You can do the same with Process Explorer by looking at the stack for run32dll.exe: You can see this by adding the Command Line column to the Windows Task Manager: When rundll32.exe starts, it looks into shell32.dll and launches the function (or executes the code) that is responsible for opening the Internet options panel with no need for Internet Explorer to open. An example can be easily demonstrated by opening any Control Panel extension such as the Internet Explorer options panel for IE (inetcpl.cpl). But what about non-Windows services? How do they execute functions within dynamic link libraries without the need to execute the program that it belongs to? By using the rundll32.exe process (commonly described as Run DLL as an App). In an earlier blog, I spoke about Windows services and how they are hosted by svchost.exe so that functionality within these dll files can be executed.
0 Comments
Leave a Reply. |