What is Rundll32.exe? As the name, "execute 32-bit DLL files". Its role is to execute internal functions in the DLL file, so in the process, there will be Rundll32.exe, without having a DLL back door process, so that the process is hidden on the process. If you see multiple rundll32.exe in the system, you don't have to panic, this proves how many DLL files have been launched with Rundll32.exe. Of course, what the DLL files executed by these Rundll32.exe, we can find it from the system automatically loaded.
Now, I will introduce the file of rundll32.exe, meaning that the function is to call the dynamic link library in the command line. There is also a Rundll.exe file in the system, he means "executing 16 DLL files", here you should pay attention. Take a look at the function prototype used by Rundll32.exe:
Void Callback FunctionName
HWND HWND,
Hinstance hinst,
LPTSTR LPCMDLINE,
Int ncmdshow
);
The method of use is: rundll32.exe dllname, functionname [arguments]
Dllname is a DLL file name that needs to be executed; FunctionName is a specific extraction function of the DLL file that needs to be executed; [arguments] is the specific parameters of the lead function.
RundLL, as the name, execution of the DLL, its function is to call Windows dynamic link library with command column, Rundll32.exe and Rundll.exe is that the former is a 32-bit link library, and the latter is Applying for 16-bit link libraries, their command formats are:
Rundll.exe,
Here should pay attention to three points: 1. DLL file name cannot contain spaces, such as this file is located in the C: / ProgramFiles / Directory, you have to change this path to C: / progra ~ 1/; 2.DLL file name and DLL entry The comma between points cannot be small, otherwise the program will be wrong and will not give any information! 3. This is the most important point: Rundll cannot be used to call the DLL containing the return value parameter, such as getUserName (), getTextFace (), etc. in Win32API. In Visual Basic, an instruction shell for performing an external program is provided. The format is:
Shell "Command Column"
If you can use the Rundll32.exe to use the shell instruction, you will make your VB program have an effect that other methods is difficult to implement: still use it as an example, the traditional method requires you to build a module in the VB project, then Write the declaration of WinAPI, and finally you can call in the program. And now just one sentence:
Shell "Rundll32.exe User.exe, RestartWindows" is set! Is it convenient?
In fact, rundll32.exe has a unique advantage in calling various Windows control panels and system options. Below, I will enumerate the Rundll's instructions collected on the Internet (very useful, saving you a lot of time !!), for everyone in program design:
Command Columns: rundll32.exe shell32.dll, control_rundll
Function: Display Control Panel
Command Columns: Rundll32.exe Shell32.dll, Control_Rundll Access.cpl, 1 Function: Display "Control Panel - Auxiliary Options - Keyboard" option window
Command Columns: Rundll32.exe Shell32.dll, Control_Rundll Access.cpl, 2
Function: Display "Control Panel - Auxiliary Options - Sound" option window
Command Columns: Rundll32.exe Shell32.dll, Control_Rundll Access.cpl, 3
Function: Display "Control Panel - Auxiliary Options - Display" option window
Command Columns: Rundll32.exe Shell32.dll, Control_Rundll Access.cpl, 4
Function: Displays "Control Panel - Auxiliary Options - His Mouse" option window
Command Columns: Rundll32.exe Shell32.dll, Control_Rundll Access.cpl, 5
Function: Display "Control Panel - Auxiliary Options - Traditional" Options Window
Command Columns: Rundll32.exe Shell32.dll, Control_Rundll Sysdm.cpl @ 1
Function: Execute "Control Panel - Add New Hardware" Wizard.
Command Columns: Rundll32.exe shell32.dll, shhelpshortcuts_rundll addprinter
Function: Execute the Control Panel - Add New Princess Wizard.
Command Columns: Rundll32.exe Shell32.dll, Control_Rundll AppWiz.cpl, 1
Function: Displays the Control Panel - Add / Delete Program - Install / Uninstall panel.
Command Columns: Rundll32.exe Shell32.dll, Control_Rundll AppWiz.cpl, 2
Function: Display "Control Panel - Add / Remove Program - Installing the Windows" panel.
