c# 扫描可疑文件(找到木马)(简)转



using System; using System.IO; using System.Text.RegularExpressions; using System.Threading; using System.Windows.Forms; using System.Net;   namespace TrojanScanning {      public partial class Form1 : Form      {          public Form1()          {              InitializeComponent();          }          delegate void SetTextCallback( string text);          delegate void SetTextCallback2( bool b);          delegate void SetTextCallback3(ListViewItem item);          private string fname, code;          private Thread thr;          private string [] sArray;            private void button1_Click( object sender, EventArgs e)          {              if (folderBrowserDialog1.ShowDialog() == DialogResult.OK)              {                  scanpath.Text = folderBrowserDialog1.SelectedPath;              }          }            private void startbtn_Click( object sender, EventArgs e)          {              list.Items.Clear();              fname = scanpath.Text;              thr = new Thread( new ThreadStart(scan));              thr.IsBackground = true ;              thr.Start();          }            private void scan(){              FileSystemInfo s = GetFileSystemInfo(fname);              if (s != null ) { scanbtn( false ); ListFiles(s); scantext( "扫描完成" ); scanbtn( true ); } else { MessageBox.Show( "请先选择要扫描的目录" ); }          }            public FileSystemInfo GetFileSystemInfo( string path){              if (File.Exists(path))                  return new FileInfo(path);              else if (Directory.Exists(path))                  return new DirectoryInfo(path);              else                  return null ;          }              private void ListFiles(FileSystemInfo info){              if (info.Exists){                  DirectoryInfo dir = info as DirectoryInfo;                  if (dir == null ) return ;                  try {                      FileSystemInfo[] files = dir.GetFileSystemInfos();                      for ( int i = 0; i < files.Length; i++){                          FileInfo file = files[i] as FileInfo;                          if (file != null && (file.Extension.ToLower() == ".asp" || file.Extension.ToLower() == ".php" || file.Extension.ToLower() == ".aspx" || file.Extension.ToLower() == ".master" ))                          {                              scantext( "扫描 " + file.FullName);                              chkfile(file.FullName,file.Length);                          } else {                              ListFiles(files[i]);                          }                      }                  }                  catch {}              }            }          private void chkfile( string filepath, long filesize)          {              try {                  if (IsFileInUse(filepath)) { System.Threading.Thread.Sleep(2000); chkfile(filepath,filesize); }                  StreamReader sr = new StreamReader(filepath);                  string content = sr.ReadToEnd();                  sr.Close();                  string chkr=chkcontent(content);                  if (chkr!= "" ){                      ListViewItem item = new ListViewItem( "可疑" );                      item.SubItems.Add(File.GetLastAccessTime(filepath).ToString());                      item.SubItems.Add(chkr);                      item.SubItems.Add(filepath);                      item.SubItems.Add((filesize/1024).ToString() + " kb" );                      addtiem(item);                  }              }              catch { }          }            private string downurl( string url)          {              WebClient client = new WebClient();              string result = client.DownloadString(url);              return result;          }          private void addtiem(ListViewItem item)          {              if ( this .list.InvokeRequired){                  SetTextCallback3 d = new SetTextCallback3(addtiem);                  this .Invoke(d, new object [] { item });              } else {                  this .list.Items.Add(item);              }          }          private void scantext( string text)          {              if ( this .scanstate.InvokeRequired)              {                  SetTextCallback d = new SetTextCallback(scantext);                  this .Invoke(d, new object [] { text });              } else {                  this .scanstate.Text=text;              }          }          private void scanbtn( bool b){              if ( this .startbtn.InvokeRequired){                  SetTextCallback2 d = new SetTextCallback2(scanbtn);                  this .Invoke(d, new object [] { b });              } else {                  this .startbtn.Enabled = b;                  this .scanpath.Enabled = b;                  this .button1.Enabled = b;              }          }          private string chkcontent( string content){              string returnval = "" ;              content = content.ToLower();              foreach ( string i in sArray)              {                  if (content.IndexOf(i)> -1){ returnval+=i+ "," ; }              }              if (returnval != "" ) { returnval=returnval.Substring(0, returnval.Length - 1); }              return returnval;          }            bool IsFileInUse( string fileName)          {              bool inUse = true ;              if (File.Exists(fileName))              {                  FileStream fs = null ;                  try { fs = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.None); inUse = false ; }                  catch { }                  finally { if (fs != null )fs.Close(); }                  return inUse;              }              else { return false ; }          }          private void Form1_Load( object sender, EventArgs e)          {              try {                  code = downurl( "http://www.cqeh.com/txt/trojan.txt" );                  sArray = code.ToLower().Split( '|' );              }              catch (Exception ex)              {                  MessageBox.Show( "错误：" + ex.Message, "无法启动程序!" , MessageBoxButtons.OK); Application.Exit();              }          }            private void list_DoubleClick( object sender, EventArgs e)          {              System.Diagnostics.Process.Start( "NOTEPAD.EXE" , list.SelectedItems[0].SubItems[3].Text);          }        } }

源代码包下载