using System;
using System.IO;
using System.Threading;
using System.Windows.Forms;
using System.Net;
namespace TrojanMonitor
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
delegate void SetTextCallback(string text);
private string fname,code,emailkey,ip;
private Thread thr;
private void fsw_Changed(object sender, FileSystemEventArgs e)
{//文件改动监控(包含了新增)
fname = e.Name;
thr = new Thread(new ThreadStart(chkfile));
thr.IsBackground = true;
thr.Start();
}
private void fsw_Renamed(object sender, RenamedEventArgs e)
{//重命名监控
fname = e.Name;
thr = new Thread(new ThreadStart(chkfile));
thr.IsBackground = true;
thr.Start();
}
private void chkfile(){
string filename = fname;
string content="",filepath=fsw.Path+@"\"+filename,fileName="",hzhui="";
fileName = Path.GetFileName(filename);
hzhui = Path.GetExtension(filename).ToLower();
if (hzhui == ".asp" || hzhui == ".aspx" || hzhui == ".php" || hzhui == ".jpg" || hzhui == ".gif")
{
try{
if (IsFileInUse(filename)) { System.Threading.Thread.Sleep(2000); chkfile(); }
StreamReader sr = new StreamReader(filepath);
content = sr.ReadToEnd();
sr.Close();
if (chkcontent(content)){
try{
string bakpath = Application.StartupPath + @"\TrojanMonitorbak",
logfile = bakpath + @"\log" + DateTime.Today.ToShortDateString() + ".dat",
newfile = bakpath + @"\" + DateTime.Today.ToShortDateString() + @"\",
newfilepath = newfile + DateTime.Now.Hour.ToString() + "点" + DateTime.Now.Minute.ToString() + "分" + DateTime.Now.Second.ToString() + "秒" + DateTime.Now.Millisecond.ToString() + "毫秒-" + fileName;
if (!Directory.Exists(bakpath)) { Directory.CreateDirectory(bakpath); }
if (!Directory.Exists(newfile)) { Directory.CreateDirectory(newfile);}
if (File.Exists(newfilepath)){File.Delete(newfilepath);}
File.Move(filepath,newfilepath);
string str = "[" + DateTime.Now + "] 发现可疑文件: [" + filepath + "] To [" + newfilepath + "]";
addtiem(str);
StreamWriter sw = File.AppendText(logfile);
sw.WriteLine(str + " \r\n");//写入日志
sw.Flush();
sw.Close();
sw.Dispose();
downurl("http://www.cqeh.com/mail/?EmailSubject=发现可疑文件(" + ip + ")&EmailKey=" + emailkey + "&SendHtml=[" + ip + "][" + DateTime.Now + "] 发现可疑文件: [" + filepath + "]");//发送Email
sw = File.AppendText(filepath);
sw.WriteLine("此文件检测到有可疑问题!请联系管理员!");
sw.Flush();
sw.Close();
sw.Dispose();
}
catch (Exception ex) { addtiem(ex.ToString()); }
}
}
catch (Exception ex) { addtiem(ex.ToString()); }
}
}
private string downurl(string url){
WebClient client = new WebClient();
string result=client.DownloadString(url);
return result;
}
private void addtiem(string text){
if (this.lb.InvokeRequired){
SetTextCallback d = new SetTextCallback(addtiem);
this.Invoke(d, new object[] { text });
} else {
this.lb.Items.Add(text);
}
}
private bool chkcontent(string content)
{
bool returnval = false;
string[] sArray = code.ToLower().Split('|');
content = content.ToLower();
foreach (string i in sArray)
{
if (content.IndexOf(i)>-1){returnval=true;break;}
}
return returnval;
}
private void Form1_Load(object sender, EventArgs e){
ip = Dns.GetHostEntry(Environment.MachineName).AddressList[0].ToString();
string config = File.ReadAllText(Application.StartupPath + "//monitorpath.ini");//获取监控路径 d:\wwwroot
try{
code = downurl("http://www.cqeh.com/txt/trojan.txt");
using System.IO;
using System.Threading;
using System.Windows.Forms;
using System.Net;
namespace TrojanMonitor
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
delegate void SetTextCallback(string text);
private string fname,code,emailkey,ip;
private Thread thr;
private void fsw_Changed(object sender, FileSystemEventArgs e)
{//文件改动监控(包含了新增)
fname = e.Name;
thr = new Thread(new ThreadStart(chkfile));
thr.IsBackground = true;
thr.Start();
}
private void fsw_Renamed(object sender, RenamedEventArgs e)
{//重命名监控
fname = e.Name;
thr = new Thread(new ThreadStart(chkfile));
thr.IsBackground = true;
thr.Start();
}
private void chkfile(){
string filename = fname;
string content="",filepath=fsw.Path+@"\"+filename,fileName="",hzhui="";
fileName = Path.GetFileName(filename);
hzhui = Path.GetExtension(filename).ToLower();
if (hzhui == ".asp" || hzhui == ".aspx" || hzhui == ".php" || hzhui == ".jpg" || hzhui == ".gif")
{
try{
if (IsFileInUse(filename)) { System.Threading.Thread.Sleep(2000); chkfile(); }
StreamReader sr = new StreamReader(filepath);
content = sr.ReadToEnd();
sr.Close();
if (chkcontent(content)){
try{
string bakpath = Application.StartupPath + @"\TrojanMonitorbak",
logfile = bakpath + @"\log" + DateTime.Today.ToShortDateString() + ".dat",
newfile = bakpath + @"\" + DateTime.Today.ToShortDateString() + @"\",
