位置：广州松河 > 技术支持 > c# 监控服务器上传木马(包含可疑文件)

c# 监控服务器上传木马(包含可疑文件)

来源：网络整理时间：2023/2/14 1:07:12 共 3641 浏览

using System;
using System.IO;
using System.Threading;
using System.Windows.Forms;
using System.Net;

namespace TrojanMonitor
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }
        delegate void SetTextCallback(string text);
        private string fname,code,emailkey,ip;
        private Thread thr;

        private void fsw_Changed(object sender, FileSystemEventArgs e)
        {//文件改动监控（包含了新增）
            fname = e.Name;
            thr = new Thread(new ThreadStart(chkfile));
            thr.IsBackground = true;
            thr.Start();
        }
        private void fsw_Renamed(object sender, RenamedEventArgs e)
        {//重命名监控
            fname = e.Name;
            thr = new Thread(new ThreadStart(chkfile));
            thr.IsBackground = true;
            thr.Start();
        }

        private void chkfile(){
            string filename = fname;
           string content="",filepath=fsw.Path+@"\"+filename,fileName="",hzhui="";

          fileName = Path.GetFileName(filename);
          hzhui = Path.GetExtension(filename).ToLower();
          if (hzhui == ".asp" || hzhui == ".aspx" || hzhui == ".php" || hzhui == ".jpg" || hzhui == ".gif")
          {
              try{
              if (IsFileInUse(filename)) { System.Threading.Thread.Sleep(2000); chkfile(); }
              StreamReader sr = new StreamReader(filepath);
              content = sr.ReadToEnd();
              sr.Close();
              if (chkcontent(content)){
                  try{
                  string bakpath = Application.StartupPath + @"\TrojanMonitorbak",
                      logfile = bakpath + @"\log" + DateTime.Today.ToShortDateString() + ".dat",
                    newfile = bakpath + @"\" + DateTime.Today.ToShortDateString() + @"\",
                    newfilepath = newfile + DateTime.Now.Hour.ToString() + "点" + DateTime.Now.Minute.ToString() + "分" + DateTime.Now.Second.ToString() + "秒" + DateTime.Now.Millisecond.ToString() + "毫秒-" + fileName;

                  if (!Directory.Exists(bakpath)) { Directory.CreateDirectory(bakpath); }
                  if (!Directory.Exists(newfile)) { Directory.CreateDirectory(newfile);}
                  if (File.Exists(newfilepath)){File.Delete(newfilepath);}

                  File.Move(filepath,newfilepath);
                      string str = "[" + DateTime.Now + "] 发现可疑文件: [" + filepath + "] To [" + newfilepath + "]";
                      addtiem(str);

                  StreamWriter sw = File.AppendText(logfile);
                  sw.WriteLine(str + " \r\n");//写入日志
                  sw.Flush();
                  sw.Close();
                  sw.Dispose();
                  downurl("http://www.cqeh.com/mail/?EmailSubject=发现可疑文件(" + ip + ")&EmailKey=" + emailkey + "&SendHtml=[" + ip + "][" + DateTime.Now + "] 发现可疑文件: [" + filepath + "]");//发送Email
                  sw = File.AppendText(filepath);
                  sw.WriteLine("此文件检测到有可疑问题！请联系管理员！");
                  sw.Flush();
                  sw.Close();
                  sw.Dispose();
              }
              catch (Exception ex) { addtiem(ex.ToString()); }
             }
            }
            catch (Exception ex) { addtiem(ex.ToString()); }
          }
        }

        private string downurl(string url){
            WebClient client = new WebClient();
            string result=client.DownloadString(url);
            return result;
        }

        private void addtiem(string text){
            if (this.lb.InvokeRequired){
                SetTextCallback d = new SetTextCallback(addtiem);
                this.Invoke(d, new object[] { text });
            } else {
                this.lb.Items.Add(text);
            }
        }
        private bool chkcontent(string content)
        {
            bool returnval = false;
            string[] sArray = code.ToLower().Split('|');
            content = content.ToLower();
            foreach (string i in sArray)
            {
                if (content.IndexOf(i)>-1){returnval=true;break;}
            }
            return returnval;
        }
        private void Form1_Load(object sender, EventArgs e){
            ip = Dns.GetHostEntry(Environment.MachineName).AddressList[0].ToString();
            string config = File.ReadAllText(Application.StartupPath + "//monitorpath.ini");//获取监控路径 d:\wwwroot
            try{
                code = downurl("http://www.cqeh.com/txt/trojan.txt"); //获取木马特征库
                filepath.Text = config;
                fsw.Path = config;
                emailkey = downurl("http://www.cqeh.com/txt/trojanemailkey.txt"); //获取发送email许可key;
                this.ShowInTaskbar=false;
                this.Visible = false;
            }
            catch (Exception ex){
                MessageBox.Show("错误：" + ex.Message, "无法启动程序!", MessageBoxButtons.OK); Application.Exit();
            }
            finally { }

        }
        bool IsFileInUse(string fileName){//判断文件是否使用中
            bool inUse = true;
            if (File.Exists(fileName)){
                FileStream fs = null;
                try{fs = new FileStream(fileName, FileMode.Open, FileAccess.Read,FileShare.None);inUse = false;}
                catch{}finally{if (fs != null)fs.Close();}
                return inUse;
            }else{return false;}
        }
        private void notifyIcon1_MouseDoubleClick(object sender, MouseEventArgs e)
        {
            this.Visible = true;
            this.WindowState = FormWindowState.Normal;
            this.ShowInTaskbar = true;
        }
        private void Form1_Resize(object sender, EventArgs e)
        {
            if (this.WindowState == FormWindowState.Minimized){
                this.ShowInTaskbar = false;
                this.Visible = false;
            }
        }
        private void 退出系统ToolStripMenuItem_Click_1(object sender, EventArgs e){
            Application.Exit();
        }
        private void 显示窗口ToolStripMenuItem_Click(object sender, EventArgs e){
            this.Visible = true;
            this.WindowState = FormWindowState.Normal;
            this.ShowInTaskbar = true;
        }
        private void Form1_FormClosing(object sender, FormClosingEventArgs e){
            this.ShowInTaskbar = false;
            this.Visible = false;
            e.Cancel = true;
        }
    }
}

源码包下载

版权说明：
本网站凡注明“广州松河原创”的皆为本站原创文章，如需转载请注明出处！
本网转载皆注明出处，遵循行业规范，如发现作品内容版权或其它问题的，请与我们联系处理！
欢迎扫描右侧微信二维码与我们联系。

·上一条：c#.net全站防止SQL注入类的代码 | ·下一条：IIS取消文件夹下的文件脚本执行权限，禁止webshell木马运行