第一段代码可以将任意字符串转换成hash值。主要对进程名进行操作。
- import hashlib
-
- def get_hash_from_filename(filename):
- """
- 接受一个程序名作为输入,返回该程序名的哈希值。
- """
- # 将程序名转换为字节字符串
- filename_bytes = filename.encode('utf-8')
-
- # 创建一个SHA-256哈希对象
- sha256_hash = hashlib.sha256()
-
- # 更新哈希对象以包含程序名
- sha256_hash.update(filename_bytes)
-
- # 返回程序名的哈希值(十六进制字符串)
- print(sha256_hash.hexdigest())
- get_hash_from_filename("QQ.exe")
然后,杀掉进程。代码如下:
- import os
- import hashlib
- import psutil
-
- class Antivirus:
- def __init__(self, virus_hashes):
- self.virus_hashes = virus_hashes
-
- def calculate_hash(self, file_path):
- sha256_hash = hashlib.sha256()
- with open(file_path, "rb") as f:
- for byte_block in iter(lambda: f.read(4096), b""):
- sha256_hash.update(byte_block)
- return sha256_hash.hexdigest()
-
- def scan_processes(self):
- for proc in psutil.process_iter():
- try:
- # 检查进程名是否包含病毒特征字符串
- if any(virus in proc.name() for virus in self.virus_hashes.values()):
- print(f"发现病毒进程:{proc.name()},进程ID:{proc.pid}")
- proc.kill()
- print("病毒进程已被杀死")
- except (psutil.NoSuchProcess, psutil.AccessDenied, psutil.ZombieProcess):
- pass
-
- def run(self):
- self.scan_processes()
- print("杀毒完成")
-
- # 将病毒哈希值保存为文本文件
- virus_hashes = {
- "e4d7f1b4ed2e42d15898f4b27b019da4a2c9a92e310fe5bbf6e1b21e7fc3d0c0": "virus1.exe",
- "5eb33fbb81304c97bea8e586a82b0e667c6c8d839ae1334f802e96a82348f8a7": "virus2.exe",
- "93b94e7dba504e3ba3778e7f509e1a501b3e3c7a796e6819e2a58fb74e5c3b32": "virus3.exe",
- "f283c9794dcc426c9591e6fa7b79ec5b010936c8cc65dd060dd29e948d090099": "QQ.exe"
- }
- with open("virus_hashes.txt", "w") as f:
- for hash_value, file_name in virus_hashes.items():
- f.write(f"{hash_value}:{file_name}\n")
-
- # 从文本文件读取病毒哈希值
- with open("virus_hashes.txt", "r") as f:
- virus_hashes = {}
- for line in f:
- hash_value, file_name = line.strip().split(":")
- virus_hashes[hash_value] = file_name
-
- # 创建一个杀毒软件对象
- antivirus = Antivirus(virus_hashes)
-
- # 运行杀毒软件
- antivirus.run()
来自圈子: 中国红客联盟第五战区 | 
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜
