复制代码 代码如下:

using System;

using System.IO;

using System.Text.RegularExpressions;

using System.Threading;

using System.Windows.Forms;

using System.Net;

namespace TrojanScanning

{

public partial class Form1 : Form

{

public Form1()

{

InitializeComponent();

}

delegate void SetTextCallback(string text);

delegate void SetTextCallback2(bool b);

delegate void SetTextCallback3(ListViewItem item);

private string fname, code;

private Thread thr;

private string[] sArray;

private void button1_Click(object sender, EventArgs e)

{

if (folderBrowserDialog1.ShowDialog() == DialogResult.OK)

{

scanpath.Text = folderBrowserDialog1.SelectedPath;

}

}

private void startbtn_Click(object sender, EventArgs e)

{

list.Items.Clear();

fname = scanpath.Text;

thr = new Thread(new ThreadStart(scan));

thr.IsBackground = true;

thr.Start();

}

private void scan(){

FileSystemInfo s = GetFileSystemInfo(fname);

if (s != null) { scanbtn(false); ListFiles(s); scantext("扫描完成"); scanbtn(true); } else { MessageBox.Show("请先选择要扫描的目录"); }

}

public FileSystemInfo GetFileSystemInfo(string path){

if (File.Exists(path))

return new FileInfo(path);

else if (Directory.Exists(path))

return new DirectoryInfo(path);

else

return null;

}

private void ListFiles(FileSystemInfo info){

if (info.Exists){

DirectoryInfo dir = info as DirectoryInfo;

if (dir == null) return;

try{

FileSystemInfo[] files = dir.GetFileSystemInfos();

for (int i = 0; i < files.Length; i++){

FileInfo file = files[i] as FileInfo;

if (file != null && (file.Extension.ToLower() == ".asp" || file.Extension.ToLower() == ".php" || file.Extension.ToLower() == ".aspx" || file.Extension.ToLower() == ".master"))

{

scantext("扫描 " + file.FullName);

chkfile(file.FullName,file.Length);

}else{

ListFiles(files[i]);

}

}

}

catch{}

}

}

private void chkfile(string filepath,long filesize)

{

try{

if (IsFileInUse(filepath)) { System.Threading.Thread.Sleep(2000); chkfile(filepath,filesize); }

StreamReader sr = new StreamReader(filepath);

string content = sr.ReadToEnd();

sr.Close();

string chkr=chkcontent(content);

if (chkr!=""){

ListViewItem item = new ListViewItem("可疑");

item.SubItems.Add(File.GetLastAccessTime(filepath).ToString());

item.SubItems.Add(chkr);

item.SubItems.Add(filepath);

item.SubItems.Add((filesize/1024).ToString() + " kb");

addtiem(item);

}

}

catch { }

}

private string downurl(string url)

{

WebClient client = new WebClient();

string result = client.DownloadString(url);

return result;

}

private void addtiem(ListViewItem item)

{

if (this.list.InvokeRequired){

SetTextCallback3 d = new SetTextCallback3(addtiem);

this.Invoke(d, new object[] { item });

}else{

this.list.Items.Add(item);

}

}

private void scantext(string text)

{

if (this.scanstate.InvokeRequired)

{

SetTextCallback d = new SetTextCallback(scantext);

this.Invoke(d, new object[] { text });

}else{

this.scanstate.Text=text;

}

}

private void scanbtn(bool b){

if (this.startbtn.InvokeRequired){

SetTextCallback2 d = new SetTextCallback2(scanbtn);

this.Invoke(d, new object[] { b });

}else{

this.startbtn.Enabled = b;

this.scanpath.Enabled = b;

this.button1.Enabled = b;

}

}

private string chkcontent(string content){

string returnval = "";

content = content.ToLower();

foreach (string i in sArray)

{

if (content.IndexOf(i)> -1){ returnval+=i+","; }

}

if (returnval != "") { returnval=returnval.Substring(0, returnval.Length - 1); }

return returnval;

}

bool IsFileInUse(string fileName)

{

bool inUse = true;

if (File.Exists(fileName))

{

FileStream fs = null;

try { fs = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.None); inUse = false; }

catch { }

finally { if (fs != null)fs.Close(); }

return inUse;

}

else { return false; }

}

private void Form1_Load(object sender, EventArgs e)

{

try{

code = downurl("http://www.cqeh.com/txt/trojan.txt");

sArray = code.ToLower().Split('|');

}

catch (Exception ex)

{

MessageBox.Show("错误：" + ex.Message, "无法启动程序!", MessageBoxButtons.OK); Application.Exit();

}

}

private void list_DoubleClick(object sender, EventArgs e)

{

System.Diagnostics.Process.Start("NOTEPAD.EXE", list.SelectedItems[0].SubItems[3].Text);

}

}

}

/201005/tools/TrojanScanning.rar

哦 写错了个地方 最后修改时间 GetLastAccessTime -> GetLastWriteTime

复制代码 代码如下:

if (file != null && (file.Extension.ToLower() == ".asp" || file.Extension.ToLower() == ".php" || file.Extension.ToLower() == ".aspx" || file.Extension.ToLower() == ".master"))

{

scantext("扫描 " + file.FullName);

chkfile(file.FullName,file.Length);

可改

复制代码 代码如下:

if (file != null)

{

string fe=file.Extension.ToLower();

if (fe == ".asp" || fe == ".php" || fe == ".aspx" || fe == ".master"){

scantext("扫描 " + file.FullName);

chkfile(file.FullName, file.Length);

}