Author of the article: snaix
Preface:
Sometimes people tend to headache for a program, because some users often don't know how those files are started. So there will be some things that are useless to hook in the system. Sometimes someone will headache because I don't know how to start a certain file. More Some of the authors of Trojan horses have made their horses easily by others because they don't know the self-starting way of the system ...
There is a lot of ways in Windows's self-starting. In addition to some common startup methods, there are some very hidden ways to start files. This article summarizes the following, although not all, I think it should help everyone. All of the article is based on the system default status for research.
English represents the English operating system, (Chinese) represents the Chinese operating system. This article did not add an explanation of the full Chinese Windows98 operating system.
Warning:
Some of the operations mentioned in the article may involve the stability of the system. For example, if you do not correctly use the Registry Editor, you can cause a serious problem that you might reinstall the system. Microsoft does not guarantee that the results caused by the abnormal use of registry editors can be resolved. The author does not be responsible for the consequences, please use it according to your own situation.
Windows's self-starting method:
One. Self-start directory:
1. First self-start directory:
The default path is:
WINDOWSSTART MENUPROGRAMSTARTUP (ENGLISH)
C: WINDOWSSTART MENUPROGRAMS start (Chinese)
This is the most basic, most commonly used Windows boot mode, primarily to launch a self-starting item of some application software, such as Office's shortcut menu. General User wants to start when you start, you can start here, just place the required file or its shortcut to place it in the folder.
Corresponding registry location:
[HKEY_CURRENT_USERSFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXPLORSHELL Folders]
Startup = / "% Directory% /"
[HKEY_CURRENT_USERSFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXPLORER HELL Folders]
Startup = / "% Directory% /"
"% Directory%" is the launch folder location.
C: WindowsStart MenuProgramsstartup
C: WindowsStart MenuPrograms start
"Start" folder in the Start menu is changeable, if the user changes the launch folder, the key values of the above registry will change to the corresponding name.
It is worth noting that the content in the "Start" folder in the Start menu can be seen by the user in the default state. But by modifying or reaching the purpose of fairly hiddenly:
First, the shortcut or other files in the "Start" folder can be changed to "hidden". This can reach the system that does not start the hidden file, and it is possible to restore the startup by changing the file attribute when it is started.
Second, in fact, "Start" folder is just a normal folder, but since the system monitors this folder, it becomes some special, but the function of the folder is also available. For example, the name of the "Start" folder can be changed, and the "Start" folder can also set the properties. If the property is set to "hide", you can't see the "Start" folder in the system in the system (even if you have set "in the Folder option". "). The system also launches non-hidden files in this hidden folder. Sensitive people may have discovered problems. for instance:
If I want to start a server server server server, I can change the name of the original "Start" menu to "Startup" (here is correct, the registry corresponding key value will be changed.) Create a folder called "Startup", copy all the files in the "Startup" menu (here you can use the copy, you can cheat the user's check) to the "Start" menu, then put the A Trojan's Server program " In the Startup folder, finally hide the "Startup" folder. Datual!
From the appearance, the user's [start] [Start] is still there, and the file to be started is. But the file that is started at this time is not a file in a folder named "Start", but a file in a folder named "startup". If the Trojan is doing, you can copy the files in "Startup" to the "Startup" directory to achieve the purpose of the real-time update start directory at each time you start. Since the "Startup" folder is hidden, from [Start] [Program], it is not possible to see the real launch menu "Startup", so the purpose of hidden startup!
This start-up mode is more concealed, but it can still be seen in the "Start" page through MSConfig.
2. Second Self-start directory:
yes, in fact, Windows also has another self-start directory, and it is very obvious but often is ignored by people.
This path is located:
C: WindowsAll Usersstart MenuProgramsstartup (English)
C: WindowsAll UserStart MenuPrograms Startup (Chinese)
This directory is exactly the same as the first self-start directory. Just find this directory, drag and drop the files that you need to start can reach the purpose.
[HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXPLORER SHELL Folders]]
/ "Common startup /" = / "% directory% /"
[HKEY_LOCAL_MACHINESOFTWAREMICROFTWINDOWSCURRENTVERSIONEXPLORERSHELL Folders]
/ "Common startup /" = / "% directory% /"
It is worth noting that this directory is completely unable to see in the "Start" directory of the start menu. With each startup, the non-hidden files in this directory will also start! In addition, you can see the files you want to start in this directory in MSConfig.
