"Execute a 32-bit DLL file ". The internal implementation is the internal implementation of the dllfile. In this process, only rundll32.exe is available, and no DLL backdoor process is available. In this way, process hiding is realized. If you see multiple rundll32.exefiles in the system, you do not need to be alarmed. This shows how many DLL files are started with rundll32.exe. Of course, we can find all the DLL files executed by rundll32.exe from the locations where the system automatically loads them.
Now, I will introduce the rundll32.exe file, which means that the function is to call the dynamic link library through the command line. There is also a rundll.exe file in the system, which means to "execute a 16-bit DLL file". Pay attention to it here. For more information, see the function prototype used by rundll32.exe:
Void callback functionname (
Hwnd,
Hinstance hinst,
Lptstr lpcmdline,
Int ncmdshow
);
The command line uses rundll32.exe dllname and functionname [arguments].
Dllname is the name of the DLL file to be executed, functionname is the specific extraction function of the DLL file to be executed on the front, and [arguments] is the specific parameter of the extraction function.
Role of rundll32.exe
Windows 9xis usually used to define rundll32.exeand rundll.exe files. However, since the functions of these two programs were originally used only within Microsoft, there may be few friends who really know how to use them. Well, if you still don't know, let me tell you.
First, please make a small experiment (please save the results of the program you are running in advance, otherwise ...): click "start"> "run", click "rundll32.exe user.exe", and "restartwindows". Then, press the Enter key. You will see that the machine has been restarted! How is it interesting?
Of course, the function of rundll is not just to restart your machine. The difference is that the former is a 32-bit link database, and the latter is a 16-bit link database. Their command format is:
Rundll. EXE ,,
Note the following three points: 1. the DLL file name cannot contain spaces. For example, if the file is stored in the C:/ProgramFiles/directory, change the path to C:/progra ~ 1/; 2. the DLL file name and the DLL entry point must have fewer commas. Otherwise, the program will fail and no information will be provided! 3. This is the most important point: rundll cannot be used to call a DLL containing return value parameters, such as GetUserName () and gettextface () in WIN32API. In Visual Basic, a command shell for executing external programs is provided, in the format:
Shell "command column"
If rundll32.exe is ready to use shell commands, it will make your VB program have an effect that is hard to achieve or even impossible to achieve in other ways: restart is still used as an example. The traditional method requires you to create a module in the VB project, then write the winapi declaration before calling in the program. Now, you only need one sentence:
Shell restart rundll32.exe user.exe, restartwindows "is done! Is it much more convenient?
In contrast, rundll32.exe has unique advantages in calling various windows control panels and System Options. Next, I will list the rundll commands I have collected over the Internet as follows (useful, saving you a lot of time calling Windows APIs !!), For reference in programming:
Command column: rundll32.exe shell32.dll, control_rundll
Function: Display Control Panel
Command column: rundll32.exe shell32.dll, control_rundll access. CPL, 1
Function: displays the "control panel-Auxiliary options-keyboard" option window.
Command column: rundll32.exe shell32.dll, control_rundll access. CPL, 2
Function: displays the "control panel-Auxiliary options-sound" option window.
Command column: rundll32.exe shell32.dll, control_rundll access. CPL, 3
Function: displays the "control panel-Auxiliary options-display" option window.
Command column: rundll32.exe shell32.dll, control_rundll access. CPL, 4
Function: displays the control panel-secondary option-mouse option window.
Command column: rundll32.exe shell32.dll, control_rundll access. CPL, 5
Function: displays the "control panel-Auxiliary options-traditional" option window.
Command column: rundll32.exe shell32.dll, control_rundll sysdm. Cpl @ 1
Function: run the "control panel-add new hardware" Wizard.
Command column: rundll32.exe shell32.dll, shhelpshortcuts_rundll addprinter
Function: run the control panel-add new printer wizard.
Command column: rundll32.exe shell32.dll, control_rundll appwiz. CPL, 1
Function: the "control panel-Add/delete programs-install/uninstall" panel is displayed.
