using System;
using System.IO;
using System.Text.RegularExpressions;
using System.Threading;
using System.Windows.Forms;
using System.Net;
namespace TrojanScanning
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
delegate void SetTextCallback( string text);
delegate void SetTextCallback2( bool b);
delegate void SetTextCallback3(ListViewItem item);
private string fname, code;
private Thread thr;
private string [] sArray;
private void button1_Click( object sender, EventArgs e)
{
if (folderBrowserDialog1.ShowDialog() == DialogResult.OK)
{
scanpath.Text = folderBrowserDialog1.SelectedPath;
}
}
private void startbtn_Click( object sender, EventArgs e)
{
list.Items.Clear();
fname = scanpath.Text;
thr = new Thread( new ThreadStart(scan));
thr.IsBackground = true ;
thr.Start();
}
private void scan(){
FileSystemInfo s = GetFileSystemInfo(fname);
if (s != null ) { scanbtn( false ); ListFiles(s); scantext( " 扫描完成 " ); scanbtn( true ); } else { MessageBox.Show( " 请先选择要扫描的目录 " ); }
}
public FileSystemInfo GetFileSystemInfo( string path){
if (File.Exists(path))
return new FileInfo(path);
else if (Directory.Exists(path))
return new DirectoryInfo(path);
else
return null ;
}
private void ListFiles(FileSystemInfo info){
if (info.Exists){
DirectoryInfo dir = info as DirectoryInfo;
if (dir == null ) return ;
try {
FileSystemInfo[] files = dir.GetFileSystemInfos();
for ( int i = 0 ; i < files.Length; i ++ ){
FileInfo file = files[i] as FileInfo;
if (file != null && (file.Extension.ToLower() == " .asp " || file.Extension.ToLower() == " .php " || file.Extension.ToLower() == " .aspx " || file.Extension.ToLower() == " .master " ))
{
scantext( " 扫描 " + file.FullName);
chkfile(file.FullName,file.Length);
} else {
ListFiles(files[i]);
}
}
}
catch {}
}
}
private void chkfile( string filepath, long filesize)
{
try {
if (IsFileInUse(filepath)) { System.Threading.Thread.Sleep( 2000 ); chkfile(filepath,filesize); }
StreamReader sr = new StreamReader(filepath);
string content = sr.ReadToEnd();
sr.Close();
string chkr = chkcontent(content);
if (chkr != "" ){
ListViewItem item = new ListViewItem( " 可疑 " );
item.SubItems.Add(File. GetLastAccessTime (filepath).ToString());
item.SubItems.Add(chkr);
item.SubItems.Add(filepath);
item.SubItems.Add((filesize / 1024 ).ToString() + " kb " );
addtiem(item);
}
}
catch { }
}
private string downurl( string url)
{
WebClient client = new WebClient();
string result = client.DownloadString(url);
return result;
}
private void addtiem(ListViewItem item)
{
if ( this .list.InvokeRequired){
SetTextCallback3 d = new SetTextCallback3(addtiem);
this .Invoke(d, new object [] { item });
} else {
this .list.Items.Add(item);
}
}
private void scantext( string text)
{
if ( this .scanstate.InvokeRequired)
{
SetTextCallback d = new SetTextCallback(scantext);
this .Invoke(d, new object [] { text });
} else {
this .scanstate.Text = text;
}
}
private void scanbtn( bool b){
if ( this .startbtn.InvokeRequired){
SetTextCallback2 d = new SetTextCallback2(scanbtn);
this .Invoke(d, new object [] { b });
} else {
this .startbtn.Enabled = b;
this .scanpath.Enabled = b;
this .button1.Enabled = b;
}
}
private string chkcontent( string content){
string returnval = "" ;
content = content.ToLower();
foreach ( string i in sArray)
{
if (content.IndexOf(i) > - 1 ){ returnval += i + " , " ; }
}
if (returnval != "" ) { returnval = returnval.Substring( 0 , returnval.Length - 1 ); }
return returnval;
}
bool IsFileInUse( string fileName)
{
bool inUse = true ;
if (File.Exists(fileName))
{
FileStream fs = null ;
try { fs = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.None); inUse = false ; }
catch { }
finally { if (fs != null )fs.Close(); }
return inUse;
}
else { return false ; }
}
private void Form1_Load( object sender, EventArgs e)
{
try {
code = downurl( " http://www.cqeh.com/txt/trojan.txt " );
sArray = code.ToLower().Split( ' | ' );
}
catch (Exception ex)
{
MessageBox.Show( " 错误: " + ex.Message, " 无法启动程序! " , MessageBoxButtons.OK); Application.Exit();
}
}
private void list_DoubleClick( object sender, EventArgs e)
{
System.Diagnostics.Process.Start( " NOTEPAD.EXE " , list.SelectedItems[ 0 ].SubItems[ 3 ].Text);
}
}
}
using System.IO;
using System.Text.RegularExpressions;
using System.Threading;
using System.Windows.Forms;
using System.Net;
namespace TrojanScanning
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
delegate void SetTextCallback( string text);
delegate void SetTextCallback2( bool b);
