DLL Startup
Posted 2007. 8. 28. 20:21, Filed under: Study/Computer ScienceShellExecute Hook: These modules are loaded every time you launch a program (using Windows Explorer or by calling the ShellExecute(Ex) function). The modules are notified of the program you launch and can perform any additional task before the the program is actually launched.
Shell Delay Load Object: These modules are loaded early (even before any human intervention occurs) in the startup process by Explorer.exe every time your computer starts.
URL Search Hook: A Url Search Hook is used when you type an address in the location field of the browser, but do not include a protocol such as http:// or ftp:// in the address. When you enter such an address, the browser will attempt to figure out the correct protocol on its own, and if it fails to do so, it will use a Url Search Hook to try to find the location you entered.
App Init DLLs (2K/XP/Server 2003 only): These DLLs are loaded by each Windows-based application running within the current logon session. The AppInit DLLs are loaded via LoadLibrary() during the DLL_PROCESS_ATTACH of User32.dll. As a result, executables that don't link with User32.dll will not load the AppInit DLLs. There are very few executables that don't link with User32.dll.
Download Manager: A custom download manager for Internet Explorer 5.5 and higher. Extends the functionality of Internet Explorer and WebBrowser applications by implementing a Component Object Model (COM) object to handle the file download process (usually displays a custom user interface for the file download process).
Notification Package (2K/XP/Server 2003 only): A Winlogon notification package is a DLL which exports functions that handle Winlogon events. For example, when a user logs onto the system, Winlogon calls each notification package's logon event handler function to provide information about the event.
ShellExecute Hooks are located in the registry under the following key:
HKEY_LOCAL_MACHINE \Software \Microsoft \Windows \CurrentVersion \Explorer \ShellExecuteHooks
Shell Delay Load Objects are located in the registry under the following key:
HKEY_LOCAL_MACHINE \Software \Microsoft \Windows \CurrentVersion \ShellServiceObjectDelayLoad
URL Search Hooks are located in the registry under the following key:
HKEY_CURRENT_USER \Software \Microsoft \Internet Explorer \URLSearchHooks
App Init DLLs are located in the registry under the following key:
HKEY_LOCAL_MACHINE \Software \Microsoft \Windows NT \CurrentVersion \Windows, AppInit_DLLs
Download Manager is located in the registry under one of the following keys:
HKEY_LOCAL_MACHINE Software \Microsoft \Internet Explorer, DownloadUI
HKEY_CURRENT_USER Software \Microsoft \Internet Explorer, DownloadUI
Notification Packages are located in the registry under the following key:
HKEY_LOCAL_MACHINE \Software \Microsoft \Windows NT \CurrentVersion \Winlogon \Notify
출처 : http://www.browsersentinel.com/help/startup-modules.htm