Command column: rundll32.exe shell32.dll, control_rundll appwiz. CPL, 2
Function: the "control panel-Add/delete programs-install Windows" panel is displayed.
Command column: rundll32.exe shell32.dll, control_rundll appwiz. CPL, 3
Function: the "control panel-Add/delete programs-boot disk" panel is displayed.
Command column: rundll32.exe syncui. dll, briefcase_create
Function: Create a new "My Briefcase" on the desktop ".
Command column: rundll32.exe diskcopy. dll, diskcopyrundll
Function: displays the copy disk Window.
Command column: rundll32.exe apwiz. CPL, newlinkhere % 1
Function: the "Create shortcut" dialog box is displayed. The location of the created shortcut is determined by the % 1 parameter.
Command column: rundll32.exe shell32.dll, control_rundll TimeDate. CPL, 0
Function: displays the "Date and Time" option window.
Command column: rundll32.exe shell32.dll, control_rundll TimeDate. CPL, 1
Function: displays the "Time Zone" option window.
Command column: rundll32.exe rnaui. dll, rnadial [name of a dial-up connection]
Function: displays the dialing window for a dial-up connection. If a dial-up connection has been established, the current connection status window is displayed.
Command column: rundll32.exe rnaui. dll, rnawizard
Function: displays the window of the new dial-up connection wizard.
Command column: rundll32.exe shell32.dll, control_rundll desk. CPL, 0
Function: displays the "Display Properties-background" option window.
Command column: rundll32.exe shell32.dll, control_rundll desk. CPL, 1
Function: displays the "Display Properties-Screen Saver" option window.
Command column: rundll32.exe shell32.dll, control_rundll desk. CPL, 2
Function: displays the display properties-appearance option window.
Command column: rundll32.exe shell32.dll, control_rundll desk. CPL, 3
Function: displays the "show properties-properties" option window.
Command column: rundll32.exe shell32.dll, shhelpshortcuts_rundll fontsfolder
Function: display the "font" folder of windows.
Command column: rundll32.exe shell32.dll, control_rundll main. Cpl @ 3
Function: displays the "font" folder of windows.
Command column: rundll32.exe shell32.dll, shformatdrive
Function: displays the formatting dialog box.
Command column: rundll32.exe shell32.dll, control_rundll joy. CPL, 0
Function: displays the "control panel-Game Controller-General" option window.
Command column: rundll32.exe shell32.dll, control_rundll joy. CPL, 1
Function: displays the "control panel-game controller-advanced" option window.
Command column: rundll32.exe mshtml. dll, printhtml (HTML document)
Function: Print HTML documents.
Command column: rundll32.exe shell32.dll, control_rundll ml1_32.cpl
Function: displays the Microsoft Exchange General options window.
Command column: rundll32.exe shell32.dll, control_rundll main. Cpl @ 0
Function: displays the "control panel-mouse" option.
Command column: rundll32.exe shell32.dll, control_rundll main. Cpl @ 1
Function: displays the "control panel-keyboard properties-speed" option window.
Command column: rundll32.exe shell32.dll, control_rundll main. Cpl @ 1, 1
Function: displays the "control panel-keyboard properties-language" option window.
Command column: rundll32.exe shell32.dll, control_rundll main. Cpl @ 2
Function: displays the windows "Printer" folder.
Command column: rundll32.exe shell32.dll, control_rundll main. Cpl @ 3
Function: displays the windows "font" folder.
Command column: rundll32.exe shell32.dll, control_rundll main. Cpl @ 4
Function: displays the "control panel-Input Method properties-Input Method" option window.
Command column: rundll32.exe shell32.dll, control_rundll MODEM. CPL, add
Function: run the Add new modem wizard.
Command column: rundll32.exe shell32.dll, control_rundll mmsys. CPL, 0
Function: displays the "control panel-multimedia properties-Audio" property page.
