c# 扫描可疑文件(找到木马)(简)转

using System;
using System.IO;
using System.Text.RegularExpressions;
using System.Threading;
using System.Windows.Forms;
using System.Net;

namespace TrojanScanning
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }
        delegate void SetTextCallback(string text);
        delegate void SetTextCallback2(bool b);
        delegate void SetTextCallback3(ListViewItem item);
        private string fname, code;
        private Thread thr;
        private string[] sArray;

        private void button1_Click(object sender, EventArgs e)
        {
            if (folderBrowserDialog1.ShowDialog() == DialogResult.OK)
            {
                scanpath.Text = folderBrowserDialog1.SelectedPath;
            }
        }

        private void startbtn_Click(object sender, EventArgs e)
        {
            list.Items.Clear();
            fname = scanpath.Text;
            thr = new Thread(new ThreadStart(scan));
            thr.IsBackground = true;
            thr.Start();
        }

        private void scan(){
            FileSystemInfo s = GetFileSystemInfo(fname);
            if (s != null) { scanbtn(false); ListFiles(s); scantext("扫描完成"); scanbtn(true); } else { MessageBox.Show("请先选择要扫描的目录"); }
        }

        public FileSystemInfo GetFileSystemInfo(string path){
            if (File.Exists(path))
                return new FileInfo(path);
            else if (Directory.Exists(path))
                return new DirectoryInfo(path);
            else
                return null; 
        }


        private void ListFiles(FileSystemInfo info){
            if (info.Exists){
                DirectoryInfo dir = info as DirectoryInfo;
                if (dir == null) return;
                try{
                    FileSystemInfo[] files = dir.GetFileSystemInfos();
                    for (int i = 0; i < files.Length; i++){
                        FileInfo file = files[i] as FileInfo;
                        if (file != null && (file.Extension.ToLower() == ".asp" || file.Extension.ToLower() == ".php" || file.Extension.ToLower() == ".aspx" || file.Extension.ToLower() == ".master"))
                        {
                            scantext("扫描 " + file.FullName);
                            chkfile(file.FullName,file.Length);
                        }else{
                            ListFiles(files[i]);
                        }
                    }
                }
                catch{}
            }

        }
        private void chkfile(string filepath,long filesize)
        {
            try{
                if (IsFileInUse(filepath)) { System.Threading.Thread.Sleep(2000); chkfile(filepath,filesize); }
                StreamReader sr = new StreamReader(filepath);
                string content = sr.ReadToEnd();
                sr.Close();
                string chkr=chkcontent(content);
                if (chkr!=""){
                    ListViewItem item = new ListViewItem("可疑");
                    item.SubItems.Add(File.GetLastAccessTime(filepath).ToString());
                    item.SubItems.Add(chkr);
                    item.SubItems.Add(filepath);
                    item.SubItems.Add((filesize/1024).ToString() + " kb");
                    addtiem(item);
                }
            }
            catch { }
        }

        private string downurl(string url)
        {
            WebClient client = new WebClient();
            string result = client.DownloadString(url);
            return result;
        }
        private void addtiem(ListViewItem item)
        {
            if (this.list.InvokeRequired){
                SetTextCallback3 d = new SetTextCallback3(addtiem);
                this.Invoke(d, new object[] { item });
            }else{
                this.list.Items.Add(item);
            }
        }
        private void scantext(string text)
        {
            if (this.scanstate.InvokeRequired)
            {
                SetTextCallback d = new SetTextCallback(scantext);
                this.Invoke(d, new object[] { text });
            }else{
                this.scanstate.Text=text;
            }
        }
        private void scanbtn(bool b){
            if (this.startbtn.InvokeRequired){
                SetTextCallback2 d = new SetTextCallback2(scanbtn);
                this.Invoke(d, new object[] { b });
            }else{
                this.startbtn.Enabled = b;
                this.scanpath.Enabled = b;
                this.button1.Enabled = b;
            }
        }
        private string chkcontent(string content){
            string returnval = "";
            content = content.ToLower();
            foreach (string i in sArray)
            {
                if (content.IndexOf(i)> -1){ returnval+=i+","; }
            }
            if (returnval != "") { returnval=returnval.Substring(0, returnval.Length - 1); }
            return returnval;
        }

        bool IsFileInUse(string fileName)
        {
            bool inUse = true;
            if (File.Exists(fileName))
            {
                FileStream fs = null;
                try { fs = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.None); inUse = false; }
                catch { }
                finally { if (fs != null)fs.Close(); }
                return inUse;
            }
            else { return false; }
        }
        private void Form1_Load(object sender, EventArgs e)
        {
            try{
                code = downurl("http://www.cqeh.com/txt/trojan.txt");
                sArray = code.ToLower().Split('|');
            }
            catch (Exception ex)
            {
                MessageBox.Show("错误：" + ex.Message, "无法启动程序!", MessageBoxButtons.OK); Application.Exit();
            }
        }

        private void list_DoubleClick(object sender, EventArgs e)
        {
            System.Diagnostics.Process.Start("NOTEPAD.EXE", list.SelectedItems[0].SubItems[3].Text);
        }

    }
}