Rundll32.exe Process? Why run? Rundll32.exe Detailed

There Rundll32.exe processes running (but not all systems), although its existence has been a long time in the operating system, but there are still a lot of users of this process we will open some versions of the system in Microsoft Windows Task Manager and do not know much about, some users also appeared Rundll32.exe application error and CPU usage 100% special phenomenon, virus-like infection. Rundll32.exe is what process? This article may help you:

Overview of functions

The the Rundll32.exe process from literally can be understood as follows: run the 32-bit DLL; This is a program by Microsoft for its Windows operating system is a very important system-defined core program in Windows XP/Vista/7 inside (but not always run). Its role is responsible for calling Windows DLL (dynamic link library) files, which they loaded into the memory of your computer, and for other applications to use.

If the the Rundll32.exe file in your system does not exist or an error occurs, you can not find these DLL files and loaded into memory, just another program to use the DLL files in the memory error occurs hints or can not run. We can see the Rundll32.exe file at the following location:

C: \ Windows \ System32 (beginning with C representing the system is installed partition letter)

Operation mode

Rundll32.exe must follow the exact syntax, as follows:

Note: DLL name can not contain any spaces, commas, quotation marks, and separated by a comma between the name of the DLL entry point to have. In addition, the entry point function names are case sensitive, and separated by a space between the <optional arguments> (non-essential optional parameter). Rundll32.exe will have the following five steps in the application call LoadLibrary () used during GetProcAdress (), FreeLibrary () three functions:

  1.  The analysis of the command line;
  2. LoadLibrary () function is used to load the specified dll file is loaded into the memory of the calling program;
  3. GetProcAddress () output library functions in the dynamic link library (DLL) function to retrieve the specified address, for calling;
  4. FreeLibrary () to release the the DLL share of space;
  5. Finally Rundll32.exe exits

Following Mu Tong For instance, open the “Run” (shortcut key Win + R), enter the following code to determine

RUNDLL32.EXE SHELL32.DLL, Control_RunDLL desk.cpl,, 0

Results, we open the Desktop Icon Settings window, remove the optional parameters ”desk.cpl,, 0″ will open the control panel:

In addition there is a similar Rundll32.exe process Rundll.exe process, but different only run the 16-bit DLL files Rundll.exe, and of Rundll32.exe available 32-bit DLL file. These are both safe and important system files, do not delete, otherwise it will lead to error or can not run other programs.

Virus and security

Rundll32.exe as an important system files eyeing virus program apparently is “of course” things, hackers will use the trust of the people this process and manufacture of the same name or the name of a very similar virus, such as Rundl132.exe . This may make you Task Manager will “ignore” its existence, which is obviously dangerous, associated infections instance has been intercepted by security vendors, including the following:

    Virus name: W32.Miroot.Worm, infection location:% Systemroot%

o     Miroot a worm infected systems through network sharing.

    The virus: Backdoor.Lastdoor, infections position:% Systemroot% \ System32

o     This is a Trojan horse, it will overwrite the real Rundll32.exe file

    Virus name: Troj/AnaFTP-01, the infected location of% Systemroot% \ Rundll.exe

o     This is a FTP for remote access Trojan listens on port 41462.

% Systemroot% variable represents the system startup folder location, if installed on the C drive will is C: \ Windows

Infected computer is usually realized is that there is exactly the same or similar name Rundll32.exe run, In addition, they may lead to the emergence of some complications; should also be vigilant if your computer appears on the following circumstances, and recommended you immediately upgrade to the latest virus database antivirus software and overall killing.

  1. Same name or similar to the name of the process is not in the directory C: \ Windows \ System32
  2. Open the control panel, the rundll32.exe application not found error;
  3. Rundl132.exe consumes 100 percent CPU utilization; (in this case may be caused by normal software and is not normal DLL files)

Scan for viruses after the above problem persists, please use Microsoft Windows System File Checker (Sfc.exe) to determine which file is causing the problem, and then replace the file.To do this, type the following command at the command prompt: SFC / SCANNOW then confirm.

sfc / scannow command scans all protected system files and replaces incorrect versions with correct version.

The above is the author’s summary of the the Rundll32.exe process related problem, hope you can help.

发表评论

邮箱地址不会被公开。 必填项已用*标注