About Rundll32

Rundll32 is a command-line utility program that is used to run DLL files that are 32 bits. In previews versions of Microsoft Windows, the Rundll for 16 bit DLLs was used to call upon these type of libraries. The functions written in DLLs must be created in such way that they can be called by the Rundll32 command. You now understand the main difference between Rundll and Rundll32. When invoking the Rundll32 command be sure you specify the correct path to the DLL file. Also remember that the DLL’s name must not contain spaces or special characters (quotation marks or commas). This is how the command is invoked using cmd: RUNDLL.EXE ,  
Rundll command parses the command line, then loads the DLL file using the LoadLibrary() function. The LoadLibrary() loads a module into the address space of the calling process. Read more about this function on Microsoft’s website: http://msdn.microsoft.com/en-us/library/windows/desktop/ms684175(v=vs.85).aspx . After this step is complete, Rundll will obtain the address of the  using the GetProcAddress() function (retrieves the address of an exported function or variable from the specified dynamic-link library (DLL)), then it will call the  function by analyzing the . In the end, Rundll32 will unload the DLL file.
If your Rundll32 is not found when you open Control Pannel you’ll have to do the following: Insert your Windows CD, open command prompt as an administrator, type expand Z:\i386\rundll32.ex_ c:\windows\system32\rundll32.exe (Z is your CD ROM drive letter) then restart your computer.
The usual path of the Runndll command is C:\Windows\System32\Rundll32.exe
You can view the running Rundll command by looking in task manager:

In vista or later versions of Windows, you can see the running Rundll32 command arguments by selecting View-Command line from task manager:
Task Manager
When using Windows XP or Windows Server 2003, I usually use the Process Explorer tool to find out the Rundll32 command parameters:
Process Explorer
But what about DLL files? What are those and what is their functionality? DLLs or Dynamic-link libraries are  Microsoft’s shared libraries concept. A shared library is used by multiple executable files to load a certain code into memory for execution. A library as a concept in computer science, is a collection of programming languages functions or codes (read more on Wikipedia: http://en.wikipedia.org/wiki/Shared_library#Shared_libraries). The format of DLL files are PE (Portable Executable http://en.wikipedia.org/wiki/Portable_Executable for 32 and 64 bits and NE (New Executable http://en.wikipedia.org/wiki/New_Executable for 16 bits). DLLs are somehow like executable files, but they need to be executed by other commands (such as Rundll32.exe). If you are an Windows Administrator, you will probably not have to code DLL files, you will only execute/recompile them. Read more about DLLs on Wikipedia: http://en.wikipedia.org/wiki/Dynamic-link_library.
That’s all for this post, I hope you will enjoy it.

2 thoughts on “About Rundll32

  1. Sad days with rundll32.exe. Rundll32.exe in c:\Windows\SysWOW64 will just sit and run, I think forever, showing 40 – 50 % CPU utilization in windows task managers processing list (and in overall cpu utilization) when certain programs are opened (Diablo II – hey I have 3, but am sad II won't run anymore). I can end the task, and CPU utilization immediately drops to 0-6%, but Diablo II doesn't launch.

    Norton, windows defender say my PC is clean of viruses. This isn't anything new. Updates , browsers, word, everything else seems to run. Just Diablo II and rundll32….



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s