;
usingSystem.IO;
usingSystem.Threading;
usingSystem.Windows.Forms;
usingSystem.Net;
namespaceTrojanMonitor
{
publicpartialclassForm1:Form
{
publicForm1()
{
InitializeComponent();
}
delegatevoidSetTextCallback(stringtext);
privatestringfname,code,emailkey,ip;
privateThreadthr;
privatevoidfsw_Changed(objectsender,FileSystemEventArgse)
{//文件改动监控(包含了新增)
fname=e.Name;
thr=newThread(newThreadStart(chkfile));
thr.IsBackground=true;
thr.Start();
}
privatevoidfsw_Renamed(objectsender,RenamedEventArgse)
{//重命名监控
fname=e.Name;
thr=newThread(newThreadStart(chkfile));
thr.IsBackground=true;
thr.Start();
}
privatevoidchkfile(){
stringfilename=fname;
stringcontent=””,filepath=fsw.Path+@””+filename,fileName=””,hzhui=””;
fileName=Path.GetFileName(filename);
hzhui=Path.GetExtension(filename).ToLower();
if(hzhui==”.asp”||hzhui==”.aspx”||hzhui==”.php”||hzhui==”.jpg”||hzhui==”.gif”)
{
try{
if(IsFileInUse(filename)){System.Threading.Thread.Sleep(2000);chkfile();}
StreamReadersr=newStreamReader(filepath);
content=sr.ReadToEnd();
sr.Close();
if(chkcontent(content)){
try{
stringbakpath=Application.StartupPath+@”TrojanMonitorbak”,
logfile=bakpath+@”log”+DateTime.Today.ToShortDateString()+”.dat”,
newfile=bakpath+@””+DateTime.Today.ToShortDateString()+@””,
newfilepath=newfile+DateTime.Now.Hour.ToString()+”点”+DateTime.Now.Minute.ToString()+”分”+DateTime.Now.Second.ToString()+”秒”+DateTime.Now.Millisecond.ToString()+”毫秒-“+fileName;
if(!Directory.Exists(bakpath)){Directory.CreateDirectory(bakpath);}
if(!Directory.Exists(newfile)){Directory.CreateDirectory(newfile);}
if(File.Exists(newfilepath)){File.Delete(newfilepath);}
File.Move(filepath,newfilepath);
stringstr=”[“+DateTime.Now+”]发现可疑文件:[“+filepath+”]To[“+newfilepath+”]”;
addtiem(str);
StreamWritersw=File.AppendText(logfile);
sw.WriteLine(str+”rn”);//写入日志
sw.Flush();
sw.Close();
sw.Dispose();
downurl(“https://www.cqeh.com/mail/?EmailSubject=发现可疑文件(“+ip+”)&EmailKey=”+emailkey+”&SendHtml=[“+ip+”][“+DateTime.Now+”]发现可疑文件:[“+filepath+”]”);//发送Email
sw=File.AppendText(filepath);
sw.WriteLine(“此文件检测到有可疑问题!请联系管理员!”);
sw.Flush();
sw.Close();
sw.Dispose();
}
catch(Exceptionex){addtiem(ex.ToString());}
}
}
catch(Exceptionex){addtiem(ex.ToString());}
}
}
privatestringdownurl(stringurl){
WebClientclient=newWebClient();
stringresult=client.DownloadString(url);
returnresult;
}
privatevoidaddtiem(stringtext){
if(this.lb.InvokeRequired){
SetTextCallbackd=newSetTextCallback(addtiem);
this.Invoke(d,newobject[]{text});
}else{
this.lb.Items.Add(text);
}
}
privateboolchkcontent(stringcontent)
{
boolreturnval=false;
string[]sArray=code.ToLower().Split(‘|’);
content=content.ToLower();
foreach(stringiinsArray)
{
if(content.IndexOf(i)>-1){returnval=true;break;}
}
returnreturnval;
}
privatevoidForm1_Load(objectsender,EventArgse){
ip=Dns.GetHostEntry(Environment.MachineName).AddressList[0].ToString();
stringconfig=File.ReadAllText(Application.StartupPath+”//monitorpath.ini”);//获取监控路径d:wwwroot
try{
code=downurl(“https://www.cqeh.com/txt/trojan.txt”);
          //获取木马特征库
filepath.Text=config;
fsw.Path=config;
emailkey=downurl(“https://www.cqeh.com/txt/trojanemailkey.txt”);
          //获取发送email许可key;
this.ShowInTaskbar=false;
this.Visible=false;
}
catch(Exceptionex){
MessageBox.Show(“错误:”+ex.Message,”无法启动程序!”,MessageBoxButtons.OK);Application.Exit();
}
finally{}
}
boolIsFileInUse(stringfileName){//判断文件是否使用中
boolinUse=true;
if(File .Exists(fileName)){
FileStreamfs=null;
try{fs=newFileStream(fileName,FileMode.Open,FileAccess.Read,FileShare.None);inUse=false;}
catch{}finally{if(fs!=null)fs.Close();}
returninUse;
}else{returnfalse;}
}
privatevoidnotifyIcon1_MouseDoubleClick(objectsender,MouseEventArgse)
{
this.Visible=true;
this.WindowState=FormWindowState.Normal;
this.ShowInTaskbar=true;
}
privatevoidForm1_Resize(objectsender,EventArgse)
{
if(this.WindowState==FormWindowState.Minimized){
this.ShowInTaskbar=false;
this.Visible=false;
}
}
privatevoid退出系统ToolStripMenuItem_Click_1(objectsender,EventArgse){
Application.Exit();
}
privatevoid显示窗口ToolStripMenuItem_Click(objectsender,EventArgse){
this.Visible=true;
this.WindowState=FormWindowState.Normal;
this.ShowInTaskbar=true;
}
privatevoidForm1_FormClosing(objectsender,FormClosingEventArgse){
this.ShowInTaskbar=false;
this.Visible=false;
e.Cancel=true;
}
}
}

源码包下载 您可能感兴趣的文章:c#实现数据同步的方法(使用文件监控对象filesystemwatcher)C#的FileSystemWatcher用法实例详解c#使用filesystemwatcher实时监控文件目录的添加和删除c#使用filesystemwatcher监视文件系统的变化C#采用FileSystemWatcher实现监视磁盘文件变更的方法C#监控文件夹变化的方法C#判断本地文件是否处于打开状态的方法c#共享状态的文件读写实现代码C#使用FileSystemWatcher控件实现的文件监控功能示例

标签: c# 服务器 监控

浅析string 与char* char[]之间的转换

QString和char以及string之间的赋值详解

上述就是C#学习教程:c# 服务器上传木马监控代码(包含可疑文件)分享的全部内容,如果对大家有所用处且需要了解更多关于C#学习教程,希望大家多多关注—计算机技术网(www.ctvol.com)!

本文来自网络收集,不代表计算机技术网立场,如涉及侵权请联系管理员删除。

ctvol管理联系方式QQ:251552304

本文章地址:https://www.ctvol.com/cdevelopment/904259.html

(0)
上一篇 2021年10月21日
下一篇 2021年10月21日

精彩推荐