The Win32 Rundll and Rundll32 Interface Related Topics

Microsoft Knowledge Base Article Q164787

 

Applies to: Windows95, Windows 98, Windows NT4

 

Summary

Win32 contains two command-line utility programs named Rundll.exe and Rundll32.exe that allow you to invoke a function exported from a DLL, either 16-bit or 32-bit. However, Rundll and Rundll32 programs do not allow you to call any exported function from any DLL. For example, you can not use these utility programs to call the Win32 API (Application Programming Interface) calls exported from the system DLLs. The programs only allow you to call functions from a DLL that are explicitly written to be called by them. This article provides more details on the use of Rundll and Rundll32 programs under Windows NT and Windows 95/98. The Rundll and Rundll32 utility programs were originally designed only for internal use at Microsoft. But the functionality provided by them is sufficiently generic that they are now available for general use. Note that Windows NT 4.0 ships only with the Rundll32 utility program and supports only Rundll32.

 

More Information

Rundll vs. Rundll32

Rundll loads and runs 16-bit DLLs, whereas Rundll32 loads and runs 32-bit DLLs. If you pass the wrong type of DLL to Rundll or Rundll32, it may fail to run without indicating any error messages.

 

Rundll Command Line

The command line for Rundll is as follows:

RUNDLL.EXE <dllname>,<entrypoint> <optional arguments>

An example is as follows:

RUNDLL.EXE SETUPX.DLL,InstallHinfSection 132 C:.INF

There are 3 issues to consider carefully in the above command line:

Rundll or Rundll32 search for the given DLL filename in the standard places (see the documentation for the LoadLibrary() function for details). It is recommended that you provide a full path to the DLL to ensure that the correct one is found. For best results, use the short file name instead of the long file name to ensure that no illegal characters will appear. Note in particular that this means a DLL in the "C:Files" folder should be converted to its short name.

The may not contain any spaces or commas or quotation marks. This is a limitation in the Rundll command line parser.

In the above command line, the comma (,) between the <dllname> and the <entrypoint> function name is extremely important. If the comma separator is missing, Rundll or Rundll32 will fail without indicating any errors. In addition, there cannot be any white spaces in between the <dllname>, the comma, and the <entrypoint> function.

 

How Rundll Works

Rundll performs the following steps:

It parses the command line.

It loads the specified DLL via LoadLibrary().

It obtains the address of the <entrypoint> function via GetProcAddress().

It calls the <entrypoint> function, passing the command line tail which is the <optional arguments>.

When the <entrypoint> function returns, Rundll.exe unloads the DLL and exits.

 

How to Write Your DLL

In your DLL, write the function with the following prototype:

16-bit DLL:

void FAR PASCAL __loadds

EntryPoint(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow);

32-bit DLL:

void CALLBACK

EntryPoint(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow);

Again, there are 3 issues to consider with the EntryPoint function:

Obviously, the name "EntryPoint" should be replaced with the actual name of your entry point function. Note that the Rundll32's entry point is completely unrelated to the DllEntryPoint function in a 32-bit DLL which handles process and thread attach/detach notifications.

The entry point function for Rundll32 must be defined with the _stdcall calling convention (CALLBACK defaults to using the _stdcall attribute). If the _stdcall attribute is missing, then the function defaults to _cdecl calling convention and then Rundll32 will terminate abnormally after calling the function.

Since you must declare the function with _stdcall calling convention as described above, it follows that the Visual C++ compiler will actually export it as _EntryPoint@16 if the DLL is written in C or will use further name decoration if the DLL is written in C++. So, be careful to use the correctly exported name in the command line for Rundll or Rundll32. If you want to avoid using decorated names, use a .def file and export the entry point function by name. Please refer to the product documentation and the following article for further information on name decoration when using Visual C++ compilers:

ARTICLE ID: Q140485

TITLE : Exporting PASCAL-Like Symbols in 32-bit DLLs

The parameters to the Rundll entry point are as follows:

hwnd - window handle that should be used as the owner window for any windows your DLL creates

hinst - your DLL's instance handle

lpszCmdLine - ASCIIZ command line your DLL should parse

nCmdShow - describes how your DLL's windows should be displayed.

In the following example:

RUNDLL.EXE SETUPX.DLL,InstallHinfSection 132 C:.INF

Rundll would call the InstallHinfSection() entrypoint function in Setupx.dll and pass it the following parameters:

hwnd = (parent window handle)

hinst = HINSTANCE of SETUPX.DLL

lpszCmdLine = "132 C:.INF"

nCmdShow = (whatever the nCmdShow was passed to CreateProcess)

Note that it is the function (or InstallHinfSection() in the above example) that has to parse its own command line (the lpszCmdLine parameter above) and use the individual parameters as necessary. Rundll.exe parses only up to the optional arguments passed to its command line. The rest of the parsing is up to the function.

 

Special Notes On Differences Between Windows 95 And Windows NT

On Windows NT, the behavior of Rundll32.exe is slightly different, in order to accommodate UNICODE command lines.

Windows NT first attempts to GetProcAddress for <EntryPoint>W. If this entry point is found, then the prototype is assumed to be:

void CALLBACK

EntryPointW(HWND hwnd, HINSTANCE hinst, LPWSTR lpszCmdLine, int nCmdShow);

This is the same as the ANSI EntryPoint, except that the lpszCmdLine parameter is now a UNICODE string.