II. System configuration file started:
Since the system's configuration file is quite unfamiliar to most users; this causes these startup methods to be quite hidden, so some methods mentioned here will often be used to do some Destructive operation, please pay attention.
1.Win.ini started: launch position (file.exe is the file name to be launched):
[Windows]
LOAD = file.exe
Run = file.exe
Note: LOAD = The difference between Run = is: running files via load =, files run (minimize) in the background; and run through Run =, the file is running in the default state.
2.System.ini started:
Launch position (file.exe is the name of the file to be started):
default:
[Boot]
SHELL = Explorer.exe
You can start the file:
[Boot]
SHELL = Explorer.exe file.exe
Description:
The author remembers a book written by Mr. Norton (that is, the person who has developed NORTON series software), 1, 2 The two documents have no effect on the system, but due to time, the author There is no time to test, you can try it.
However, it is certain that it can be sure, such starting methods tend to be utilized by Trojans or some prank programs (eg, the kiss of the demon) and cause the system to be abnormal. Since general users are very young, even people don't know what these files are used, so the concearation is very good. But because of its increasing frequent use, this start-up method has also been greatly perceived. Users can use MSConfig this command to check if any program is loaded. Specifically, it is to enter the MSconfig Enter in the "Run" in the menu, followed by text description.
Note:
in = 启 启 启 痪 痪 为!
This start-up mode is launched in advance, so if you want to limit the start of the file in the registry, use this method.
3.Wininit.ini started:
Wininit.ini This document may have not known that users in general operations can also contact this file directly. But if you have written an uninstaller, you will know this file.
Wininit is Windows Setup Initialization Utility. Translated into Chinese is Windows Installation Initiation Tools. So maybe I don't understand, if you see the following prompt information:
Pplease Wait While Setup Updates Your Configuration FILES.
Teis May Take a Few Minutes ...
Everyone may know! This is Wininit.ini works!
Due to the Windows, many executable files and driver files are executed to be protected by system protection. So change these files in the normal state of Windows has become a problem, so wininit.ini appears to help the system do this. It will make the system execute some commands before the system is loaded, including copy, delete, rename, etc. to complete the purpose of the update file. The wininit.ini file exists in a Windows directory, but in the general time we can't find this file in the C: windows directory, you can only find its EXE program Wininit.exe. The reason is that WininIt.ini will be automatically deleted by the system each time it is executed by the system, until the new WininIt.ini file is again removed. file format:
[Rename]
File1 = file2
File1 = file2 means copying the file2 file into file name file1, equivalent to overwriting the file1 file.
When this startup, Windows implements the purpose of updating file1 with file2; if File1 does not exist, the actual result is copied File2 and renamed to file1; if you want to delete the file, you can use the following command:
[Rename]
Nul = file2
this means that the file2 will become empty, that is, the meaning of deletion.
The above file name must contain the full path.
Note:
1. Due to the file processing of the wininit.ini file is processed before Windows starts, long file names are not supported.
2. The above document replication, deletion, renaming, etc. are not prompted by the user. Some viruses will also use this file to destroy the system, so if the user finds that the system has no reason:
Pplease Wait While Setup Updates Your Configuration FILES.
Teis May Take a Few Minutes ...
So maybe there is a problem.
3. In Windows 95 Resource Kit, it is mentioned that there are three possible segments of the wininit.ini file, but only the usage of the [Rename] section is described.
4.WinStart.bat started:
This is a system self-starting batch file, the main role is to process some tasks that need to be copied, deleted. For example, some software requires restarting after installation or unloading, you can use this copy and delete some files to achieve the purpose of completing the task. Such as:
"@IF EXIST C: WindowsTempproc.bat Call C: WindowsTempproc.bat"
Here is the command to execute the proc.bat file;
"Call filename.exe> NUL"
Here is to remove any output on the screen.
It is worth noting that WinStart.bat files have the same role in a sense and autoexec.bat. If the clever arrangement can achieve the purpose of modifying the system!
5.AutoExec.bat started:
This is not said, it should be one of the system files that the user is familiar with. Start under DOS each time you restart the system. Malicious procedures often use this file to do some auxiliary measures.
However, there is a malicious code in the autoexec.bat file. Such as Format C: / Y, etc .; this opportunity has increased significantly due to the presence of the BAT malicious program. For example, the most popular SIRCAM worm has also take advantage of the autoexec.bat file.
