• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 945
  • Last Modified:

how to use rundll?

I want to learn how to use rundll and rundll32.  Can someone point me to a good source of information?
  • 3
1 Solution
Goto http://search.microsoft.com/us/SearchMS.asp

Enter "rundll32", select "All words".
Click "search".
mel_levineAuthor Commented:
This helps a lot, but it makes me greedy for more information.

Is there a way to find out what what functions are available to be called in any given dll?

Hope this waht you wanted:

INFO: The Windows 95 Rundll and Rundll32 Interface

The information in this article applies to:

Microsoft Win32 Application Programming Interface (API), included with:
Microsoft Windows NT 4.0
Microsoft Windows 95


Windows 95 contains two command-line utility programs named Rundll.exe and Rundll32.exe that allow you to invoke a function exported from a DLL, either 16-bit or 32-bit. However, Rundll and Rundll32 programs do not allow you to call any exported function from any DLL. For example, you can not use these utility programs to call the Win32 API (Application Programming Interface) calls exported from the system DLLs. The programs only allow you to call functions from a DLL that are explicitly written to be called by them. This article provides more details on the use of Rundll and Rundll32 programs under Windows NT and Windows 95. The Rundll and Rundll32 utility programs were originally designed only for internal use at Microsoft. But the functionality provided by them is sufficiently generic that they are now available for general use. Note that Windows NT 4.0 ships only with the Rundll32 utility program and supports only Rundll32.


Rundll vs. Rundll32
Rundll loads and runs 16-bit DLLs, whereas Rundll32 loads and runs 32-bit DLLs. If you pass the wrong type of DLL to Rundll or Rundll32, it may fail to run without indicating any error messages.
Rundll command line
The command line for Rundll is as follows:
   RUNDLL.EXE <dllname>,<entrypoint> <optional arguments>
An example is as follows:
There are 3 issues to consider carefully in the above command line:
Rundll or Rundll32 search for the given DLL filename in the standard places (see the documentation for the LoadLibrary() function for details). It is recommended that you provide a full path to the DLL to ensure that the correct one is found. For best results, use the short file name instead of the long file name to ensure that no illegal characters will appear. Note in particular that this means a DLL in the "C:\Program Files" folder should be converted to its short name.

The <dllname> may not contain any spaces or commas or quotation marks. This is a limitation in the Rundll command line parser.

In the above command line, the comma (,) between the <dllname> and the <entrypont> function name is extremely important. If the comma separator is missing, Rundll or Rundll32 will fail without indicating any errors. In addition, there cannot be any white spaces in between the <dllname>, the comma, and the <entrypoint> function.

How Rundll Works
Rundll performs the following steps:
It parses the command line.

It loads the specified DLL via LoadLibrary().

It obtains the address of the <entrypoint> function via GetProcAddress().

It calls the <entrypoint> function, passing the command line tail which is the <optional arguments>.

When the <entrypoint> function returns, Rundll.exe unloads the DLL and exits.

How to Write Your DLL
In your DLL, write the <entrypoint> function with the following prototype:

16-bit DLL:

  void FAR PASCAL __loadds
  EntryPoint(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow);
32-bit DLL:
  EntryPoint(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow);
Again, there are 3 issues to consider with the EntryPoint function:
Obviously, the name "EntryPoint" should be replaced with the actual name of your entry point function. Note that the Rundll32's entry point is completely unrelated to the DllEntryPoint function in a 32-bit DLL which handles process and thread attach/detach notifications.

The entry point function for Rundll32 must be defined with the _stdcall calling convention (CALLBACK defaults to using the _stdcall attribute). If the _stdcall attribute is missing, then the function defaults to _cdecl calling convention and then Rundll32 will terminate abnormally after calling the function.

Since you must declare the function with _stdcall calling convention as described above, it follows that the Visual C++ compiler will actually export it as _EntryPoint@16 if the DLL is written in C or will use further name decoration if the DLL is written in C++. So, be careful to use the correctly exported name in the command line for Rundll or Rundll32. If you want to avoid using decorated names, use a .def file and export the entry point function by name. Please refer to the product documentation and the following article for further information on name decoration when using Visual C++ compilers:
Q140485 Exporting PASCAL-Like Symbols in 32-bit DLLs

The parameters to the Rundll entry point are as follows:
   hwnd - window handle that should be used as the owner window for
          any windows your DLL creates
   hinst - your DLL's instance handle
   lpszCmdLine - ASCIIZ command line your DLL should parse
   nCmdShow - describes how your DLL's windows should be displayed
In the following example:
Rundll would call the InstallHinfSection() entrypoint function in Setupx.dll and pass it the following parameters:
   hwnd = (parent window handle)
   lpszCmdLine = "132 C:\WINDOWS\INF\SHELL.INF"
   nCmdShow = (whatever the nCmdShow was passed to CreateProcess)
Note that it is the <entrypoint> function (or InstallHinfSection() in the above example) that has to parse its own command line (the lpszCmdLine parameter above) and use the individual parameters as necessary. Rundll.exe parses only up to the optional arguments passed to its command line. The rest of the parsing is up to the <entrypoint> function.
Special Notes On Differences Between Windows 95 And Windows NT
On Windows NT, the behavior of Rundll32.exe is slightly different, in order to accommodate UNICODE command lines.

