11 Feb 2013

About Rundll32

   Rundll32 is a command-line utility program that is used to run DLL files that are 32 bits. In previews versions of Microsoft Windows, the Rundll for 16 bit DLLs was used to call upon these type of libraries. The functions written in DLLs must be created in such way that they can be called by the Rundll32 command. You now understand the main difference between Rundll and Rundll32. When invoking the Rundll32 command be sure you specify the correct path to the DLL file. Also remember that the DLL's name must not contain spaces or special characters (quotation marks or commas). This is how the command is invoked using cmd: RUNDLL.EXE <dllname>,<entrypoint> <optional arguments> 
   Rundll command parses the command line, then loads the DLL file using the LoadLibrary() function. The LoadLibrary() loads a module into the address space of the calling process. Read more about this function on Microsoft's website: http://msdn.microsoft.com/en-us/library/windows/desktop/ms684175(v=vs.85).aspx . After this step is complete, Rundll will obtain the address of the <entrypoint> using the GetProcAddress() function (retrieves the address of an exported function or variable from the specified dynamic-link library (DLL) http://msdn.microsoft.com/en-us/library/windows/desktop/ms683212(v=vs.85).aspx), then it will call the <entrypoint> function by analyzing the <optional arguments>. In the end, Rundll32 will unload the DLL file.
   If your Rundll32 is not found when you open Control Pannel you'll have to do the following: Insert your Windows CD, open command prompt as an administrator, type expand Z:\i386\rundll32.ex_ c:\windows\system32\rundll32.exe (Z is your CD ROM drive letter) then restart your computer.
The usual path of the Runndll command is C:\Windows\System32\Rundll32.exe
   You can view the running Rundll command by looking in task manager:

In vista or later versions of Windows, you can see the running Rundll32 command arguments by selecting View-Command line from task manager:
Task Manager

When using Windows XP or Windows Server 2003, I usually use the Process Explorer tool to find out the Rundll32 command parameters:
Process Explorer

But what about DLL files? What are those and what is their functionality? DLLs or Dynamic-link libraries are  Microsoft's shared libraries concept. A shared library is used by multiple executable files to load a certain code into memory for execution. A library as a concept in computer science, is a collection of programming languages functions or codes (read more on Wikipedia: http://en.wikipedia.org/wiki/Shared_library#Shared_libraries). The format of DLL files are PE (Portable Executable http://en.wikipedia.org/wiki/Portable_Executable for 32 and 64 bits and NE (New Executable http://en.wikipedia.org/wiki/New_Executable for 16 bits). DLLs are somehow like executable files, but they need to be executed by other commands (such as Rundll32.exe). If you are an Windows Administrator, you will probably not have to code DLL files, you will only execute/recompile them. Read more about DLLs on Wikipedia: http://en.wikipedia.org/wiki/Dynamic-link_library.
That's all for this post, I hope you will enjoy it.

About me

After finishing a Computer Science University I've started working as an IT support technician for an Outsourcing company. Since then, I've changed my profile a couple of times and now I work as a System Administrator at one of the biggest companies in the gaming industry. I'm constantly learning new things in this domain so I thought of creating this website for sharing my experiences. Until now, I've taken the Cisco Certificate Network Associate exam and several Microsoft certifications. Now, I am in the process of learning Unix and enhance my programming skills.


  1. Sad days with rundll32.exe. Rundll32.exe in c:\Windows\SysWOW64 will just sit and run, I think forever, showing 40 - 50 % CPU utilization in windows task managers processing list (and in overall cpu utilization) when certain programs are opened (Diablo II - hey I have 3, but am sad II won't run anymore). I can end the task, and CPU utilization immediately drops to 0-6%, but Diablo II doesn't launch.

    Norton, windows defender say my PC is clean of viruses. This isn't anything new. Updates , browsers, word, everything else seems to run. Just Diablo II and rundll32....

  2. Amazing blog and very interesting stuff you got here! I definitely learned a lot from reading through some of your earlier posts as well and decided to drop a comment on this one!

  3. Thank you very much, browse through all of our articles and share.