什么是rundll32.exe,为什么运行?
You are no doubt reading this article because you’ve looked in task manager and wondered what on earth all those rundll32.exe processes are, and why they are running… So what are they?
毫無疑問,您閱讀本文是因為您已經查看了任務管理器,并且想知道所有這些rundll32.exe進程到底是什么,以及為什么它們正在運行……所以它們是什么?
This article is part of our ongoing series explaining various processes found in Task Manager, like?svchost.exe,?dwm.exe, ctfmon.exe,?mDNSResponder.exe, conhost.exe,?Adobe_Updater.exe, and many others.?Don’t?know what those services are? Better start reading!
本文是我們正在進行的系列文章的一部分,介紹了在任務管理器中找到的各種過程,例如svchost.exe , dwm.exe , ctfmon.exe , mDNSResponder.exe , conhost.exe , Adobe_Updater.exe以及許多其他過程 。 不知道這些服務是什么? 最好開始閱讀!
說明 (Explanation)
If you’ve been around Windows for any amount of time, you’ve seen the zillions of *.dll (Dynamic Link Library) files in every application folder, which are used to store common pieces of application logic that can be accessed from multiple applications.
如果您使用Windows已有一段時間,那么您會在每個應用程序文件夾中看到無數的* .dll(動態鏈接庫)文件,這些文件用于存儲可以從多個應用程序訪問的通用應用程序邏輯應用程序。
Since there’s no way to directly launch a DLL file, the rundll32.exe application is simply used to launch functionality stored in shared .dll files. This executable is a valid part of Windows, and normally shouldn’t be a threat.
由于無法直接啟動DLL文件,因此rundll32.exe應用程序僅用于啟動存儲在共享.dll文件中的功能。 該可執行文件是Windows的有效部分,通常不應構成威脅。
Note: the valid process is normally located at \Windows\System32\rundll32.exe, but sometimes spyware uses the same filename and runs from a different directory in order to disguise itself. If you think you have a problem, you should always run a scan to be sure, but we can verify exactly what is going on… so keep reading.
注意:有效進程通常位于\ Windows \ System32 \ rundll32.exe,但有時間諜軟件使用相同的文件名并從其他目錄運行以掩飾自身。 如果您認為自己有問題,則應始終進行掃描以確保確定,但是我們可以準確地驗證正在發生的事情……因此請繼續閱讀。
在Windows 10、8、7,Vista等上使用Process Explorer進行研究 (Research Using Process Explorer on Windows 10, 8, 7, Vista, etc)
Instead of using Task Manager, we can use the freeware Process Explorer utility from Microsoft to figure out what is going on, which has the benefit of working in every version of Windows and being the best choice for any troubleshooting job.
除了使用任務管理器外,我們還可以使用Microsoft的免費軟件Process Explorer實用程序來了解發生了什么,這具有在Windows的每個版本中工作的優勢,并且是進行任何故障排除工作的最佳選擇。
Simply launch Process Explorer, and you’ll want to choose File \ Show Details for All Processes to make sure that you’re seeing everything.
只需啟動Process Explorer,然后選擇“文件\顯示所有進程的詳細信息”以確保您看到的一切。
Now when you hover over the rundll32.exe in the list, you’ll see a tooltip with the details of what it actually is:
現在,當您將鼠標懸停在列表中的rundll32.exe上時,您將看到一個工具提示,其中包含實際內容的詳細信息:
Or you can right-click, choose Properties, and then take a look at the Image tab to see the full pathname that is being launched, and you can even see the Parent process, which in this case is the Windows shell (explorer.exe), indicating that it was likely launched from a shortcut or startup item.
或者,您可以右鍵單擊,選擇“屬性”,然后查看“圖像”選項卡以查看正在啟動的完整路徑名,甚至可以看到“父”進程,在這種情況下,該進程是Windows Shell(explorer.exe ),表明它可能是從快捷方式或啟動項啟動的。
You can browse down and view the details of the file just like we did in the task manager section above. In my instance, it’s a part of the NVIDIA control panel, and so I’m not going to do anything about it.
