Whether or Rundll32.exe Rundll.exe, independent role in the operation are not, it is necessary to specify the procedure to load DLL files behind. In the Windows Task Manager, we can only see rundll32.exe process, and its essence is to call the DLL. We can use the process management software, etc. (Our 2004 is introducing 21) to see what its specific operation of DLL files.
Some Trojans is to use the form of running Rundll32.exe DLL load, but most cases are loading system Rundll32.exe the DLL files, do not have to worry too much. In addition to mention the fact that some names and use Trojan virus common system similar or identical features of the process, cheat customers. Therefore, to establish the running Rundll32.exe in% systemroot% system32 directory, to document the name also has not changed.
I believe we very often at the Forum to see some of those experts is to simplify the operating parameters, such as rundll32.exe shell32.dll, Control_RunDLL, replacing the lengthy "start → set → Control Panel", as a rookie in our hearts must Yangyang The. Is how they know the answer to the » How do we find the answers themselves » Analysis of the above order will know, in fact, run Rundll32.exe procedures, it designated loading shell32.dll file, and after the comma is the parameters of this DLL. Understanding of its principles, the following can be excavated many of his usual rare parameters of the well known.
Step 1: eXeScope operating software, open a document of a DLL, for example, shell32.dll.
Step 2: Choose "Export → SHELL32.DLL", the right of this window you can see the parameters of a DLL file.
Step 3: The role of these parameters in general can literally that, so do not have the expertise. It should be noted that the parameters are case-sensitive, in the run-time must be entered correctly, otherwise they will be wrong. Now not find a parameter, such as RestartDialog, literally understanding should be the resumption of dialog. Combined into a single command, is Rundll32.exe shell32.dll, RestartDialog, can be seen running Windows usually familiar with the reopening of dialog.
Now, we have learned how to use anti-compiler software to access the parameters in the DLL file, so that others after an order, you can call the DLL file for more orders. His groping, you can learn more call to the parameters of a DLL.
Primary information
The parameters used rundll32
Order: rundll32.exe shell32.dll, Control_RunDLL
Features: the control panel display
Order: rundll32.exe shell32.dll, Control_RunDLL access.cpl,, 1
Features: Show "control panel → auxiliary keyboard options →"
Order: rundll32.exe shell32.dll, Control_RunDLL sysdm.cpl @ 1
Features: the implementation of the "control panel → add new hardware"
Order: rundll32.exe shell32.dll, SHHelpShortcuts_RunDLL AddPrinter
Features: the implementation of the "control panel → add a new printer"
Order: rundll32.exe DISKCOPY.DLL, DiskCopyRunDll
Features: boot floppy copy window
Rundll.exe is a virus?
commentary: 0 | citation: 0 | Tags:
- articles related:
◎Thank you to share your idea!
Categories
Archives
Previous
- [07/30]Rundll.exe is a virus?
- [07/30]explorer.exe rundll32.exe virus solution
- [07/30]rundll32.exe: lock your computer with a mouse
- [07/20]Rundll.exe error - computer misconfiguration or terrible virus?
- [07/20]Through the system of authority to clean up dll Trojan
- [07/20]Using little-known installation Rundll32 unloading skills
- [07/20]Rundll.exe Error loading solution
- [06/18]Vista EXE Deep Dive
- [06/06]Download Opera 9.50 Build 10048 Beta
- [06/05]McAfee found the most dangerous domains
- [06/05]What is The Enigma Protector?
- [05/27]utilman.exe
- [03/21]Kaspersky Internet Security 8.0.0.295 Beta
- [02/22]UltraEdit v14.00 Changes 2008-02-21
- [02/13]Microsoft Security Bulletin Summary for February 2008
