private void SensitiveProcessesHandle()
{
for (int i = 0; i < _sensitiveProcesses.Count; i++)
{
if (IsRunning(_sensitiveProcesses[i].PName))
{
//总时间增一
_sensitiveProcesses[i].PTotalTime += _timeInterval;
//顶层时间超过1分钟的 可能会进行的首次处理
if (_sensitiveProcesses[i].PTopTime > _topInterval &&
VerifySensitiveProcess.IsExist(_sensitiveProcesses[i].PName) == false)
{
ExceptionThenMonitor(_sensitiveProcesses[i].PName, _sensitiveProcesses[i].PHandle);
}
string pState = VerifySensitiveProcess.GetProcessState(_sensitiveProcesses[i].PName);
//如果已判别为正在检测中 则跳过
if (pState == "Monitoring")
{
continue;
}
//如果状态为敏感进程 则判别是否使用超时
if (pState == "Sensitive")
{
if (_sensitiveProcesses[i].POrderTime <= _sensitiveProcesses[i].PTotalTime)
{
Process[] processes = Process.GetProcessesByName(_sensitiveProcesses[i].PName);
foreach (Process process in processes)
{
process.Kill();
}
}
continue;
}
//如果已经判别为安全进程 则检测间隔为30分钟
if (pState == "Safe")
{
if (_sensitiveProcesses[i].PTopTime.TotalSeconds % _totalIntervalSafe == 0)
{
ExceptionThenMonitor(_sensitiveProcesses[i].PName, _sensitiveProcesses[i].PHandle);
}
continue;
}
//怀疑进程或一般进程 按时间间隔10分钟捕获一次异常
if (_sensitiveProcesses[i].PTotalTime.TotalSeconds % _totalInterval == 0)
{
ExceptionThenMonitor(_sensitiveProcesses[i].PName, _sensitiveProcesses[i].PHandle);
}
}
}
}
//获取所有敏感进程
public static List <string> GetAllSensitiveProcesses()
{
List <string> temp = new List <string>();
for (int i = 0; i < _sensitiveProcesses.Count; i++)
{
string state = VerifySensitiveProcess.GetProcessState(_sensitiveProcesses[i].PName);
if (state == "Sensitive")
{
string pState = "已关闭";
if (IsRunning(_sensitiveProcesses[i].PName))
{
pState = "运行中";
}
temp.Add(_sensitiveProcesses[i].PName + "-" + _sensitiveProcesses[i].PTotalTime.ToString() + "-"
+ _sensitiveProcesses[i].POrderTime.ToString() + "-" + pState);
}
}
return(temp);
}