文件实时监控是一个杀毒软件的重要功能,时刻阻止病毒侵入系统,远比中毒后再杀毒效果要好的多,亡羊补牢在电脑使用过程中是常常会晚的,以下是一个基本的实现
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <windows.h>
#include <tchar.h>
#include <io.h>
#define MD5_FILE_PATH _T("C:\\MD5.txt")
#define WATCH_DIRECTORY _T("C:\\") // 修改为想要监视的目录
#define MAX_MD5_COUNT 1000 // 假设MD5.txt中最多有1000个MD5值
#define MD5_LENGTH 33 // MD5字符串长度(包括终止符)
int ReadMD5File(TCHAR* filePath, TCHAR md5Values[MAX_MD5_COUNT][MD5_LENGTH]) {
if (filePath == NULL || md5Values == NULL) {
_tprintf(_T("无效的参数\n"));
return 0;
}
FILE* file = _tfopen(filePath, _T("r"));
if (file == NULL) {
_tprintf(_T("无法打开MD5文件\n"));
return 0;
}
int count = 0;
while (fgets(md5Values[count], MD5_LENGTH, file) && count < MAX_MD5_COUNT) {
md5Values[count][strcspn(md5Values[count], _T("\n"))] = 0; // 删除换行符
count++;
}
fclose(file);
return count; // 返回成功读取的MD5值的数量
}
int main() {
TCHAR md5Values[MAX_MD5_COUNT][MD5_LENGTH];
int md5Count = ReadMD5File(MD5_FILE_PATH, md5Values);
if (md5Count == 0) {
_tprintf(_T("无法读取MD5值\n"));
return 1;
}
HANDLE hDir = CreateFile(WATCH_DIRECTORY, FILE_LIST_DIRECTORY, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL);
if (hDir == INVALID_HANDLE_VALUE) {
_tprintf(_T("无法打开监视目录\n"));
return 1;
}
char aa[]="MD5.txt";
FILE_NOTIFY_INFORMATION buffer[1024];
DWORD bytesReturned;
while (ReadDirectoryChangesW(hDir, buffer, sizeof(buffer), TRUE, FILE_NOTIFY_CHANGE_FILE_NAME, &bytesReturned, NULL, NULL)) {
FILE_NOTIFY_INFORMATION* fni = buffer;
do {
if (fni->Action == FILE_ACTION_ADDED) {
TCHAR fullPath[MAX_PATH];
_stprintf(fullPath, _T("%s\\%s"), WATCH_DIRECTORY,fni->FileName);
TCHAR newFileMD5[MD5_LENGTH];
ReadMD5File(fullPath, newFileMD5); // 计算新文件的MD5值
int i;
for (i = 0; i < md5Count && _tcscmp(md5Values[i], newFileMD5) != 0; i++) {
// 寻找匹配的MD5值
}
if (i < md5Count) {
DeleteFile(fullPath);
_tprintf(_T("已删除文件: %s\n"), fullPath);
}
}
fni = (FILE_NOTIFY_INFORMATION*)(((LPBYTE)fni + fni->NextEntryOffset));
} while (fni->NextEntryOffset && bytesReturned >= fni->NextEntryOffset);
}
CloseHandle(hDir);
return 0;
}
由于作者能力,时间有限,代码可能有一些问题,欢迎大家指出