What is Rundll32.exe? Gu thinking of Italy, “32-bit implementation of the DLL file.” Its role is to document the implementation of the internal DLL functions, so that process will only lead to Rundll32.exe, the backdoor without the process DLL, so that the realization of a hidden process. If you see a number of systems Rundll32.exe, do not panic, this proves Rundll32.exe start with the number of the DLL file. Of course, the implementation of these Rundll32.exe What is the DLL file, we can automatically load from the system to find the place.
Now, I introduce the Rundll32.exe file, which means already mentioned above, function is the way to the command line to call dynamic link library. There is also a Rundll.exe system file, he means “16-bit implementation of the DLL file”, click here to pay attention to. Rundll32.exe in to take a look at the use of the function prototype:
Void CALLBACK FunctionName (
HWND hwnd,
HINSTANCE hinst,
LPTSTR lpCmdLine,
Int nCmdShow
);
Under its command-line method for the use of: Rundll32.exe DLLname, Functionname [Arguments]
DLLname for the need to implement the DLL file name; Functionname for the front of the DLL files need to implement the specific function of lead; [Arguments] for the extraction of specific parameters of function.
A Brief Discussion of the role of Rundll32.exe (I am a rookie)
Windows9x common friend Rundll.exe necessarily Rundll32.exe and the two files you will not be unfamiliar, but as a result of these two functions of the original program is limited to internal use at Microsoft, which really knows how to use them must be more than friends . Well, if you do not know, then let me tell you.
First of all, please make a small experiment (please keep you in advance is the result of the implementation of the program, or else …): click “Start – Programs-Ms-Dos mode”, enter the Dos window, then type rundll32.exe user . exe, restartwindows, and then press the Enter key, then you will see that the machine was restarted! How to, is not very interesting?
Of course, Rundll function not only to restart your machine. In fact, Rundll who, by definition, the implementation of Dll also, it is the function of command-line way to call Windows dynamic link library, Rundll32.exe and Rundll.exe difference lies in the fact the former is called 32-bit link libraries, and The latter is used in 16 of the link library, which is the command format:
RUNDLL.EXE
Should pay attention to three points here: 1.Dll file name can not contain spaces, such as the file is located in c: \ ProgramFiles \ directory, you should change the path c: \ Progra ~ 1 \; 2.Dll file name and Dll comma between the point of entry can not be less, or else the program will error and will not give any information! 3. This is the most important point: Rundll can not be used to call the return value parameter with Dll, such as Win32API the GetUserName (), GetTextFace () and so on. In Visual Basic, provides a program of instructions to implement the external Shell, format as follows:
Shell “command line”
If we can make good use of Rundll32.exe with Shell commands, you will have the VB program in other ways difficult or impossible to achieve the effect: still to restart as an example, the need for traditional methods in the VB project you create a module, WinAPI statement and then write the final call to the program. Now only one:
Shell “rundll32.exe user.exe, restartwindows” get on! Is it much more convenient?
In fact, Rundll32.exe in Windows control panel to call a variety of options and the system has a unique advantage. Now, I will, I collected on the Internet relating to the instructions listed below Rundll (very useful and can save you a lot of time to call Windows API!!) For all quoted in the program:
Command line: rundll32.exe shell32.dll, Control_RunDLL
Function: Display Control Panel
Command line: rundll32.exe shell32.dll, Control_RunDLL access.cpl,, 1
Function: Display “control panel – accessibility – keyboard” option window
Command line: rundll32.exe shell32.dll, Control_RunDLL access.cpl,, 2
Function: Display “control panel – accessibility – voice” option window
Command line: rundll32.exe shell32.dll, Control_RunDLL access.cpl,, 3
Function: Display “control panel – accessibility – show” option window
Command line: rundll32.exe shell32.dll, Control_RunDLL access.cpl,, 4
Function: Display “control panel – accessibility – mouse” option window
Command line: rundll32.exe shell32.dll, Control_RunDLL access.cpl,, 5
Function: Display “control panel – accessibility – the traditional” window options
Command line: rundll32.exe shell32.dll, Control_RunDLL sysdm.cpl @ 1
Functions: the implementation of “control panel – add new hardware” wizard.
Command line: rundll32.exe shell32.dll, SHHelpShortcuts_RunDLL AddPrinter
Functions: the implementation of “control panel – add a new printer” wizard.
