using
System;
using System.IO;
using System.Threading;
using System.Windows.Forms;
using System.Net;
namespace TrojanMonitor
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
delegate void SetTextCallback( string text);
private string fname,code,emailkey,ip;
private Thread thr;
private void fsw_Changed( object sender, FileSystemEventArgs e)
{//文件改动监控(包含了新增)
fname = e.Name;
thr = new Thread( new ThreadStart(chkfile));
thr.IsBackground = true ;
thr.Start();
}
private void fsw_Renamed( object sender, RenamedEventArgs e)
{//重命名监控
fname = e.Name;
thr = new Thread( new ThreadStart(chkfile));
thr.IsBackground = true ;
thr.Start();
}
private void chkfile(){
string filename = fname;
string content = "" ,filepath = fsw.Path + @" \ " + filename,fileName = "" ,hzhui = "" ;
fileName = Path.GetFileName(filename);
hzhui = Path.GetExtension(filename).ToLower();
if (hzhui == " .asp " || hzhui == " .aspx " || hzhui == " .php " || hzhui == " .jpg " || hzhui == " .gif " )
{
try {
if (IsFileInUse(filename)) { System.Threading.Thread.Sleep( 2000 ); chkfile(); }
StreamReader sr = new StreamReader(filepath);
content = sr.ReadToEnd();
sr.Close();
if (chkcontent(content)){
try {
string bakpath = Application.StartupPath + @" \TrojanMonitorbak " ,
logfile = bakpath + @" \log " + DateTime.Today.ToShortDateString() + " .dat " ,
newfile = bakpath + @" \ " + DateTime.Today.ToShortDateString() + @" \ " ,
newfilepath = newfile + DateTime.Now.Hour.ToString() + " 点 " + DateTime.Now.Minute.ToString() + " 分 " + DateTime.Now.Second.ToString() + " 秒 " + DateTime.Now.Millisecond.ToString() + " 毫秒- " + fileName;
if ( ! Directory.Exists(bakpath)) { Directory.CreateDirectory(bakpath); }
if ( ! Directory.Exists(newfile)) { Directory.CreateDirectory(newfile);}
if (File.Exists(newfilepath)){File.Delete(newfilepath);}
File.Move(filepath,newfilepath);
string str = " [ " + DateTime.Now + " ] 发现可疑文件: [ " + filepath + " ] To [ " + newfilepath + " ] " ;
addtiem(str);
StreamWriter sw = File.AppendText(logfile);
sw.WriteLine(str + " \r\n " );//写入日志
sw.Flush();
sw.Close();
sw.Dispose();
downurl( " http://www.cqeh.com/mail/?EmailSubject=发现可疑文件( " + ip + " )&EmailKey= " + emailkey + " &SendHtml=[ " + ip + " ][ " + DateTime.Now + " ] 发现可疑文件: [ " + filepath + " ] " );//发送Email
sw = File.AppendText(filepath);
sw.WriteLine( " 此文件检测到有可疑问题!请联系管理员! " );
sw.Flush();
sw.Close();
sw.Dispose();
}
catch (Exception ex) { addtiem(ex.ToString()); }
}
}
catch (Exception ex) { addtiem(ex.ToString()); }
}
}
private string downurl( string url){
WebClient client = new WebClient();
string result = client.DownloadString(url);
return result;
}
private void addtiem( string text){
if ( this .lb.InvokeRequired){
SetTextCallback d = new SetTextCallback(addtiem);
this .Invoke(d, new object [] { text });
} else {
this .lb.Items.Add(text);
}
}
private bool chkcontent( string content)
{
bool returnval = false ;
string [] sArray = code.ToLower().Split( ' | ' );
content = content.ToLower();
foreach ( string i in sArray)
{
if (content.IndexOf(i) >- 1 ){returnval = true ; break ;}
}
return returnval;
}
private void Form1_Load( object sender, EventArgs e){
