Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How does RunDll32 work?

Tags:

c

rundll32

How exactly does RunDll32 call a function, without knowing the number/types of arguments that the function can take?

Does it have a built-in compiler or something of the sort?

like image 813
Downvoter Avatar asked Nov 21 '11 05:11

Downvoter

People also ask

Is Rundll32 a Trojan?

RunDll32 is a part of Windows that is used for many things, so by itself it's not malicious.

Is Rundll32 an application?

The rundll32.exe application is a native Windows application used to launch the shared . dll files. The process itself is harmless and is a regular part of the Windows operating system.

What is Rundll32.exe malware?

Rundll32.exe is a program used to run program code in DLL files which is part of Windows components. There are viruses that uses this name also that's why it's commonly mistaken as a real virus. There are also times that the file gets replaced with a malware infected one.

Is it safe to disable Windows Host process Rundll32?

The official Windows Rundll32.exe is safe and cannot harm your computer; there is no need to remove it or stop the process from running. Rundll32.exe is a critical Windows process that launches other 32-bit DLLs that reside on your computer.

2 Answers

RunDll32 is pretty much a thin wrapper that calls LoadLibrary to load the given DLL, calls GetProcAddress to get the function address of the desired function, and then calls the function.

It can't call just any exported function in the DLL, though—it assumes that the function has a very specific function signature of the following:

  void CALLBACK
  EntryPoint(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow);

where CALLBACK is a macro that expands to the __stdcall calling convention. See this knowledge base article for a more detailed description.

If your DLL's function does not have the correct signature or calling convention, lots of badness will ensue. See What can go wrong when you mismatch the calling convention? for lots of gory details. Fortunately (or perhaps unfortunately), RunDll32 is written in such a way to ameliorate those types of errors, but that still doesn't mean it's a good idea. Do not use RunDll32 to call functions that do not have the correct signature. It's just a ticking time bomb waiting to go off in the next version of Windows.

like image 170
Adam Rosenfield Avatar answered Sep 21 '22 13:09

Adam Rosenfield

It can't call just any function, it can only call function specifically written to be called. Hence, there is no magic.

like image 30
Petr Abdulin Avatar answered Sep 21 '22 13:09

Petr Abdulin
Sign in to Comment

Related questions

What happens if I re-alloc and the new size is 0. Is this equivalent with a free?
Correct way to initialize a NULL-terminated array of strings in C
When should carry flag be set in assembly language
Getting current time of a different timezone using C++
Fast 2D convolution for DSP
Recovering IP/Port from Socket Descriptor
MS Visual C++: When should you care about using calling conventions?
Meaning of declaration of function
Which is better C Vs Python? [closed]
Printing a float in C while avoiding variadic parameter promotion to double
Is there any way to do 128-bit shifts on gcc <4.4?
Problem with free() on structs in C. It doesn't reduce memory usage
How to embed a Lua script within a C binary?
C Integral Overflow?
math expression evaluation - very fast - with objective-c
Using C++ files in C project
Switch statements in C: variable in case?
Can a C/C++ program seg-fault from reading past the end of an array (UNIX)?
Geany vs Eclipse for C development on large projects
Is there a way to identify all the unused global variable in a C project?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!