Command line: rundll32.exe shell32.dll, Control_RunDLL appwiz.cpl,, 1
Function: Display “Control Panel – Add / Remove programs – Install / Uninstall” panel.
Command line: rundll32.exe shell32.dll, Control_RunDLL appwiz.cpl,, 2
Function: Display “Control Panel – Add / Remove programs – install Windows” panel.
Command line: rundll32.exe shell32.dll, Control_RunDLL appwiz.cpl,, 3
Function: Display “Control Panel – Add / Remove Programs – Startup Disk” panel.
Command line: rundll32.exe syncui.dll, Briefcase_Create
Function: on the desktop to create a new “My Briefcase.”
Command line: rundll32.exe diskcopy.dll, DiskCopyRunDll
Function: Display window to copy a floppy disk
Command line: rundll32.exe apwiz.cpl, NewLinkHere% 1
Features: show “the establishment of shortcuts,” the dialog box, create a shortcut to the location of the decision by the% 1 parameter.
Command line: rundll32.exe shell32.dll, Control_RunDLL timedate.cpl,, 0
Function: display “Date & Time” option window.
Command line: rundll32.exe shell32.dll, Control_RunDLL timedate.cpl,, 1
Function: display “time zone” option window.
Command line: rundll32.exe rnaui.dll, RnaDial [the name of a dial-up connection]
Function: Display a dial-up dial-up connection window. If you have a dial-up connection, it shows the connection status of the current window.
Command line: rundll32.exe rnaui.dll, RnaWizard
Function: Display “New Dial-up Connections” window wizard.
Command line: rundll32.exe shell32.dll, Control_RunDLL desk.cpl,, 0
Function: display the “Display Properties – Background” option window.
Command line: rundll32.exe shell32.dll, Control_RunDLL desk.cpl,, 1
Function: display the “Display Properties – screen protection” options window.
Command line: rundll32.exe shell32.dll, Control_RunDLL desk.cpl,, 2
Function: display the “Display Properties – Appearance” option window.
Command line: rundll32.exe shell32.dll, Control_RunDLL desk.cpl,, 3
Features: show show the “Display Properties – Properties” window option.
Command line: rundll32.exe shell32.dll, SHHelpShortcuts_RunDLL FontsFolder
Function: Display Windows of the “font” folder.
Command line: rundll32.exe shell32.dll, Control_RunDLL main.cpl @ 3
Functions: the same is an indication that Windows “fonts” folder.
Command line: rundll32.exe shell32.dll, SHformatDrive
Function: display the dialog box to format a floppy disk.
Command line: rundll32.exe shell32.dll, Control_RunDLL joy.cpl,, 0
Function: Display “control panel – game controllers – General” window option.
Command line: rundll32.exe shell32.dll, Control_RunDLL joy.cpl,, 1
Function: Display “control panel – game controllers – Advanced” option window.
Command line: rundll32.exe mshtml.dll, PrintHTML (HTML document)
Features: Print HTML documents.
Command line: rundll32.exe shell32.dll, Control_RunDLL mlcfg32.cpl
Function: Display Microsoft Exchange General options window.
Command line: rundll32.exe shell32.dll, Control_RunDLL main.cpl @ 0
Function: Display “control panel – mouse” option.
Command line: rundll32.exe shell32.dll, Control_RunDLL main.cpl @ 1
Function: Display “control panel – keyboard attributes – speed” option window.
Command line: rundll32.exe shell32.dll, Control_RunDLL main.cpl @ 1,, 1
Function: Display “Control Panel – Keyboard Properties – Language” option window.
Command line: rundll32.exe shell32.dll, Control_RunDLL main.cpl @ 2
Function: Display Windows “Printers” folder.
Command line: rundll32.exe shell32.dll, Control_RunDLL main.cpl @ 3
Function: Display Windows “fonts” folder.
Command line: rundll32.exe shell32.dll, Control_RunDLL main.cpl @ 4
Function: Display “control panel – the input method attributes – Input Method” option window.
Command line: rundll32.exe shell32.dll, Control_RunDLL modem.cpl,, add
Functions: the implementation of the “Add a new modem” wizard.
