我在注册表导出了
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\KnownDLLs]
"advapi32"="advapi32.dll"
"comdlg32"="comdlg32.dll"
"DllDirectory"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,00,00
"gdi32"="gdi32.dll"
"imagehlp"="imagehlp.dll"
"kernel32"="kernel32.dll"
"lz32"="lz32.dll"
"ole32"="ole32.dll"
"oleaut32"="oleaut32.dll"
"olecli32"="olecli32.dll"
"olecnv32"="olecnv32.dll"
"olesvr32"="olesvr32.dll"
"olethk32"="olethk32.dll"
"rpcrt4"="rpcrt4.dll"
"shell32"="shell32.dll"
"url"="url.dll"
"urlmon"="urlmon.dll"
"user32"="user32.dll"
"version"="version.dll"
"wininet"="wininet.dll"
"wldap32"="wldap32.dll"
我想这些应该是系统启动过程中Smss.exe加载的,里面如:
"advapi32"="advapi32.dll" 颜色的部分有没有可能是恶意的dll,是否可以全部删除?
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)