查杀工具

image-20241012134606924

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
import os,sys,psutil
import yara
import base64
import threading
from tkinter import *
from tkinter.ttk import *
from tkinter import filedialog
import tkinter as tk

process_name = ["工具.exe","test.exe"]
rules_string = '''
YARA规则
'''
class RedirectText:
    def __init__(self, text_widget):
        self.text_widget = text_widget
        # 创建用于不同颜色的标签
        self.text_widget.tag_configure("green", foreground="green")
        self.text_widget.tag_configure("red", foreground="red")

    def write(self, string, color="black"):
        # 根据颜色插入带有标签的文本
        self.text_widget.insert(tk.END, string, (color,))
        self.text_widget.see(tk.END)  # 自动滚动到末尾
    def flush(self):
        pass  # flush 方法通常需要定义,但在这里不需要做任何事情

def start_task(path):
    # 启动线程以运行长时间任务
    thread = threading.Thread(target=filesScan(path))
    thread.start()

def kill_process_by_name(process_name):
    # 遍历所有进程
    for proc in psutil.process_iter(attrs=['pid', 'name']):
        try:
            if proc.info['name'] in process_name:
                redirected_text.write(f"找到进程: {proc.info['name']}, PID: {proc.info['pid']}\n", color="red")
                # 杀死进程
                proc.kill()
                redirected_text.write(f"成功杀死进程: {proc.info['name']}, PID: {proc.info['pid']}\n", color="red")
                text_box.update()
        except (psutil.NoSuchProcess, psutil.AccessDenied, psutil.ZombieProcess):
            pass  # 跳过无法访问的进程或已结束的进程

#Yara扫描
def filesScan(path):
    sum=0
    matchessum=0
    matchesfiles=[]
    path = os.path.normpath(path)
    rules = yara.compile(source=rules_string)
    for root, dirs, files in os.walk(path):
        for file in files:
            mapath = os.path.join(root, file)  # 拼接完整文件路径
            sum+=1
            # 打开文件并读取数据
            try:
                with open(mapath, 'rb') as fp:
                    redirected_text.write(f'扫描文件: {mapath}\n')  # 打印正在处理的文件
                    text_box.update()
                    matches = rules.match(data=fp.read())
                    if matches:
                        redirected_text.write(f'警告:{matches}\n', color="red")
                        matchessum+=1
                        matchesfiles.append([mapath,matches])
            except :
                redirected_text.write(f'访问失败:{file}\n', color="red")
    redirected_text.write(f'扫描完成\n', color="green")
    redirected_text.write(f"扫描总文件:{sum};可疑文件:{matchessum}\n", color="green")
    for file in matchesfiles:
        redirected_text.write(f'{file[0]}    {file[1]} \n', color="red")

def Folderpath():
    path = filedialog.askdirectory()
    E.delete(0, END)
    E.insert(0, str(path))

#全盘扫描
def check_command1(entry,button):
    entry.config(state='disabled') 
    button.config(state='disabled')
def check_command2(entry,button):
    entry.config(state='normal') 
    button.config(state='normal')

#开始查杀
def startKill():
    text_box.delete(1.0, tk.END)
    text_box.config(state='normal')
    kill_process_by_name(process_name)
    if CheckVar.get():
        print("开始C盘扫描......")
        start_task("C:/")
    elif os.path.exists(E.get()):
        print("开始扫描指定路径"+E.get())
        start_task(E.get())
    else:
        print("请选择合法的路径!!!")
    text_box.config(state='disabled')

root = tk.Tk()
# 获取屏幕尺寸计算参数,使窗口显示再屏幕中央
screen_width = root.winfo_screenwidth()
screen_height = root.winfo_screenheight()
width = 1000
height = 450
root_size = f'{width}x{height}+{round((screen_width - width) / 2)}+{round((screen_height - height) / 2)}' 
root.geometry(root_size)
root.resizable(height=False, width=False)
root.title('查杀工具')

# base64图标
temp = open('temp.ico', 'wb+')
base64_str = ''   #省略
imagedata = base64.b64decode(base64_str)
temp.write(imagedata)
temp.close()
root.iconbitmap('temp.ico')
os.remove('temp.ico')

Label(root, text='').grid(row=0, column=0, padx=20, pady=30) 
Label(root, text='查杀路径:').grid(row=0, column=1)
E = Entry(root, width=100)
E.grid(row=0, column=2, columnspan=4)
btn = Button(root, text='选择', command=Folderpath)
btn.grid(row=0, column=6)
CheckVar = IntVar()
C = Checkbutton(root, text="C盘扫描", variable=CheckVar, command=lambda: check_command1(E,btn) if CheckVar.get() else check_command2(E,btn))
C.grid(row=0, column=7)
Label(root, text='输出:').grid(row=1, column=1)
text_box = Text(root,width=100)
text_box.config(state='disabled')
text_box.grid(row=1, column=2,rowspan=10)
# 创建滚动条
scrollbar = tk.Scrollbar(root, command=text_box.yview)
scrollbar.grid(row=1, column=3, rowspan=10, sticky='ns')  # 将滚动条放在文本框右侧
# 将滚动条与文本框关联
text_box['yscrollcommand'] = scrollbar.set
# 重定向 stdout 到 Text 组件
redirected_text = RedirectText(text_box)
sys.stdout = redirected_text
btn1 = tk.Button(root, text='开始查杀',width=10,height=18,command=startKill)
btn1.grid(row=1, column=6)
root.mainloop()

速度太慢。使用python多线程有问题, MFC调用libyara也有问题。

其他
查杀工具
http://wangchenchina.github.io/2024/10/12/查杀工具/
作者
Demo
发布于
2024年10月12日
许可协议