Introduction to the process of Rundll32.exe

What is the Rundll32.exe process?

What happened to the Rundll32.exe error? How do I fix a virus-infected Rundll32.exe? The RUNDLL32 process is a process that we can often see, a process that is often used by viruses to "execute 32-bit DLL files." Its role is to execute the internal functions in the DLL file, so that in the process, there will only be Rundll32.exe, and there will be no DLL backdoor process, so that the process of implementation of the hidden.

If you see multiple Rundll32.exe in the system, do not panic, Zun Long international This proves how many DLL files are started with Rundll32.exe. Of course, these Rundll32.exe execute DLL files are what we can find from the place where the system automatically loads. Here we come together to understand the Rundll32.exe process and learn the solution to the Rundll32.exe error.

function prototypes used by Rundll32.exe:

Void CALLBACK functionname (HWND hwnd,hinstance hinst,lptstr lpcmdline,int ncmdshow);

The following command line is used: Rundll32.exe dllname,functionname [Arguments]

Dllname is the DLL file name that needs to be executed; FunctionName is the specific derivation function of the DLL file that needs to be executed in front; [Arguments] is the specific parameter of the extraction function.

Experiment with Rundll32 Restart the machine: Click "Start-Program-ms-dos mode", enter the DOS window, then type Rundll32.exe user.exe,restartwindows, then press ENTER, then you will see that the machine is restarted!

RUNDLL. Exe

Here are three points to note:

1.DLL file name can not contain spaces, such as the file is located in the C:\ProgramFiles\ directory, you want to change the path to c:\progra~1\;

2.DLL file name and DLL entry point between the comma can not be less, or the program will be error and will not give any information!

3. This is the most important point: Rundll cannot be used to call a DLL with a return value parameter, such as GetUserName () in Win32API, Gettextface (), and so on. In Visual Basic, a command shell that executes an external program is provided in the form Shell command column

If you can cooperate with Rundll32.exe with good shell instructions, it will make your VB program with other methods difficult or impossible to achieve the effect: still take the restart as an example, the traditional method requires you in the VB project first set up a module, and then write the WINAPI declaration, finally can call in the program. And now just one sentence:

The Shell "Rundll32.exe user.exe,restartwindows" is done!

In fact, Rundll32.exe has a unique advantage in calling various Windows Control panels and system options.

The network above has Rundll32.exe killing tools to kill infected Rundll32.exe processes.

Read Recommendation: http://blog.chinaunix.net/uid-29980355-id-4627612.html

Introduction to the process of Rundll32.exe