从大量的测试推断cmd.exe在每次运行时就会用以下命令向内存写入信息从而来设置环境变量:- set "ALLUSERSPROFILE=C:\Documents and Settings\All Users"
- set "APPDATA=C:\Documents and Settings\Administrator\Application Data"
- set "CommonProgramFiles=C:\Program Files\Common Files"
- set "COMPUTERNAME=PC-200901071258"
- set "ComSpec=C:\WINDOWS\system32\cmd.exe"
- set "FP_NO_HOST_CHECK=NO"
- set "HOMEDRIVE=C:"
- set "HOMEPATH=\Documents and Settings\Administrator"
- set "LOGONSERVER=\\PC-200901071258"
- set "NUMBER_OF_PROCESSORS=2"
- set "OS=Windows_NT"
- set "Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Thunder Network\KanKan\Codecs;C:\Program Files\StormII\Codec;C:\Program Files\StormII"
- set "PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH"
- set "PROCESSOR_ARCHITECTURE=x86"
- set "PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 2, AuthenticAMD"
- set "PROCESSOR_LEVEL=15"
- set "PROCESSOR_REVISION=6b02"
- set "ProgramFiles=C:\Program Files"
- set "PROMPT=$P$G"
- set "SESSIONNAME=Console"
- set "SystemDrive=C:"
- set "SystemRoot=C:\WINDOWS"
- set "TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp"
- set "TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp"
- set "USERDOMAIN=PC-200901071258"
- set "USERNAME=Administrator"
- set "USERPROFILE=C:\Documents and Settings\Administrator"
- set "windir=C:\WINDOWS"
复制代码
|