Command Columns: Rundll32.exe Shell32.dll, Control_Rundll AppWiz.cpl, 3
Function: Displays the Control Panel - Add / Delete Program - Startup Disk panel.
Command Columns: Rundll32.exe Syncui.dll, Briefcase_create
Function: Create a new "My Briefcase" on the desktop.
Command Columns: Rundll32.exe Diskcopy.dll, DiskCopyRundll
Function: Display Copy Soft Disk Window
Command Columns: Rundll32.exe APWIZ.CPL, NewlinkHere% 1
Function: Displays the "establishing shortcut" dialog that is determined by% 1 parameter.
Command Columns: Rundll32.exe Shell32.dll, Control_Rundll Timedate.cpl, 0
Function: Displays the Date and Time option window.
Command Columns: rundll32.exe shell32.dll, control_rundll timedate.cpl, 1
Function: Displays the Time Zone option window.
Command Columns: rundll32.exe rnaui.dll, RNADial [Name of a dial-up connection]
Function: Displays a dial-up window for a dial-up connection. If you have dial-up, display the window of the current connection state.
Command Columns: Rundll32.exe Rnaui.dll, Rnawizard
Function: Displays the Window of the New Dial-up Connection wizard.
Command Columns: Rundll32.exe Shell32.dll, Control_Rundll Desk.cpl, 0
Function: Displays the "Display Properties - Background" option window.
Command Columns: Rundll32.exe Shell32.dll, Control_Rundll Desk.cpl, 1
Function: Displays the "Display Properties - Block Protection" option window.
Command Columns: Rundll32.exe Shell32.dll, Control_Rundll Desk.cpl, 2 Features: Displays the Display Properties - Appearances option window.
Command Columns: rundll32.exe shell32.dll, control_rundll desk.cpl, 3
Function: Displays the display "Display Properties - Properties" option window.
Command Columns: Rundll32.exe Shell32.dll, Shhelpshortcuts_Rundll Fontsfolder
Function: Displays the "Font" profile of Windows.
Command Columns: rundll32.exe shell32.dll, control_rundll main.cpl @ 3
Function: Similarly, "Font" profile clips are displayed.
Command Columns: rundll32.exe shell32.dll, shFormatDrive
Function: Displays the Format Soft Disk dialog.
Command Columns: rundll32.exe shell32.dll, control_rundll joy.cpl, 0
Function: Displays "Control Panel - Game Controller - General" option window.
Command Columns: rundll32.exe shell32.dll, control_rundll joy.cpl, 1
Function: Displays the "Control Panel - Game Controller - Advanced" option window.
Command Columns: Rundll32.exe Mshtml.dll, Printhtml (HTML Document)
Function: Print HTML documentation.
Command Columns: rundll32.exe shell32.dll, control_rundll mlcfg32.cpl
Function: Displays the Microsoft Exchange General Options window.
Command Columns: rundll32.exe shell32.dll, control_rundll main.cpl @ 0
Function: Displays the Control Panel-Hull Mouse option.
Command Columns: Rundll32.exe Shell32.dll, Control_Rundll Main.cpl @ 1
Function: Displays the "Control Panel - Keyboard Properties - Speed" option window.
Command Columns: rundll32.exe shell32.dll, control_rundll main.cpl @ 1,, 1
Function: Displays the "Control Panel - Keyboard Properties - Language" option window.
Command Columns: rundll32.exe shell32.dll, control_rundll main.cpl @ 2
Function: Displays the Windows "Printing Machine" profile.
Command Columns: rundll32.exe shell32.dll, control_rundll main.cpl @ 3
Function: Displays the Windows "Font" profile.
Command Columns: rundll32.exe shell32.dll, control_rundll main.cpl @ 4
Function: Displays the "Control Panel - Input Properties - Input Method" option window.
Command Columns: Rundll32.exe Shell32.dll, Control_Rundll Modem.cpl, Add
Function: Execute the Add New Modem wizard.
Command Columns: rundll32.exe shell32.dll, control_rundll mmsys.cpl, 0
Function: Displays the Control Panel - Multimedia Properties - Audio property page.