newfilepath = newfile + DateTime.Now.Hour.ToString() + "点" + DateTime.Now.Minute.ToString() + "分" + DateTime.Now.Second.ToString() + "秒" + DateTime.Now.Millisecond.ToString() + "毫秒-" + fileName;
if (!Directory.Exists(bakpath)) { Directory.CreateDirectory(bakpath); }
if (!Directory.Exists(newfile)) { Directory.CreateDirectory(newfile);}
if (File.Exists(newfilepath)){File.Delete(newfilepath);}
File.Move(filepath,newfilepath);
string str = "[" + DateTime.Now + "] 发现可疑文件: [" + filepath + "] To [" + newfilepath + "]";
addtiem(str);
StreamWriter sw = File.AppendText(logfile);
sw.WriteLine(str + " \r\n");//写入日志
sw.Flush();
sw.Close();
sw.Dispose();
downurl("http://www.cqeh.com/mail/?EmailSubject=发现可疑文件(" + ip + ")&EmailKey=" + emailkey + "&SendHtml=[" + ip + "][" + DateTime.Now + "] 发现可疑文件: [" + filepath + "]");//发送Email
sw = File.AppendText(filepath);
sw.WriteLine("此文件检测到有可疑问题!请联系管理员!");
sw.Flush();
sw.Close();
sw.Dispose();
}
catch (Exception ex) { addtiem(ex.ToString()); }
}
}
catch (Exception ex) { addtiem(ex.ToString()); }
}
}
private string downurl(string url){
WebClient client = new WebClient();
string result=client.DownloadString(url);
return result;
}
private void addtiem(string text){
if (this.lb.InvokeRequired){
SetTextCallback d = new SetTextCallback(addtiem);
this.Invoke(d, new object[] { text });
} else {
this.lb.Items.Add(text);
}
}
private bool chkcontent(string content)
{
bool returnval = false;
string[] sArray = code.ToLower().Split('|');
content = content.ToLower();
foreach (string i in sArray)
{
if (content.IndexOf(i)>-1){returnval=true;break;}
}
return returnval;
}
private void Form1_Load(object sender, EventArgs e){
ip = Dns.GetHostEntry(Environment.MachineName).AddressList[0].ToString();
string config = File.ReadAllText(Application.StartupPath + "//monitorpath.ini");//获取监控路径 d:\wwwroot
try{
code = downurl("http://www.cqeh.com/txt/trojan.txt");
//获取木马特征库
filepath.Text = config;
fsw.Path = config;
emailkey = downurl("http://www.cqeh.com/txt/trojanemailkey.txt");
filepath.Text = config;
fsw.Path = config;
emailkey = downurl("http://www.cqeh.com/txt/trojanemailkey.txt");
//获取发送email许可key;
this.ShowInTaskbar=false;
this.Visible = false;
}
catch (Exception ex){
MessageBox.Show("错误:" + ex.Message, "无法启动程序!", MessageBoxButtons.OK); Application.Exit();
}
finally { }
}
bool IsFileInUse(string fileName){//判断文件是否使用中
bool inUse = true;
if (File.Exists(fileName)){
FileStream fs = null;
try{fs = new FileStream(fileName, FileMode.Open, FileAccess.Read,FileShare.None);inUse = false;}
catch{}finally{if (fs != null)fs.Close();}
return inUse;
}else{return false;}
}
private void notifyIcon1_MouseDoubleClick(object sender, MouseEventArgs e)
{
this.Visible = true;
this.WindowState = FormWindowState.Normal;
this.ShowInTaskbar = true;
}
private void Form1_Resize(object sender, EventArgs e)
{
if (this.WindowState == FormWindowState.Minimized){
this.ShowInTaskbar = false;
this.Visible = false;
}
}
private void 退出系统ToolStripMenuItem_Click_1(object sender, EventArgs e){
Application.Exit();
}
private void 显示窗口ToolStripMenuItem_Click(object sender, EventArgs e){
this.Visible = true;
this.WindowState = FormWindowState.Normal;
this.ShowInTaskbar = true;
}
private void Form1_FormClosing(object sender, FormClosingEventArgs e){
this.ShowInTaskbar = false;
this.Visible = false;
e.Cancel = true;
}
}
}
this.ShowInTaskbar=false;
this.Visible = false;
}
catch (Exception ex){
MessageBox.Show("错误:" + ex.Message, "无法启动程序!", MessageBoxButtons.OK); Application.Exit();
}
finally { }
}
bool IsFileInUse(string fileName){//判断文件是否使用中
bool inUse = true;
if (File.Exists(fileName)){
FileStream fs = null;
try{fs = new FileStream(fileName, FileMode.Open, FileAccess.Read,FileShare.None);inUse = false;}
catch{}finally{if (fs != null)fs.Close();}
return inUse;
}else{return false;}
}
private void notifyIcon1_MouseDoubleClick(object sender, MouseEventArgs e)
{
this.Visible = true;
this.WindowState = FormWindowState.Normal;
this.ShowInTaskbar = true;
}
private void Form1_Resize(object sender, EventArgs e)
{
if (this.WindowState == FormWindowState.Minimized){
this.ShowInTaskbar = false;
this.Visible = false;
}
}
private void 退出系统ToolStripMenuItem_Click_1(object sender, EventArgs e){
Application.Exit();
}
private void 显示窗口ToolStripMenuItem_Click(object sender, EventArgs e){
this.Visible = true;
this.WindowState = FormWindowState.Normal;
this.ShowInTaskbar = true;
}
private void Form1_FormClosing(object sender, FormClosingEventArgs e){
this.ShowInTaskbar = false;
this.Visible = false;
e.Cancel = true;
}
}
}