提供一个window下的防犯工具 100多K的小东东
作者:ANDY 日期:2007-07-27
使用Symantec的Process Viewer辅助查杀未知病毒
作者:xiake 日期:2007-07-09
Rob van der Woude's Scripting Pages
作者:xiake 日期:2007-07-08
Using Rundll
作者:xiake 日期:2007-07-08
A "DLL" file is a special program that never gets run. Instead, it has lots of cool utilities inside it that other programs can use. And the rundll and rundll32 programs let us run those buried utilities inside DLL files from a command line. But there is a problem. The DOS command line only passes strings (characters and words). Some DLLs functions expect specially formatted numbers, memory addresses, window handles, or object references. We will never be able to use those functions. There are other DLLs that we could use but will probably never figure out. Too bad. But that still leaves us a few cool functions we can call!
One way to find functions that can be activated via rundll (and rundll32) is to read through the Windows SDK (Software Development Kit). Ouch! Another way is to just pick exe and dll files at random and right-click them choosing "Quick View". If you scroll down, you might come to a section labeled "Exported Functions". That's what you want, but without further info on the needed arguments, you'll be left guessing as to whether they will work. Another way to find functions is to open any Explorer window and select "View" and "Options". Select the "File Types" tab and for each item hit the "Edit" button to see if rundll is used. Very tedious. Just as bad is searching the system registry. Guaranteed they will all work, but they may not do anything you want. But that's how things are.
Here's a collection of rundll and rundll32 command lines I've collected:
One way to find functions that can be activated via rundll (and rundll32) is to read through the Windows SDK (Software Development Kit). Ouch! Another way is to just pick exe and dll files at random and right-click them choosing "Quick View". If you scroll down, you might come to a section labeled "Exported Functions". That's what you want, but without further info on the needed arguments, you'll be left guessing as to whether they will work. Another way to find functions is to open any Explorer window and select "View" and "Options". Select the "File Types" tab and for each item hit the "Edit" button to see if rundll is used. Very tedious. Just as bad is searching the system registry. Guaranteed they will all work, but they may not do anything you want. But that's how things are.
Here's a collection of rundll and rundll32 command lines I've collected:
本章对于方法的概念进行深入的讨论。