If the <EntryPoint>W entry point is not found, then Windows NT will GetProcAddress for <entrypoint>A and for <entrypoint>. If either is found, then it is considered an ANSI entry point and is treated the same way as Windows 95. Therefore, if you want your DLL to run on Windows 95 with ANSI support and on Windows NT with UNICODE support, you should export two functions: EntryPointW and EntryPoint. On Windows NT, the EntryPointW function will be called with a UNICODE command line; on Windows 95, the EntryPoint function will be called with an ANSI Command line.

The Win32 Rundll and Rundll32 Interface Related Topics的更多相关文章

  1. Microsoft Win32 to Microsoft .NET Framework API Map

    Microsoft Win32 to Microsoft .NET Framework API Map .NET Development (General) Technical Articles   ...

  2. Win32 多线程的创建方法和基本使用

    Win32多线程的创建方法主要有: (1)CreateThread() (2)_beginthread()&&_beginthreadex() (3)AfxBeginThread() ...

  3. DLL Dynamic-Link Library Search Order

    http://msdn.microsoft.com/en-us/library/windows/desktop/ms682586(v=vs.85).aspx A system can contain ...

  4. 命令安装VS

     Installing Visual Studio Visual Studio 2015   Other Versions Visual Studio 2013 Visual Studio 2010 ...

  5. Optimizing Performance: Data Binding(zz)

    Optimizing Performance: Data Binding .NET Framework 4.5 Other Versions   Windows Presentation Founda ...

  6. (转) Deep Reinforcement Learning: Playing a Racing Game

    Byte Tank Posts Archive Deep Reinforcement Learning: Playing a Racing Game OCT 6TH, 2016 Agent playi ...

  7. [ZZ] cbuffer和tbuffer

    http://blog.chinaunix.net/uid-20235103-id-2578297.html Shader Model 4支持的新东西,通过打包数据可以获得更好的性能.原文转发:Sha ...

  8. 【转】 Build a RESTful Web service using Jersey and Apache Tomcat 2009

    Build a RESTful Web service using Jersey and Apache Tomcat Yi Ming Huang with Dong Fei Wu, Qing GuoP ...

  9. debugging books

    https://blogs.msdn.microsoft.com/debuggingtoolbox/2007/06/08/recommended-books-how-to-acquire-or-imp ...

随机推荐

  1. win10 安装IIS说明操作

    1.点左下角的Windows,所有应用,找到Windows系统,打开控制面板. 2.进入控制面板之后点击程序,可能你的控制面板和图片里的不太一样,不过没关系,找到程序两个字点进去就行. 3.接下来,在 ...

  2. orm 缺点

    背景 提起orm,在我开发这几年可是阴魂不散,因为我的开发没人带,全是自己琢磨,好处是很多东西都懂,都理解的透彻,缺点是见得少,接触少.而我一直没用orm,但是又到处听说orm,但我总想不明白有啥用处 ...

  3. 报错stale element reference: element is not attached to the page document结局方案

    今天在调试脚本时,遇到如下报错: org.openqa.selenium.StaleElementReferenceException: stale element reference: elemen ...

  4. Django项目之cookie+session

    原文:https://www.cnblogs.com/sss4/p/7071334.html HTTP协议 是短连接.且状态的,所以在客户端向服务端发起请求后,服务端在响应头 加入cokie响应给浏览 ...

  5. CSS 浮动和清除

    CSS 浮动和清除浮动 在写页面布局的过程中,浮动是大家经常用的属性.在好多的排版布局中都是用的的浮动比如说下面这些地方都是应用到了浮动. 在我学习浮动的时候可是熬坏了脑筋,在这里我分享一下我对浮动这 ...

  6. Storm常用操作命令及WordCount

    Storm常用操作命令 1.任务提交命令:storm jar [jar路径] [拓扑包名.拓扑类名] [拓扑名称] storm jar /export/servers/storm/examples/s ...

  7. 001.MySQL高可用主从复制简介

    一 简介 1.1 概述 Mysql内建的复制功能是构建大型,高性能应用程序的基础.将Mysql的数据分布在多个系统之上,这种分布的机制,是通过将Mysql的某一台主机的数据复制到其它主机(slaves ...

  8. 用scrapy爬取京东的数据

    本文目的是使用scrapy爬取京东上所有的手机数据,并将数据保存到MongoDB中. 一.项目介绍 主要目标 1.使用scrapy爬取京东上所有的手机数据 2.将爬取的数据存储到MongoDB 环境 ...

  9. Linux-c系统编程

    进程相关的概念 程序和进程 程序:二进制文件.占用磁盘空间 进程:运行着的程序,数据在内存中,占用系统资源,CPU,物理内存() PCB描述进程(进程控制块) 把描述进程的所有信息的那条记录叫做 PC ...

  10. oracle中listagg()和wmsys.wm_concat()基本用法

    一.LISTAGG() 简介 介绍:其函数在Oracle 11g 版本中推出,对分组后的数据按照一定的排序进行字符串连接. 其中,“[,]”表示字符串连接的分隔符,如果选择使用[over (parti ...