Información sobre DLL

ADVAPI32.dll api-ms-win-appmodel-runtime-l1-1-0.dll api-ms-win-appmodel-runtime-l1-1-1.dll api-ms-win-core-apiquery-l1-1-0.dll api-ms-win-core-com-l1-1-0.dll api-ms-win-core-com-l1-1-1.dll api-ms-win-core-com-midlproxystub-l1-1-0.dll api-ms-win-core-debug-l1-1-0.dll api-ms-win-core-delayload-l1-1-0.dll api-ms-win-core-delayload-l1-1-1.dll api-ms-win-core-errorhandling-l1-1-0.dll api-ms-win-core-errorhandling-l1-1-2.dll api-ms-win-core-file-l1-1-0.dll api-ms-win-core-file-l1-2-0.dll api-ms-win-core-file-l2-1-0.dll api-ms-win-core-handle-l1-1-0.dll api-ms-win-core-heap-l1-1-0.dll api-ms-win-core-heap-l2-1-0.dll api-ms-win-core-heap-obsolete-l1-1-0.dll api-ms-win-core-interlocked-l1-1-0.dll api-ms-win-core-io-l1-1-0.dll api-ms-win-core-kernel32-legacy-l1-1-0.dll api-ms-win-core-libraryloader-l1-2-0.dll api-ms-win-core-libraryloader-l1-2-1.dll api-ms-win-core-localization-l1-2-0.dll api-ms-win-core-memory-l1-1-0.dll api-ms-win-core-path-l1-1-0.dll api-ms-win-core-processenvironment-l1-1-0.dll api-ms-win-core-processthreads-l1-1-0.dll api-ms-win-core-processthreads-l1-1-1.dll api-ms-win-core-profile-l1-1-0.dll api-ms-win-core-psapi-l1-1-0.dll api-ms-win-core-registry-l1-1-0.dll api-ms-win-core-registry-l1-1-1.dll api-ms-win-core-registry-l2-1-0.dll api-ms-win-core-rtlsupport-l1-1-0.dll api-ms-win-core-shlwapi-legacy-l1-1-0.dll api-ms-win-core-shlwapi-obsolete-l1-1-0.dll api-ms-win-core-string-l1-1-0.dll api-ms-win-core-string-l2-1-0.dll api-ms-win-core-string-obsolete-l1-1-0.dll api-ms-win-core-synch-l1-1-0.dll api-ms-win-core-synch-l1-2-0.dll api-ms-win-core-synch-l1-2-1.dll api-ms-win-core-sysinfo-l1-1-0.dll api-ms-win-core-sysinfo-l1-2-0.dll api-ms-win-core-threadpool-l1-2-0.dll api-ms-win-core-threadpool-legacy-l1-1-0.dll api-ms-win-core-timezone-l1-1-0.dll api-ms-win-core-util-l1-1-0.dll api-ms-win-core-version-l1-1-0.dll api-ms-win-core-winrt-error-l1-1-0.dll api-ms-win-core-winrt-error-l1-1-1.dll api-ms-win-core-winrt-l1-1-0.dll api-ms-win-core-winrt-string-l1-1-0.dll api-ms-win-crt-math-l1-1-0.dll api-ms-win-crt-private-l1-1-0.dll api-ms-win-crt-runtime-l1-1-0.dll api-ms-win-crt-string-l1-1-0.dll api-ms-win-devices-config-l1-1-1.dll api-ms-win-devices-query-l1-1-0.dll api-ms-win-eventing-classicprovider-l1-1-0.dll api-ms-win-eventing-provider-l1-1-0.dll api-ms-win-rtcore-ntuser-window-l1-1-0.dll api-ms-win-security-base-l1-1-0.dll api-ms-win-security-capability-l1-1-0.dll api-ms-win-security-lsalookup-l2-1-0.dll api-ms-win-security-provider-l1-1-0.dll api-ms-win-security-sddl-l1-1-0.dll api-ms-win-service-core-l1-1-0.dll api-ms-win-service-management-l1-1-0.dll api-ms-win-service-management-l2-1-0.dll api-ms-win-service-winsvc-l1-1-0.dll api-ms-win-shcore-stream-l1-1-0.dll api-ms-win-shcore-taskpool-l1-1-0.dll api-ms-win-stateseparation-helpers-l1-1-0.dll bcrypt.dll combase.dll CRYPT32.dll ext-ms-win-session-usermgr-l1-1-0.dll GDI32.dll IPHLPAPI.DLL KERNEL32.dll msvcp_win.dll msvcrt.dll netutils.dll ntdll.dll ole32.dll OLEAUT32.dll PROPSYS.dll RPCRT4.dll setupapi.dll SHELL32.dll SHLWAPI.dll SspiCli.dll USER32.dll USERENV.dll WINHTTP.dll WS2_32.dll XmlLite.dll

Explicación sobre el uso de funciones que están en DLL del sistema operativo

A menudo se utilizan funciones en scripts de PowerShell como por ejemplo (Hacer clic en una posición de la pantalla con PowerShell):

$MouseEventSig=@'
[DllImport("user32.dll",CharSet=CharSet.Auto, CallingConvention=CallingConvention.StdCall)]
public static extern void mouse_event(long dwFlags, long dx, long dy, long cButtons, long dwExtraInfo);
'@
 
$MouseEvent = Add-Type -memberDefinition $MouseEventSig -name "MouseEventWinApi" -passThru

[System.Windows.Forms.Cursor]::Position = New-Object System.Drawing.Point(10,10)
$MouseEvent::mouse_event(0x00000002, 0, 0, 0, 0)
$MouseEvent::mouse_event(0x00000004, 0, 0, 0, 0)

Vemos que se usa una dll en concreto user32.dll y luego se hace referencia a la función mouse_event que sirve para tratar con el mouse.

Pongamos otro ejemplo (Escribir texto en el proceso Notepad):

$codigo='
[DllImport("user32.dll", EntryPoint = "FindWindowEx")]public static extern IntPtr FindWindowEx(IntPtr hwndParent, IntPtr hwndChildAfter, string lpszClass, string lpszWindow);
[DllImport("User32.dll")]public static extern int SendMessage(IntPtr hWnd, int uMsg, int wParam, string lParam);
'
$notepad=Start-Process notepad -PassThru
$notepad.WaitForInputIdle()

$acciones=Add-Type -MemberDefinition $codigo -Name TextoNotepad -PassThru
#FindWindowEx(IntPtr hwndParent, IntPtr hwndChildAfter, string lpszClass, string lpszWindow)
#SendMessage(IntPtr hWnd, int uMsg, int wParam, string lParam)
$acciones::SendMessage([IntPtr]$acciones::FindWindowEx($notepad.MainWindowHandle, [IntPtr]::Zero, "Edit", $null), 0x000C, 0, "Texto")

En este caso, se usa la dll user32.dll y luego se hace referencia a las funciones FindWindowEx y SendMessage para escribir un texto en el proceso Notepad.

Aplicaciones

La información sobre el uso de las funciones se puede obtener analizando las dll con aplicaciones como por ejemplo:

Información sobre archivos DLL

Más ejemplos que ayudan a comprenderlo mejor: