复制代码 代码如下:

using System;

using System.IO;

using System.Threading;

using System.Windows.Forms;

using System.Net;

namespace TrojanMonitor

{

public partial class Form1 : Form

{

public Form1()

{

InitializeComponent();

}

delegate void SetTextCallback(string text);

private string fname,code,emailkey,ip;

private Thread thr;

private void fsw_Changed(object sender, FileSystemEventArgs e)

{//文件改动监控（包含了新增）

fname = e.Name;

thr = new Thread(new ThreadStart(chkfile));

thr.IsBackground = true;

thr.Start();

}

private void fsw_Renamed(object sender, RenamedEventArgs e)

{//重命名监控

fname = e.Name;

thr = new Thread(new ThreadStart(chkfile));

thr.IsBackground = true;

thr.Start();

}

private void chkfile(){

string filename = fname;

string content="",filepath=fsw.Path+@""+filename,fileName="",hzhui="";

fileName = Path.GetFileName(filename);

hzhui = Path.GetExtension(filename).ToLower();

if (hzhui == ".asp" || hzhui == ".aspx" || hzhui == ".php" || hzhui == ".jpg" || hzhui == ".gif")

{

try{

if (IsFileInUse(filename)) { System.Threading.Thread.Sleep(2000); chkfile(); }

StreamReader sr = new StreamReader(filepath);

content = sr.ReadToEnd();

sr.Close();

if (chkcontent(content)){

try{

string bakpath = Application.StartupPath + @"TrojanMonitorbak",

logfile = bakpath + @"log" + DateTime.Today.ToShortDateString() + ".dat",

newfile = bakpath + @"" + DateTime.Today.ToShortDateString() + @"",

newfilepath = newfile + DateTime.Now.Hour.ToString() + "点" + DateTime.Now.Minute.ToString() + "分" + DateTime.Now.Second.ToString() + "秒" + DateTime.Now.Millisecond.ToString() + "毫秒-" + fileName;

if (!Directory.Exists(bakpath)) { Directory.CreateDirectory(bakpath); }

if (!Directory.Exists(newfile)) { Directory.CreateDirectory(newfile);}

if (File.Exists(newfilepath)){File.Delete(newfilepath);}

File.Move(filepath,newfilepath);

string str = "[" + DateTime.Now + "] 发现可疑文件: [" + filepath + "] To [" + newfilepath + "]";

addtiem(str);

StreamWriter sw = File.AppendText(logfile);

sw.WriteLine(str + " rn");//写入日志

sw.Flush();

sw.Close();

sw.Dispose();

downurl("http://www.cqeh.com/mail/?EmailSubject=发现可疑文件(" + ip + ")&EmailKey=" + emailkey + "&SendHtml=[" + ip + "][" + DateTime.Now + "] 发现可疑文件: [" + filepath + "]");//发送Email

sw = File.AppendText(filepath);

sw.WriteLine("此文件检测到有可疑问题！请联系管理员！");

sw.Flush();

sw.Close();

sw.Dispose();

}

catch (Exception ex) { addtiem(ex.ToString()); }

}

}

catch (Exception ex) { addtiem(ex.ToString()); }

}

}

private string downurl(string url){

WebClient client = new WebClient();

string result=client.DownloadString(url);

return result;

}

private void addtiem(string text){

if (this.lb.InvokeRequired){

SetTextCallback d = new SetTextCallback(addtiem);

this.Invoke(d, new object[] { text });

} else {

this.lb.Items.Add(text);

}

}

private bool chkcontent(string content)

{

bool returnval = false;

string[] sArray = code.ToLower().Split('|');

content = content.ToLower();

foreach (string i in sArray)

{

if (content.IndexOf(i)>-1){returnval=true;break;}

}

return returnval;

}

private void Form1_Load(object sender, EventArgs e){

ip = Dns.GetHostEntry(Environment.MachineName).AddressList[0].ToString();

string config = File.ReadAllText(Application.StartupPath + "//monitorpath.ini");//获取监控路径 d:wwwroot

try{

code = downurl("http://www.cqeh.com/txt/trojan.txt");

//获取木马特征库

filepath.Text = config;

fsw.Path = config;

emailkey = downurl("http://www.cqeh.com/txt/trojanemailkey.txt");

//获取发送email许可key;

this.ShowInTaskbar=false;

this.Visible = false;

}

catch (Exception ex){

MessageBox.Show("错误：" + ex.Message, "无法启动程序!", MessageBoxButtons.OK); Application.Exit();

}

finally { }

}

bool IsFileInUse(string fileName){//判断文件是否使用中

bool inUse = true;

if (File.Exists(fileName)){

FileStream fs = null;

try{fs = new FileStream(fileName, FileMode.Open, FileAccess.Read,FileShare.None);inUse = false;}

catch{}finally{if (fs != null)fs.Close();}

return inUse;

}else{return false;}

}

private void notifyIcon1_MouseDoubleClick(object sender, MouseEventArgs e)

{

this.Visible = true;

this.WindowState = FormWindowState.Normal;

this.ShowInTaskbar = true;

}

private void Form1_Resize(object sender, EventArgs e)

{

if (this.WindowState == FormWindowState.Minimized){

this.ShowInTaskbar = false;

this.Visible = false;

}

}

private void 退出系统ToolStripMenuItem_Click_1(object sender, EventArgs e){

Application.Exit();

}

private void 显示窗口ToolStripMenuItem_Click(object sender, EventArgs e){

this.Visible = true;

this.WindowState = FormWindowState.Normal;

this.ShowInTaskbar = true;

}

private void Form1_FormClosing(object sender, FormClosingEventArgs e){

this.ShowInTaskbar = false;

this.Visible = false;

e.Cancel = true;

}

}

}

源码包下载

【c# 服务器上传木马监控代码(包含可疑文件)】相关文章：

★ c#(Socket)同步套接字代码示例

★ c#图片添加水印的实例代码

★ 使用C#实现在屏幕上画图效果的代码实例

★ c# 开机启动项的小例子

★ C#反射在实际应用中的实例代码

★ C#编程实现Excel文档中搜索文本内容的方法及思路

★ c#(Socket)异步套接字代码示例

★ C#编写Windows服务实例代码

★ C#跨窗体操作(引用传递) 实例代码

★ c#读取文件详谈