Command column: rundll32.exe shell32.dll, control_rundll mmsys. CPL, 1
Function: displays the "control panel-multimedia properties-video" property page.
Command column: rundll32.exe shell32.dll, control_rundll mmsys. CPL, 2
Function: displays the "control panel-multimedia properties-Midi" property page.
Command column: rundll32.exe shell32.dll, control_rundll mmsys. CPL, 3
Function: displays the "control panel-multimedia properties-CD music" property page.
Command column: rundll32.exe shell32.dll, control_rundll mmsys. CPL, 4
Function: displays the "control panel-multimedia properties-devices" property page.
Command column: rundll32.exe shell32.dll, control_rundll mmsys. Cpl @ 1
Function: displays the control panel-sound option window.
Command column: rundll32.exe shell32.dll, control_rundll netcpl. CPL
Function: displays the control panel-Network option window.
Command column: rundll32.exe shell32.dll, control_rundll odbccp32.cpl
Function: displays the odbc32 data management option window.
Command column: rundll32.exe shell32.dll, openas_rundll {drive:/path/filename}
Function: displays the open mode dialog box for the specified file (drive:/path/filename.
Command column: rundll32.exe shell32.dll, control_rundll password. CPL
Function: the "control panel-Password" option window is displayed.
Command column: rundll32.exe shell32.dll, control_rundll powercfg. CPL
Function: displays the "control panel-Power Management Properties" option window.
Command column: rundll32.exe shell32.dll, shhelpshortcuts_rundll printersfolder
Function: displays the windows "Printer" folder. (Same as rundll32.exe shell32.dll, control_rundll main. Cpl @ 2)
Command column: rundll32.exe shell32.dll, control_rundll intl. CPL, 0
Function: the "control panel-region settings properties-region Settings" option window is displayed.
Command column: rundll32.exe shell32.dll, control_rundll intl. CPL, 1
Function: displays the "control panel-region settings properties-numbers" option window.
Command column: rundll32.exe shell32.dll, control_rundll intl. CPL, 2
Function: the "control panel-region settings properties-currency" option window is displayed.
Command column: rundll32.exe shell32.dll, control_rundll intl. CPL, 3
Function: displays the "control panel-region settings property-time" option window.
Command column: rundll32.exe shell32.dll, control_rundll intl. CPL, 4
Function: displays the "control panel-region settings properties-Date" option window.
Command column: rundll32.exe desk. CPL, installscreensaver [Screen saver file name]
Function: sets the specified screen saver file to Windows and displays the screen saver Properties window.
Command column: rundll32.exe shell32.dll, control_rundll sysdm. CPL, 0
Function: displays the "control panel-system properties-traditional" attribute window.
Command column: rundll32.exe shell32.dll, control_rundll sysdm. CPL, 1
Function: displays the "control panel-system properties-Device Manager" Properties window.
Command column: rundll32.exe shell32.dll, control_rundll sysdm. CPL, 2
Function: displays the "control panel-system properties-hardware configuration file" attribute window.
Command column: rundll32.exe shell32.dll, control_rundll sysdm. CPL, 3
Function: displays the "control panel-system properties-performance" attribute window.
Command column: rundll32.exe user.exe, restartwindows
Function: forcibly shut down all programs and restart the machine.
Command column: rundll32.exe user.exe, exitwindows
Function: forcibly shut down all programs and shut down them.
Command column: rundll32.exe shell32.dll, control_rundll telephon. CPL
Function: displays the "dial property" option window.
Command column: rundll32.exe shell32.dll, control_rundll themes. CPL
Function: displays the desktop theme option panel.
Of course, not just Visual Basic, like Delphi. other programming languages, such as Visual C ++, can also call external commands to use these functions of rundll. The specific method is not described here. The flexible use of rundll will make your program design easier and get twice the result with half the effort!
This article Reprinted from the network base camp: http://www.qqview.com/Dev/DotNet/200610185881.Html