Description:
4,5 These two files are batch files, and their role often cannot be fully written, because the use of batch processing is too broad in the DOS era, and its function is also relatively powerful. To use these two files, you need a certain understanding of DOS. .
three. Registry started:
The startup in the registry should be the most frequently started way, but in this way, there are also some ways to hidden, and there are three kinds.
1. General start:
% PATH% is any path, file.exe is the program to run. [HKEY_LOCAL_MACHINESOFTWAREMICROFTWINDOWSCURRENTVERSIONRUNSERVICES]]
/"Anything/"=/"%path%file.exe/ "
[HKEY_LOCAL_MACHINESOFTWAREMICROFTWINDOWSCURRENTVERSIONRunServices ]once]
/ "Anything /" = / "% PATH% file.exe /"
[HKEY_LOCAL_MACHINESOFTWaremicrosoftWindowsCurrentVersionRun]
/ "Anything /" = / "% PATH% file.exe /"
[HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUNCE]
/ "Anything /" = / "% PATH% file.exe /"
[HKEY_CURRENT_USERSFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN]
/ "Whatver /" = / "C: RunfolderProgram.exe /"
[HKEY_CURRENT_USERSEFTWaremicrosoftWindowsCurrentVersionRunOnce]
/ "Whatver /" = / "C: RunfolderProgram.exe /"
Note:
(1). If you need to run the .dll file, you need a special command line.
Such as:
Rundll32.exe C: windowsfile.dll, rundll32
(2). Lifting the corresponding self-starting items only need to delete the key value, but notice not to delete such a system key value such as SystemTray, ScanRegistry.
(3). If you only want to keep the key value, just add the REM in this key value. Such as:
"REM C: Windowsa.exe"
(4). There is no this in the self-start item in the registry:
[HKEY_CURRENT_USER SOFTWaremicrosoftWindowsCurrentVersionRunServices]]]]]
(5) .Run and RunServices The difference between: Run is started at each system startup, and RunServices is started at each login system.
About:
[HKEY_LOCAL_MACHINESOFTWAREMICROFTWINDOWSCURRENTVERSIONRUNENCEEX]
Special grammar:
For example, running notepad.exe
HKLMsoftwareMicrosoftWindowsCurrentVersionRunonnex
/ "Title /" = / "My setup title /"
/ "Flag /" = dword: 00000002
hklmsoftwaremicrosoftwindowscurrentversionrunonnex001
/ "RunmyApp /" = / "|| notepad.exe /"
Grammar is:
HKLMsoftwareMicrosoftWindowsCurrentVersionRunonnex
Flags = 0x0000000
Title = / "status dialog box title /"
hklmsoftwaremicrosoftwindowscurrentversionRunonnexdepend
= / "xxx1 /"
= / "xxxx /"
hklmsoftwaremicrosoftwindowscurrentversionrunonnex001
HKLMsoftwareMicrosoftWindowsCurrentVersionRunonceex00x
...
Note:
(1). "Xxx1, xxxx" is a dynamic link library (DLL) or .ocx file name (such as my.ocx or my.dll).
(2). "0001,000X" is some name. Can be numbers and text.
(3). "Entry1, entryx" is a registry string value to a program file to be run.
Flags is a DWORD value positioned in the RunonceEx key to activate / disabling, as follows:
Function function definition
0x00000000 default all functions
Check the shell status
0x00000008 No error dialogue error dialog
0x00000010 Creating an error report file Creating a C: WindowsRunonceex.err file If there is an error
0x00000020 Creating an Executive Report Document Create a C: WindowsRunonnex.log file with command status
0x00000040 No exception limit When the DLL is registered, no exception
0x00000080 No State Dialogue When the RunonceEx runtime status dialog is not displayed
Due to the large number of people, please browse Microsoft pages:
http://support.microsoft.com/support/kb/articles/q232/5/09.asp
2. Special start 1:
In addition to the above-mentioned ordinary start-up mode, in the registry, you can use some special way to achieve the initiation:
[HKEY_CLASS_ROOTEFILESHELLOPENCOMMAND] @ = / "% 1 /"% *
[HKEY_CLASS_ROTCOMFILESHELLOpenCommand] @ = / "% 1 /"% *
[HKEY_CLASS_ROOTBATFILESHELLOPENCOMMAND] @ = / "% 1 /"% *
[HKEY_CLASS_ROTHTAFILESHELLOPENCOMMAND] @ = / "% 1 /"% *
[Hkey_classes_rootpiffileshellopencommand] @ = / "% 1 /"% * [HKEY_LOCAL_MACHINESOFTWARECLASSSBATFILESHELLOPENCOMMAND] @ = / "% 1 /"% *
[HKEY_LOCAL_MACHINESOFTWARECLASSCOMFILESHELLOPENCOMMAND] @ = / "% 1 /"% *
[HKEY_LOCAL_MACHINESOFTWARECLASSEXEFILESHELLOPENCOMMAND] @ = / "% 1 /"% *
[HKEY_LOCAL_MACHINESOFTWARECLASSSHTAFILESHELLOPENCOMMAND] @ = / "% 1 /"% *
[HKEY_LOCAL_MACHINESOFTWARECLASSPIFFILESHELLOPENCOMMAND] @ = / "% 1 /"% *
In fact, it can be seen in the path to the registry, these are some key values of some executable executables. Often some Trojans can change these key values to achieve the load:
If I turn ""% 1 "% *" to "file.exe"% 1 "% *", the file file.exe will execute a type of file per time (which one to be changed. The file type is executed! Of course, it is not necessarily only an executable file, such as the glacial, using the TXT file key value:
[HKEY_CLASSES_ROOTTFILESHELLOPENCOMMAND] A starting way for Trojans.