Command line: rundll32.exe shell32.dll, Control_RunDLL mmsys.cpl,, 0
Function: Display “control panel – multimedia attributes – Audio” page attribute.
Command line: rundll32.exe shell32.dll, Control_RunDLL mmsys.cpl,, 1
Function: Display “control panel – multimedia attributes – Video” property page.
Command line: rundll32.exe shell32.dll, Control_RunDLL mmsys.cpl,, 2
Function: Display “control panel – multimedia attribute-MIDI” page attribute.
Command line: rundll32.exe shell32.dll, Control_RunDLL mmsys.cpl,, 3
Function: Display “control panel – multimedia attributes-CD Music” property page.
Command line: rundll32.exe shell32.dll, Control_RunDLL mmsys.cpl,, 4
Function: Display “control panel – multimedia property – equipment” property page.
Command line: rundll32.exe shell32.dll, Control_RunDLL mmsys.cpl @ 1
Function: Display “control panel – the voice of” option window.
Command line: rundll32.exe shell32.dll, Control_RunDLL netcpl.cpl
Function: Display “control panel – network” option window.
Command line: rundll32.exe shell32.dll, Control_RunDLL odbccp32.cpl
Function: Display window ODBC32 data management options.
Command line: rundll32.exe shell32.dll, OpenAs_RunDLL (drive: \ path \ filename)
Function: display the specified file (drive: \ path \ filename) of the “Open With” dialog box.
Command line: rundll32.exe shell32.dll, Control_RunDLL password.cpl
Function: Display “Control Panel – Password” option window.
Command line: rundll32.exe shell32.dll, Control_RunDLL powercfg.cpl
Function: Display “Control Panel – Power Management Properties” window option.
Command line: rundll32.exe shell32.dll, SHHelpShortcuts_RunDLL PrintersFolder
Function: Display Windows “Printers” folder. (With rundll32.exe shell32.dll, Control_RunDLL main.cpl @ 2)
Command line: rundll32.exe shell32.dll, Control_RunDLL intl.cpl,, 0
Function: Display “Control Panel – Regional Settings Properties – Regional Settings” window option.
Command line: rundll32.exe shell32.dll, Control_RunDLL intl.cpl,, 1
Function: Display “Control Panel – Regional Settings properties – the number of” options window.
Command line: rundll32.exe shell32.dll, Control_RunDLL intl.cpl,, 2
Function: Display “Control Panel – Regional Settings Properties – Currency” option window.
Command line: rundll32.exe shell32.dll, Control_RunDLL intl.cpl,, 3
Function: Display “Control Panel – Regional Settings Properties – Time” window option.
Command line: rundll32.exe shell32.dll, Control_RunDLL intl.cpl,, 4
Function: Display “Control Panel – Regional Settings Properties – date” option window.
Command line: rundll32.exe desk.cpl, InstallScreenSaver [protected files screen name]
Functions: screen will be designated to protect the file is set to Windows screen saver, and display window screen to protect property.
Command line: rundll32.exe shell32.dll, Control_RunDLL sysdm.cpl,, 0
Function: Display “Control Panel – System Properties – the traditional” Properties window.
Command line: rundll32.exe shell32.dll, Control_RunDLL sysdm.cpl,, 1
Function: Display “Control Panel – System Properties – Device Manager” Properties window.
Command line: rundll32.exe shell32.dll, Control_RunDLL sysdm.cpl,, 2
Function: Display “Control Panel – System Properties – Hardware Configuration files” window attributes.
Command line: rundll32.exe shell32.dll, Control_RunDLL sysdm.cpl,, 3
Function: Display “Control Panel – System Properties – Properties” window attributes.
Command line: rundll32.exe user.exe, restartwindows
Function: forced to close all programs and restart the machine.
Command line: rundll32.exe user.exe, exitwindows
Function: forced to close all programs and shut down.
Command line: rundll32.exe shell32.dll, Control_RunDLL telephon.cpl
Features: show “Dialing Properties” option window
Command line: rundll32.exe shell32.dll, Control_RunDLL themes.cpl
Functions: to show the “Desktop keynote” option panel
Of course, not only VisualBasic, as Delphi.VisualC + + and other programming language can also call external command Rundll ways to use these functions, not specific methods here described in detail. Flexibility in the use of Rundll, you must make programming easy, highly effective!
Posted in 
Tags: 