Rundll command parses the command line, then loads the DLL file using the LoadLibrary() function. The LoadLibrary() loads a module into the address space of the calling process. Read more about this function on Microsoft's website: http://msdn.microsoft.com/en-us/library/windows/desktop/ms684175(v=vs.85).aspx . After this step is complete, Rundll will obtain the address of the <entrypoint> using the GetProcAddress() function (retrieves the address of an exported function or variable from the specified dynamic-link library (DLL) http://msdn.microsoft.com/en-us/library/windows/desktop/ms683212(v=vs.85).aspx), then it will call the <entrypoint> function by analyzing the <optional arguments>. In the end, Rundll32 will unload the DLL file.
If your Rundll32 is not found when you open Control Pannel you'll have to do the following: Insert your Windows CD, open command prompt as an administrator, type expand Z:\i386\rundll32.ex_ c:\windows\system32\rundll32.exe (Z is your CD ROM drive letter) then restart your computer.
The usual path of the Runndll command is C:\Windows\System32\Rundll32.exe
You can view the running Rundll command by looking in task manager:
In vista or later versions of Windows, you can see the running Rundll32 command arguments by selecting View-Command line from task manager:
When using Windows XP or Windows Server 2003, I usually use the Process Explorer tool to find out the Rundll32 command parameters:
But what about DLL files? What are those and what is their functionality? DLLs or Dynamic-link libraries are Microsoft's shared libraries concept. A shared library is used by multiple executable files to load a certain code into memory for execution. A library as a concept in computer science, is a collection of programming languages functions or codes (read more on Wikipedia: http://en.wikipedia.org/wiki/Shared_library#Shared_libraries). The format of DLL files are PE (Portable Executable http://en.wikipedia.org/wiki/Portable_Executable for 32 and 64 bits and NE (New Executable http://en.wikipedia.org/wiki/New_Executable for 16 bits). DLLs are somehow like executable files, but they need to be executed by other commands (such as Rundll32.exe). If you are an Windows Administrator, you will probably not have to code DLL files, you will only execute/recompile them. Read more about DLLs on Wikipedia: http://en.wikipedia.org/wiki/Dynamic-link_library.
That's all for this post, I hope you will enjoy it.