您可以像在上面的任務管理器部分中一樣向下瀏覽并查看文件的詳細信息。 以我為例,它是NVIDIA控制面板的一部分,因此我將不做任何事情。
如何禁用Rundll32進程(Windows 7) (How to Disable the Rundll32 Process (Windows 7))
Depending on what the process is, you won’t want to necessarily disable it, but if you would like to, you can type msconfig.exe into the start menu search or run box and you should be able to find it by the Command column, which should be the same as the “Command line” field we saw in Process Explorer. Simply uncheck the box to prevent it from starting automatically.
根據該過程是什么,您不一定要禁用它,但是如果愿意,可以在開始菜單搜索或運行框中鍵入msconfig.exe ,并且應該可以在“命令”列中找到它。 ,該字段應與我們在Process Explorer中看到的“命令行”字段相同。 只需取消選中該框即可防止其自動啟動。
Sometimes the process doesn’t actually have a startup item, in which case you’ll likely have to do some research to figure out where it was started from. For instance, if you open up Display Properties on XP you’ll see another rundll32.exe in the list, because Windows internally uses rundll32 to run that dialog.
有時,該過程實際上沒有啟動項,在這種情況下,您可能必須進行一些研究才能確定從何處開始。 例如,如果您在XP上打開“顯示屬性”,您將在列表中看到另一個rundll32.exe,因為Windows內部使用rundll32來運行該對話框。
在Windows 8或10中禁用 (Disabling in Windows 8 or 10)
If you’re using Windows 8 or 10, you can use the Startup section of Task Manager to disable it.
如果您使用的是Windows 8或10,則可以使用任務管理器的“啟動”部分將其禁用。
使用Windows 7或Vista任務管理器 (Using Windows 7 or Vista?Task Manager)
One of the great features in Windows 7 or Vista Task Manager is the ability to see the full command line for any running application. For instance, you’ll see that I have two rundll32.exe processes in my list here:
Windows 7或Vista Task Manager的一項重要功能是能夠查看任何正在運行的應用程序的完整命令行。 例如,您將在列表中看到兩個rundll32.exe進程:
If you go to View \ Select Columns, you’ll see the option for “Command Line” in the list, which you’ll want to check.
如果轉到“查看\選擇列”,您將在列表中看到要檢查的“命令行”選項。
Now you can see the full path for the file in the list, which you’ll notice is the valid path for rundll32.exe in the System32 directory, and the argument is another DLL that is actually what is being run.
現在,您可以在列表中看到文件的完整路徑,您會注意到該文件是System32目錄中rundll32.exe的有效路徑,而參數是另一個實際上正在運行的DLL。
If you browse down to locate that file, which in this example is nvmctray.dll, you’ll usually see what it actually is when you hover your mouse over the filename:
如果向下瀏覽以找到該文件(在本示例中為nvmctray.dll),則將鼠標懸停在文件名上時,通常會看到它的實際含義:
Otherwise, you can open up the Properties and take a look at the Details to see the file description, which usually will tell you the purpose for that file.
否則,您可以打開“屬性”并查看“詳細信息”以查看文件描述,通常可以告訴您該文件的用途。
Once we know what it is, we can figure out if we want to disable it or not, which we’ll cover below. If there isn’t any information at all, you should either Google it, or ask somebody on a helpful forum.
一旦知道了它是什么,我們就可以確定是否要禁用它,我們將在下面介紹。 如果根本沒有任何信息,則您應該搜索它,或在一個有用的論壇上向其他人詢問 。
When all else fails, you should post the full command path over on a helpful forum and get advice from somebody else that might know more about it.
當所有其他方法都失敗時,您應該將完整的命令路徑發布在一個有用的論壇上,并從可能對此有更多了解的其他人那里獲得建議。
翻譯自: https://www.howtogeek.com/howto/windows-vista/what-is-rundll32exe-and-why-is-it-running/
總結
以上是生活随笔為你收集整理的什么是rundll32.exe,为什么运行?的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 算法题目:小于n的最大数
- 下一篇: Reader之FileReader、Bu