ip = Dns.GetHostEntry(Environment.MachineName).AddressList[ 0 ].ToString();
string config = File.ReadAllText(Application.StartupPath + " //monitorpath.ini " );//获取监控路径 d:\wwwroot
try {
code = downurl( " http://www.cqeh.com/txt/trojan.txt " );
using System.IO;
using System.Threading;
using System.Windows.Forms;
using System.Net;
namespace TrojanMonitor
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
delegate void SetTextCallback( string text);
private string fname,code,emailkey,ip;
private Thread thr;
private void fsw_Changed( object sender, FileSystemEventArgs e)
{//文件改动监控(包含了新增)
fname = e.Name;
thr = new Thread( new ThreadStart(chkfile));
thr.IsBackground = true ;
thr.Start();
}
private void fsw_Renamed( object sender, RenamedEventArgs e)
{//重命名监控
fname = e.Name;
thr = new Thread( new ThreadStart(chkfile));
thr.IsBackground = true ;
thr.Start();
}
private void chkfile(){
string filename = fname;
string content = "" ,filepath = fsw.Path + @" \ " + filename,fileName = "" ,hzhui = "" ;
fileName = Path.GetFileName(filename);
hzhui = Path.GetExtension(filename).ToLower();
if (hzhui == " .asp " || hzhui == " .aspx " || hzhui == " .php " || hzhui == " .jpg " || hzhui == " .gif " )
{
try {
if (IsFileInUse(filename)) { System.Threading.Thread.Sleep( 2000 ); chkfile(); }
StreamReader sr = new StreamReader(filepath);
content = sr.ReadToEnd();
sr.Close();
if (chkcontent(content)){
try {
string bakpath = Application.StartupPath + @" \TrojanMonitorbak " ,
logfile = bakpath + @" \log " + DateTime.Today.ToShortDateString() + " .dat " ,
newfile = bakpath + @" \ " + DateTime.Today.ToShortDateString() + @" \ " ,
newfilepath = newfile + DateTime.Now.Hour.ToString() + " 点 " + DateTime.Now.Minute.ToString() + " 分 " + DateTime.Now.Second.ToString() + " 秒 " + DateTime.Now.Millisecond.ToString() + " 毫秒- " + fileName;
if ( ! Directory.Exists(bakpath)) { Directory.CreateDirectory(bakpath); }
if ( ! Directory.Exists(newfile)) { Directory.CreateDirectory(newfile);}
if (File.Exists(newfilepath)){File.Delete(newfilepath);}
File.Move(filepath,newfilepath);
string str = " [ " + DateTime.Now + " ] 发现可疑文件: [ " + filepath + " ] To [ " + newfilepath + " ] " ;
addtiem(str);
StreamWriter sw = File.AppendText(logfile);
sw.WriteLine(str + " \r\n " );//写入日志
sw.Flush();
sw.Close();
sw.Dispose();
downurl( " http://www.cqeh.com/mail/?EmailSubject=发现可疑文件( " + ip + " )&EmailKey= " + emailkey + " &SendHtml=[ " + ip + " ][ " + DateTime.Now + " ] 发现可疑文件: [ " + filepath + " ] " );//发送Email
sw = File.AppendText(filepath);
sw.WriteLine( " 此文件检测到有可疑问题!请联系管理员! " );
sw.Flush();
sw.Close();
sw.Dispose();
}
catch (Exception ex) { addtiem(ex.ToString()); }
}
}
catch (Exception ex) { addtiem(ex.ToString()); }
}
}
private string downurl( string url){
WebClient client = new WebClient();
string result = client.DownloadString(url);
return result;
}
private void addtiem( string text){
if ( this .lb.InvokeRequired){
SetTextCallback d = new SetTextCallback(addtiem);
this .Invoke(d, new object [] { text });
} else {
this .lb.Items.Add(text);
}
}
private bool chkcontent( string content)
{
bool returnval = false ;
string [] sArray = code.ToLower().Split( ' | ' );
content = content.ToLower();