3. Special start 2:
In the registry:
TemcurrentControlsetServicesVXD
There is such an address in the location. This address is the address placed by the system launched the VXD driver file, just like the PRETTYPARK worm, you can add the VXD file to the registry in the registry after building a primary key.
Note: You can not rename a VXD file directly to the VXD file, you need to be programmed, generated VxD files.
Other boot mode:
(1) .C: Explorer.exe startup mode:
This is a special start-up method, very few people know.
Under Win9x, since System.ini specifies the name of Windows's shell files Explorer.exe, no absolute path is specified, so Win9x will search for the Explorer.exe file.
The search order is as follows:
(1). Search the current directory.
(2). If you have not been searched, Explorer.exe is available, the system will get
[HKEY_LOCAL_MACHINESYSTEMCURRENTCONTROLSETCONTROLSESSION ManageRenvironmentPath] information is obtained relative path.
(3). If there is still no file system, it will obtain the information of [HKEY_CURRENT_USERENVIRONMENTPATH] to get a relative path.
here:
[HKEY_LOCAL_MACHINESYSTEMCURRENTCONTROLSETCONTROLSESSION ManagerenVironmentPath] and [HKEY_CURRENT_USERENVIRONMENTPATH] The key value saved with the relative path saved is: "% systemroot% system32;% systemroot%" and empty.
So, because when the system starts, "current directory" is definitely% systemDrive% (system drive), so the order of the system search Explorer.exe should be: % systemDrive% (for example, C: )
(2).% Systemroot% system32 (for example, C: Winntsystem32)
(3).% Systemroot% (for example, C: WinNT)
At this point, if you put a file called Explorer.exe in the system root directory so that the system will automatically start the EXPLORER.EXE under the root directory when each startup is started without launching the Explorer under the Windows directory. It.
Under the Winnt Series, WindowsNT / Windows 2000 pays more attention to the location of the file name of Explorer.exe, puts the name of the shell file (Explorer.exe) to be used when the system is started:
[HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSNTCURRENTVERSIONWINLOGONSHELL]
This location.
As the default, this location does not exist, the default is Explorer.exe.
Please refer to:
http://www.microsoft.com/technet/security/bulletin/fq00-052.asp
Note:
Be sure to determine the Explorer.exe under the root directory to launch Explorer.exe under the Windows directory, otherwise Windows will not start!
Now popular virus coded will place two files of about 8KB Explorer.exe in C: and D: Directory!
Microsoft has changed this way in Windows 2000 SP2.
(2). Screen protection startup mode:
The Windows screen saver is a .scr file. This is an executable file in a PE format. If the screen saver .scr is renamed. Scr, the program can still start normally. Similar. EXE files are renamed .scr files are also the same as being run!
SCR file default exists in the C: Windows directory, his name is the name in the "Screen Saver Program" in the "Display" property. All * .scr files in the C: Windows directory are displayed by Windows "Screen Saver", and the file path itself is saved in Scrnsave.exe = in system.ini. Interesting is in scRNSAVE.EXE = this, its specified path also contains a directory name. That is, if I want to install a .scr file, such as the installation path is D: SCR1.SCR, and D: SCR is still 2.SCR, in this directory, all. Scr (1.SCR, 2. SCR) files are displayed in the "Screen Saver" settings. If the screen saver is set to "(none)", Scrnsave.exe = This does not exist. However, if scrketave.exe = The file or directory referred to in this article is wrong, then "(none)" is still displayed in "Screen Saver Settings".