delegate void SetTextCallback3(ListViewItem item);
private string fname, code;
private Thread thr;
private string [] sArray;
private void button1_Click( object sender, EventArgs e)
{
if (folderBrowserDialog1.ShowDialog() == DialogResult.OK)
{
scanpath.Text = folderBrowserDialog1.SelectedPath;
}
}
private void startbtn_Click( object sender, EventArgs e)
{
list.Items.Clear();
fname = scanpath.Text;
thr = new Thread( new ThreadStart(scan));
thr.IsBackground = true ;
thr.Start();
}
private void scan(){
FileSystemInfo s = GetFileSystemInfo(fname);
if (s != null ) { scanbtn( false ); ListFiles(s); scantext( " 扫描完成 " ); scanbtn( true ); } else { MessageBox.Show( " 请先选择要扫描的目录 " ); }
}
public FileSystemInfo GetFileSystemInfo( string path){
if (File.Exists(path))
return new FileInfo(path);
else if (Directory.Exists(path))
return new DirectoryInfo(path);
else
return null ;
}
private void ListFiles(FileSystemInfo info){
if (info.Exists){
DirectoryInfo dir = info as DirectoryInfo;
if (dir == null ) return ;
try {
FileSystemInfo[] files = dir.GetFileSystemInfos();
for ( int i = 0 ; i < files.Length; i ++ ){
FileInfo file = files[i] as FileInfo;
if (file != null && (file.Extension.ToLower() == " .asp " || file.Extension.ToLower() == " .php " || file.Extension.ToLower() == " .aspx " || file.Extension.ToLower() == " .master " ))
{
scantext( " 扫描 " + file.FullName);
chkfile(file.FullName,file.Length);
} else {
ListFiles(files[i]);
}
}
}
catch {}
}
}
private void chkfile( string filepath, long filesize)
{
try {
if (IsFileInUse(filepath)) { System.Threading.Thread.Sleep( 2000 ); chkfile(filepath,filesize); }
StreamReader sr = new StreamReader(filepath);
string content = sr.ReadToEnd();
sr.Close();
string chkr = chkcontent(content);
if (chkr != "" ){
ListViewItem item = new ListViewItem( " 可疑 " );
item.SubItems.Add(File. GetLastAccessTime (filepath).ToString());
item.SubItems.Add(chkr);
item.SubItems.Add(filepath);
item.SubItems.Add((filesize / 1024 ).ToString() + " kb " );
addtiem(item);
}
}
catch { }
}
private string downurl( string url)
{
WebClient client = new WebClient();
string result = client.DownloadString(url);
return result;
}
private void addtiem(ListViewItem item)
{
if ( this .list.InvokeRequired){
SetTextCallback3 d = new SetTextCallback3(addtiem);
this .Invoke(d, new object [] { item });
} else {
this .list.Items.Add(item);
}
}
private void scantext( string text)
{
if ( this .scanstate.InvokeRequired)
{
SetTextCallback d = new SetTextCallback(scantext);
this .Invoke(d, new object [] { text });
} else {
this .scanstate.Text = text;
}
}
private void scanbtn( bool b){
if ( this .startbtn.InvokeRequired){
SetTextCallback2 d = new SetTextCallback2(scanbtn);
this .Invoke(d, new object [] { b });
} else {
this .startbtn.Enabled = b;
this .scanpath.Enabled = b;
this .button1.Enabled = b;
}
}
private string chkcontent( string content){
string returnval = "" ;
content = content.ToLower();
foreach ( string i in sArray)
{
if (content.IndexOf(i) > - 1 ){ returnval += i + " , " ; }
}
if (returnval != "" ) { returnval = returnval.Substring( 0 , returnval.Length - 1 ); }
return returnval;
}
bool IsFileInUse( string fileName)
{
bool inUse = true ;
if (File.Exists(fileName))
{
FileStream fs = null ;
try { fs = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.None); inUse = false ; }
catch { }
finally { if (fs != null )fs.Close(); }
return inUse;
}
else { return false ; }
}
private void Form1_Load( object sender, EventArgs e)
{
try {
code = downurl( " http://www.cqeh.com/txt/trojan.txt " );
sArray = code.ToLower().Split( ' | ' );
}
catch (Exception ex)
{
MessageBox.Show( " 错误: " + ex.Message, " 无法启动程序! " , MessageBoxButtons.OK); Application.Exit();
}
}
private void list_DoubleClick( object sender, EventArgs e)
{
System.Diagnostics.Process.Start( " NOTEPAD.EXE " , list.SelectedItems[ 0 ].SubItems[ 3 ].Text);
}
}
}
哦 写错了个地方 最后修改时间 GetLastAccessTime -> GetLastWriteTime
if (file != null && (file.Extension.ToLower() == ".asp" || file.Extension.ToLower() == ".php" || file.Extension.ToLower() == ".aspx" || file.Extension.ToLower() == ".master"))
{
scantext("扫描 " + file.FullName);
chkfile(file.FullName,file.Length);
可改
if (file != null)
{
string fe=file.Extension.ToLower();
if (fe == ".asp" || fe == ".php" || fe == ".aspx" || fe == ".master"){
scantext("扫描 " + file.FullName);
chkfile(file.FullName, file.Length);
}
转载于:https://www.cnblogs.com/Task/archive/2010/05/22/1741651.html