Command: rundll32.exe shell32.dll, control_rundll mmsys.cpl, 1
Function: Displays the Control Panel - Multimedia Properties - Video property page.
Command Columns: rundll32.exe shell32.dll, control_rundll mmsys.cpl, 2
Function: Displays the Control Panel-Multimedia Properties-MIDI property page.
Command Columns: Rundll32.exe Shell32.dll, Control_Rundll MMSys.cpl, 3 Features: Displays the Control Panel-Multimedia Properties-CD Music Properties page.
Command Columns: Rundll32.exe Shell32.dll, Control_Rundll MMSys.cpl, 4
Function: Displays the Control Panel - Multimedia Properties - Device property page.
Command Columns: rundll32.exe shell32.dll, control_rundll mmsys.cpl @ 1
Function: Displays the "Control Panel - Sound" option window.
Command Columns: rundll32.exe shell32.dll, control_rundll netcpl.cpl
Function: Displays the Control Panel - Network option window.
Command Columns: rundll32.exe shell32.dll, control_rundll odbccp32.cpl
Function: Displays the ODBC32 Data Management Options window.
Command Columns: Rundll32.exe Shell32.dll, OpenAS_Rundll {Drive: / Path / FileName}
Function: Displays the "Open Mode" dialog of the specified file (Drive: / Path / filename).
Command Columns: rundll32.exe shell32.dll, control_rundll password.cpl
Function: Displays the "Control Panel - Password" option window.
Command Columns: Rundll32.exe Shell32.dll, Control_Rundll Powercfg.cpl
Function: Displays the "Control Panel - Power Management Properties" option window.
Command Columns: Rundll32.exe Shell32.dll, Shhelpshortcuts_Rundll PrintersFolder
Function: Displays the Windows "Printing Machine" profile. (With rundll32.exe shell32.dll, control_rundll main.cpl @ 2)
Command Columns: Rundll32.exe Shell32.dll, Control_Rundll INTL.CPL, 0
Function: Displays the "Control Panel - Zone Setting Properties - Zone Settings" option window.
Command Columns: rundll32.exe shell32.dll, control_rundll INTL.CPL, 1
Function: Displays the "Control Panel - Zone Setting Properties - Number" option window.
Command Columns: rundll32.exe shell32.dll, control_rundll INTL.CPL, 2
Function: Displays the "Control Panel - Zone Setting Properties - Currency" option window.
Command Columns: rundll32.exe shell32.dll, control_rundll INTL.CPL, 3
Function: Displays the "Control Panel - Zone Setting Properties - Time" option window.
Command Columns: Rundll32.exe Shell32.dll, Control_Rundll INTL.CPL, 4
Function: Displays the "Control Panel - Zone Setting Properties - Date" option window.
Command Columns: Rundll32.exe Desk.cpl, Installscreensaver [Block Software Name]
Function: Set the specified Fluor Screen Protection File to Windows screen saver and displays the Block Blight Protection Properties Window.
Command Columns: rundll32.exe shell32.dll, control_rundll sysdm.cpl, 0
Function: Displays the "Control Panel - System Properties - Traditional" properties window.
Command Columns: Rundll32.exe Shell32.dll, Control_Rundll Sysdm.cpl, 1
Function: Displays the Control Panel-System Properties-Device Manager property window.
Command Columns: Rundll32.exe Shell32.dll, Control_Rundll Sysdm.cpl, 2 Function: Displays the Control Panel - System Properties - Hardware Configuration File properties window.
Command Columns: rundll32.exe shell32.dll, control_rundll sysdm.cpl, 3
Function: Displays the "Control Panel - System Properties - Performance" properties window.
Command Columns: Rundll32.exe User.exe, RestartWindows
Function: Forcibly shut down all processes and restart the machine.
Command Columns: Rundll32.exe User.exe, ExitWindows
Function: Forcibly shut down all processes and shut down.
Command Columns: Rundll32.exe Shell32.dll, Control_Rundll Telephon.cpl
Function: Display "Dial Properties" option window
Command Columns: rundll32.exe shell32.dll, control_rundll themes.cpl
Function: Show "Desktop Total" option panel
