Using Rundll32 to Execute a DLL


Click here to change the theme.

See Microsoft Knowledge Base article Q164787 - INFO: The Windows 95 Rundll and Rundll32 Interface. If a DLL has a function with the prototype shown in that article, then Rundll32 can be used to execute that function. The following is a sample of a DLL with a function (Function) that can be executed by Rundll32. Be aware that if this is a cpp file then the entry point name to use for Rundll32 is _Function@16, not Function.

#define VC_EXTRALEAN // Exclude rarely-used stuff from Windows headers
#define STRICT
#include <windows.h> // MFC core and standard components
#pragma comment(lib, "user32")

extern "C" void __declspec(dllexport) CALLBACK
	Function(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow) {
MessageBox(NULL, "Executed", "Function", MB_OK);
}

BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID) {
if (dwReason == DLL_PROCESS_ATTACH)
	MessageBox(NULL, "Process Attach", "Title", MB_OK);
else
	if (dwReason == DLL_PROCESS_DETACH)
		MessageBox(NULL, "Process Detach", "Title", MB_OK);
return TRUE;
}