电脑性能上:
①cpu和内存使用率(常见):
python 实时得到cpu和内存的使用情况方法_python_脚本之家
https://www.jb51.net/article/141835.htm
②c盘剩余容量(有的挖矿程序会占用c盘大量内存):
Python实现获取磁盘剩余空间的2种方法_python_脚本之家
https://www.jb51.net/article/115604.htm
③直接对已有挖矿进程库进行杀死:
Python3之查看windows下所有进程并杀死指定进程 - Quincy.Coder的博客 - CSDN博客
https://blog.csdn.net/qq_33733970/article/details/80751957
整理并加上其他功能(流量,端口)完成代码如下:
#!/usr/bin/python3
# coding:utf-8
from tkinter import *
import psutil,linecache,ctypes,wmi
import os,datetime,time,platform,sys,socket def net_is_used(port,ip='127.0.0.1'):#端口检测
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
try:
s.connect((ip,port))
s.shutdown(2)
print('%s:%d is used' % (ip,port))
return True
except:
print('%s:%d is unused' % (ip,port))
return False def get_network_flow(os):#当前流量特征
if os == "Windows":
c = wmi.WMI()
for interfacePerTcp in c.Win32_PerfRawData_Tcpip_TCPv4():
sentflow = float(interfacePerTcp.SegmentsSentPersec) #已发送的流量
receivedflow = float(interfacePerTcp.SegmentsReceivedPersec) #接收的流量
present_flow = sentflow+receivedflow #算出当前的总流量
time.sleep(1)
for interfacePerTcp in c.Win32_PerfRawData_Tcpip_TCPv4():
sentflow = float(interfacePerTcp.SegmentsSentPersec) #已发送的流量
receivedflow = float(interfacePerTcp.SegmentsReceivedPersec) #接收的流量
per_last_present_flow = sentflow+receivedflow #算出1秒后当前的总流量
present_network_flow = (per_last_present_flow - present_flow)/1024
return "%.2f"%present_network_flow def getMemCpu():
global n
data = psutil.virtual_memory()
total = data.total #总内存,单位为byte
free = data.available #可以内存
memory = "Memory usage:%d"%(int(round(data.percent)))+"%\n"#内存使用率
cpu = "CPU:%0.2f"%psutil.cpu_percent(interval=1)+"%\n"#CPU使用率
if int(round(data.percent))>75 and psutil.cpu_percent(interval=1) > 75:#挖矿一个特征
n=1#☆☆☆阈值
else:
n=0
return memory+cpu def get_free_space_mb(folder):#C盘内存剩余量
if platform.system() == 'Windows':
free_bytes = ctypes.c_ulonglong(0)
ctypes.windll.kernel32.GetDiskFreeSpaceExW(ctypes.c_wchar_p(folder), None, None, ctypes.pointer(free_bytes))
return free_bytes.value/1024/1024/1024
else:
st = os.statvfs(folder)
return st.f_bavail * st.f_frsize/1024/1024 def on_click():#开始检测按钮函数
global num,n,cont
os = platform.system()
label['text'] = '正在检测···'
info=getMemCpu()
info = info +"C free space:%0.2f"%get_free_space_mb('C:\\') + "G\n"
flow=get_network_flow(os)
if float(flow) > 3000:#病毒一般占用3033KB/s☆☆☆阈值
n=1
info = info + "traffic:" + flow + "KB/s"
conte=linecache.getlines('port.txt')#端口在port文件中
for i in range(len(conte)):#病毒一般占用4位数端口,端口范围可选,或针对端口关闭
if net_is_used(int(conte[i])):
n=1
#if net_is_used(xxx):xxx为指定端口
# n=1
if get_free_space_mb('C:\\') < 1:
n=1
pids = psutil.pids()
cont=linecache.getlines('process.txt')
for j in range(len(cont)):
cont[j]=cont[j][:len(cont[j])-1]
for pid in pids:
p = psutil.Process(pid)
#print(p.name())
for j in range(len(cont)):
if p.name() == cont[j]:
n=1
myfile=open('test.txt','a')
if n==0:
message['text'] = '本系统现未遭受挖矿攻击\n'+info
middle=time.strftime('%Y%m%d%H%M',time.localtime(time.time()))+' normal ' + str("%.2f"%get_free_space_mb('C:\\')) + ' ' + flow
message['bg'] = 'green'
myfile.write('\n'+middle)
if n==1:
message['text'] = '本系统正在遭受挖矿,紧急!\n'+info
middle=time.strftime('%Y%m%d%H%M',time.localtime(time.time()))+' warning '+ str("%.2f"%get_free_space_mb('C:\\')) + ' ' + flow
message['bg'] = 'yellow'
myfile.write('\n'+middle)
myfile.close()
label['text'] = '完成检测!' def on_click2():#读取日志按钮函数
label['text'] = '日志读取'
content=linecache.getlines('test.txt')
logs=''
for i in range(len(content)):
mid=''
mid=content[i][0:4]+'.'+content[i][4:6]+'.'+content[i][6:8]+' '+content[i][8:10]+':'+content[i][10:]
logs=logs+mid
message['text'] = logs def on_click3():#重置按钮函数
message['text'] = ''
label['text'] = '欢迎使用本反挖矿系统'
message['bg'] = 'white' def on_click4():#杀死文件中进程函数
global n,cont
pids = psutil.pids()
#cont=linecache.getlines('process.txt')
for pid in pids:
p = psutil.Process(pid)
#print(p.name())
for j in range(len(cont)):
if p.name() == cont[j]:
cmd = 'taskkill /f /t /im '+ '"'+cont[j]+'"'
os.system(cmd)
message['text'] = '指定文件中进程已清除'
message['bg'] = 'green' n=0
root=Tk(className='反挖矿系统')
root.geometry('400x300')
label = Label(root)
label['text'] = '欢迎使用本反挖矿系统'
message = Label(root,text='')
label.pack()
button = Button(root,text='开始使用',command=on_click)
button.pack()
button2 = Button(root,text='查看日志',command=on_click2)
button2.pack()
button3 = Button(root,text='重置界面',command=on_click3)
button3.pack()
button4 = Button(root,text='杀死进程',command=on_click4)
button4.pack()
message.pack()
root.mainloop()