foreach ( string i in sArray)
{
if (content.IndexOf(i) >- 1 ){returnval = true ; break ;}
}
return returnval;
}
private void Form1_Load( object sender, EventArgs e){
ip = Dns.GetHostEntry(Environment.MachineName).AddressList[ 0 ].ToString();
string config = File.ReadAllText(Application.StartupPath + " //monitorpath.ini " );//获取监控路径 d:\wwwroot
try {
code = downurl( " http://www.cqeh.com/txt/trojan.txt " );
//获取木马特征库
filepath.Text = config;
fsw.Path = config;
emailkey = downurl( " http://www.cqeh.com/txt/trojanemailkey.txt " );
filepath.Text = config;
fsw.Path = config;
emailkey = downurl( " http://www.cqeh.com/txt/trojanemailkey.txt " );
//获取发送email许可key;
this .ShowInTaskbar = false ;
this .Visible = false ;
}
catch (Exception ex){
MessageBox.Show( " 错误: " + ex.Message, " 无法启动程序! " , MessageBoxButtons.OK); Application.Exit();
}
finally { }
}
bool IsFileInUse( string fileName){//判断文件是否使用中
bool inUse = true ;
if (File.Exists(fileName)){
FileStream fs = null ;
try {fs = new FileStream(fileName, FileMode.Open, FileAccess.Read,FileShare.None);inUse = false ;}
catch {} finally { if (fs != null )fs.Close();}
return inUse;
} else { return false ;}
}
private void notifyIcon1_MouseDoubleClick( object sender, MouseEventArgs e)
{
this .Visible = true ;
this .WindowState = FormWindowState.Normal;
this .ShowInTaskbar = true ;
}
private void Form1_Resize( object sender, EventArgs e)
{
if ( this .WindowState == FormWindowState.Minimized){
this .ShowInTaskbar = false ;
this .Visible = false ;
}
}
private void 退出系统ToolStripMenuItem_Click_1( object sender, EventArgs e){
Application.Exit();
}
private void 显示窗口ToolStripMenuItem_Click( object sender, EventArgs e){
this .Visible = true ;
this .WindowState = FormWindowState.Normal;
this .ShowInTaskbar = true ;
}
private void Form1_FormClosing( object sender, FormClosingEventArgs e){
this .ShowInTaskbar = false ;
this .Visible = false ;
e.Cancel = true ;
}
}
}
this .ShowInTaskbar = false ;
this .Visible = false ;
}
catch (Exception ex){
MessageBox.Show( " 错误: " + ex.Message, " 无法启动程序! " , MessageBoxButtons.OK); Application.Exit();
}
finally { }
}
bool IsFileInUse( string fileName){//判断文件是否使用中
bool inUse = true ;
if (File.Exists(fileName)){
FileStream fs = null ;
try {fs = new FileStream(fileName, FileMode.Open, FileAccess.Read,FileShare.None);inUse = false ;}
catch {} finally { if (fs != null )fs.Close();}
return inUse;
} else { return false ;}
}
private void notifyIcon1_MouseDoubleClick( object sender, MouseEventArgs e)
{
this .Visible = true ;
this .WindowState = FormWindowState.Normal;
this .ShowInTaskbar = true ;
}
private void Form1_Resize( object sender, EventArgs e)
{
if ( this .WindowState == FormWindowState.Minimized){
this .ShowInTaskbar = false ;
this .Visible = false ;
}
}
private void 退出系统ToolStripMenuItem_Click_1( object sender, EventArgs e){
Application.Exit();
}
private void 显示窗口ToolStripMenuItem_Click( object sender, EventArgs e){
this .Visible = true ;
this .WindowState = FormWindowState.Normal;
this .ShowInTaskbar = true ;
}
private void Form1_FormClosing( object sender, FormClosingEventArgs e){
this .ShowInTaskbar = false ;
this .Visible = false ;
e.Cancel = true ;
}
}
}