Windows NT first attempts to GetProcAddress for <EntryPoint>W. If this entry point is found, then the prototype is assumed to be:
   void CALLBACK
   EntryPointW(HWND hwnd, HINSTANCE hinst, LPWSTR lpszCmdLine,
               int nCmdShow);
This is the same as the ANSI EntryPoint, except that the lpszCmdLine parameter is now a UNICODE string.

If the <EntryPoint>W entry point is not found, then Windows NT will GetProcAddress for <entrypoint>A and for <entrypoint>. If either is found, then it is considered an ANSI entry point and is treated the same way as Windows 95. Therefore, if you want your DLL to run on Windows 95 with ANSI support and on Windows NT with UNICODE support, you should export two functions: EntryPointW and EntryPoint. On Windows NT, the EntryPointW function will be called with a UNICODE command line; on Windows 95, the EntryPoint function will be called with an ANSI Command line.

Rundll32 is a utility included with Windows 95, Windows 98, Windows NT 4.0, and Windows 2000 that allows you to start a function that is exported from a DLL from a command line. The Windows Explorer Shell uses RUNDLL32 to call the Control_RunDLL function in Shell32.dll to start a Control Panel applet. Applications can use the following command line to start a Control Panel applet:

C:\>rundll32.exe shell32.dll,Control_RunDLL mycontrol.cpl  

This starts the first Control Panel applet in Mycontrol.cpl. If you have multiple Control Panel applets in Mycontrol.cpl, you need to add the name of the Control Panel applet to the command line. For Example:

Rundll32.exe Shell32.dll,Control_RunDLL Mycontrol.cpl,My Control

To enumerate the list of available control panel applets in a *.cpl file, you can use the following program sample code:
// Control Panel Enumeration
#include <stdio.h>
#include <windows.h>
#include <cpl.h>

int main(int argc, char **argv, char **envp)
    union {
        NEWCPLINFOA NewCplInfoA;
        NEWCPLINFOW NewCplInfoW;
    } Newcpl;
    HINSTANCE hLib; // Library Handle to *.cpl file
    APPLET_PROC CplCall; // Pointer to CPlApplet() function
    LONG i;
    // -------------------
    if (!(hLib = LoadLibrary(argv[1])))
        return 1;      
    if (!(CplCall=(APPLET_PROC)GetProcAddress(hLib,"CPlApplet")))
        return 2;
    // -------------------
    CplCall(NULL, CPL_INIT,0,0); // Init the *.cpl file
    for (i=0;i<CplCall(NULL,CPL_GETCOUNT,0,0);i++)
        printf("RunDLL32 shell32.dll,Control_RunDLL %s",argv[1]);
        Newcpl.NewCplInfoA.dwSize = 0;
        Newcpl.NewCplInfoA.dwFlags = 0;
        if (Newcpl.NewCplInfoA.dwSize == sizeof(NEWCPLINFOW))
        {   // Case #1, CPL_NEWINQUIRE has returned an Unicode String
            wprintf(L",%s\n", Newcpl.NewCplInfoW.szName);
        {   // Case #2, CPL_NEWINQUIRE has returned an ANSI String
            if (Newcpl.NewCplInfoA.dwSize != sizeof(NEWCPLINFOA))
                // Case #3, CPL_NEWINQUIRE failed to return a string
                //    Get the string from the *.cpl Resource instead
                CPLINFO CInfo;
            printf(",%s\n", Newcpl.NewCplInfoA.szName);
    } // for
    // -------------------
    return 0;

This program (Enumcpl.exe) will take one *.cpl file as a parameter and print the available Control Panel applets in that file.

For example, to enumerate all installed *.cpl files on a system:

C:\>for %i in ( c:\winnt\system32\*.cpl ) do @enumcpl %i

You can get more information in net URL: http://support.microsoft.com/support/kb/articles/Q232/5/36.ASP and getting other links from the page to related queries.

Feel free to ask any other query to me.
My mailid is abdij_b@hotmail.com
mel_levine, what's the difference between my answer and abdij's one, except of he placed here the contents of the URL I gave you?

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now