The startup time of the screen saver is saved in this location in the registry:
The time unit is second, but although it is second, the start-up time is divided, that is, start recording from 60 seconds. If the recording time is less than 60 seconds, it is automatically set to 1 minute.
whether to set the screen saver password key is: HKEY_USERS.DEFAULTControl PaneldesktopScreenSaveUsePassword
a password value is 1 no password, the value is 0.
This shows that if someone renamed the .exe program named .scr, and enable the program to add "Scansave.exe = /% Path%" F / ILE.SCR "in System.ini (/ % Path% / file.scr is the path and file name of the file you want, such as C: Program FileStrojan.scr), modify the HKEY_USERS.DEFAULTCONTROL PANELDESKTOPSCREENSAVETITIMEOMEOMEOMEOTIMEOMEOMEOTIMEOMET in the registry, and the system is only 60, and the system is only one minute. The file will be started!
Another simple destruction method is to randomly generate screen protection passwords and write the corresponding position of the corresponding file. It is 1 minute, and the system will be locked as long as it is idle for one minute! (Since the problem is not self-starting, it is not discussed.)
Note: Since scansave.exe = here will also define the path to the .scr file, it is best not to place some of the files to be started in .scr file, otherwise it is easy to suspect. (Except for Windows Directory) (3). Reassuring:
This type of start-up method has been a variety of viruses. This method is to use the virus's infection mechanism to attach the exe file to be started on another and multiple EXE files to achieve the purpose of the file to be started to start the EXE file. I remember that when YAI this Trojan was popular, it used the purpose of starting with an EXE file, but because BUGS and methods were issued, the destruction of the Trojans was reflected in its "virus".
Using this startup method must be aware that you can't destroy the EXE file (otherwise it will be easily discovered), and it is best to position the Trojan on a fixed one or several exe files. Such as: ipplore.exe (IE EXE file), RNApp.exe (Exe file of the dial-up network), etc.
Note: This method is relatively dangerous, and it is also quite context, and it is very close to the virus.
(4). Planned task launch mode:
The program task of Windows is a feature that is used for a preset implementation of Windows. But if this feature is used to realize self-starting! Since many computers are automatically loaded "Plan Tasks", the concealation is relatively good.
In Windows default, the planned task is a .job file saved in the C: WindowsTasks directory. The .job file includes a series of information such as start-up mode, file path. It is the key to prepare or make the software you can write .job files. Then it will be started after the relevant place write mark.
Due to the time relationship, this method has not been tested, and the reader can test itself.
(5) .autorun.inf start-up mode:
This logo may have seen it. Yes, this most often appears in the disc and used for self-start. Each time the disc is placed in the optical drive, the system will determine whether the disc is automatically started. But have you ever thought that this file can also be used from starting some files!
[Autorun]
p = file.exe
ICon = icon.ico
p The name of the executable of the executable that is inserted or double-click the disc drive.
intact is the icon file of the optical drive driver. This file can be other files. Such as:
[Autorun]
p = file.exe
ICon = icon.exe, 2
there is an executable file with icon files, ", 2" is the third icon in this file. (", 0" is the first icon, countless words, the default is the first icon).
The most important thing is that the autorun.inf file can be used on the drive of the hard disk. That is, if all the files on the disc and the directory are properly caught into a root directory of a hard disk, the double-click disk will appear automatic running files!
If it is a Trojan, play a bit: a Trojan is named AAA.exe after execution in the C: windows directory. Then the Trojan can generate an autorun.inf
File in C: Under, the content is as follows: [Autorun]
Open = Windowsaaa.exe
ICon = aaa.exe
In this case, the drive letter is the first icon file for aaa.exe. The AAA.exe file is executed while each time you double-click the C drive. But note is that aaa.exe file
It is best to open the C directory. (More easy to disguise)
Note:
(1) .autorun.inf's attribute is changed to hide, still can still be used.
(2). The path to the path in /f is achievable to relative paths and absolute paths. That is to say, if autorun.inf is placed under 1 disk, you can also use the file on the file! Such as:
If you put the autorun.inf file in the root directory of the C drive, the content is
[Autorun]
p = D: cccbbb.exe
ICon = bbb.exe
At this time, if you double-click the C drive, you can perform the bbb.exe file on the D disk CCC directory!
(3). If there is no Open project, the system does not perform any files, and the next command will be performed.
(4). If there is no Icon project, the icon of the disk is the original Windows card icon, but if there is an ICON item but set an error, or the set file is not icon, the system will display as the default blank icon. .
(5). Automatic start-related:
This start-up mode is actually just a problem. You can start another file with startup, Subseven uses the method of starting WindOS.exe to start Subseven Sever files.
B.Start started:
In "Run" or "MS-DOS" mode, enter START Enter, will display
Runs a Windows Program OR AN MS-DOS Program.
Start [Options] Program [arg ...]
Start [Options] Document.ext
/ M [Inimized] Run The New Program Minimized (In the Background).
/ MAX [Imized] Run The New Program Maximized (in The Foreground).
/ R [ESTORED] in the new program rest (in the foreground). [Default]
Start / M File.exe
But it seems that some software (such as Jinshan Words) does not reflect this order.
C. Control panel launched:
This is to use the control panel program to be executed similar to the DLL to achieve the startup purpose.
In the control panel, the .CPL file is the original file of the control panel. The default files are placed in a /% windows% / system / directory, such as Desk.cpl is desktop properties, INETCPL.CPL is the Internet option. But these .CPL files are all PE format files, that is, if the user puts an executable similar DLL .cpl file in% Windows% System, you can see its icon in the control panel, and execute!
Due to the particularity of the .CPL file, it is necessary to use Rundll32.exe to start the file. Rundll32.exe is the file used when Windows is used to call the dynamic connection function, enter: rundll32 shell32.dll, control_rundll /%Path%/Desk.cpl ,,,
SHELL32.DLL is called DLL file, meaning to call the control_rundll in shell32.dll to open the Desk.cpl file; /% path% / the path to the .CPL file, the default is C: windowssystem; the last X The number of pages for the desk.cpl file: starting from 0, 0 is the first page (such as "display attribute" "background"), 1 is the second page (such as "Desktop Properties" "screen saver"), according to Such push.
But if you do it, the file is displayed in the control panel. There are two ways to do not let it display:
(1). Do not put your .cpl file in C: WindowsSystem. Because Windows will load all .cpl files in WINDOWS. If you want it to display, turn on the Control.ini file under Windows, write like: [MMCPL]:
File.cpl = d: pats.cpl
The order is there to achieve the purpose of display.
(2). When you see the Control.ini file, you must see [Don't load] above [mmcpl]. Yes, if your file is written to this in the form of file.cpl = no, then the file is not loaded. Against recovery.
In the registry:
..
"Hidefileext" This key value is to determine whether the Windows is displayed to display the extension, if its value is 1, hide the extension, is not hidden.
EXE file:
Such as the Sircam worm, the extension of the exe file can be referred to as .bat, .com, .pif, .scr, etc., and running the effect, it is not necessarily. But .exe files cannot be renamed .lnk files, this may also be a bug of SIRCAM.
Finally:
Windows has a lot of styles. This is part of the Windows system. A hidden and few people know the self-starting way is the necessary conditions for remote monitoring software to become an excellent software. For ordinary users, it is also necessary to understand this information. The author tries to fully introduce these methods and ideas that can be started. Some self-starting methods mentioned in the article are very common, and some are rarely known, and some ways may even be written in the first time. Many of these methods have joined their own ideas, so that although they are ordinary but they are very hidden.
The self-starting mode allocated is passed by default in the corresponding system mentioned in Windows98 or mentioned. Only part of the Windows Me and Windows 2000 is available. By testing the self-starting method of different platforms, you can also find Windows systems or towards increasing direction. Therefore, in a Windows version of the future, the author cannot guarantee that these can be used. But there will always be some places that can be used. If this doodle can bring some inspiration to readers, then the author will be very happy!
Due to time rush, add a limited number of people, there must be a lot of mistakes in the text, and reader Han Han.
The discussion of Windows self-starting way can contact me, my E-mail is
Snaix@yeah.net.
This article reprints, please indicate the author and the source. If used for business, please contact the author.
Main reference:
http://www.tlsecurity.net/auto.html
http://support.microsoft.com/support/kb/articles/q232/5/09.asp
Syntax for the runonceex registry key 中文
Summary
More Information
Runonceex Sample To Run Notepad
Sample syntax
Notes
DEFINITION OF VALUES AND SUBKEYS
Wininit.ini and viruses (name to the author)
http://www.microsoft.com/technet/security/bulletin/fq00-052.asp
