How to use Rundll32 to execute DLL Function?

mike picture mike · Jul 8, 2010 · Viewed 63.4k times · Source

Using the ShellExecute documentation as a reference:

I run the following from the command line:

C:\>RUNDLL32.EXE SHELL32.DLL,ShellExecute handle,"open","C:\Documents and Settings\admin\Desktop\tmp",NULL,NULL,SW_SHOWNORMAL

This results in an exception error.

I don't know what this means:

HINSTANCE ShellExecute(
  __in_opt  HWND hwnd,
  __in_opt  LPCTSTR lpOperation,
  __in      LPCTSTR lpFile,
  __in_opt  LPCTSTR lpParameters,
  __in_opt  LPCTSTR lpDirectory,
  __in      INT nShowCmd
);

But in the description, a handle (HWND), and a pointer to a null-terminated string (LPCTSTR), are mentioned, but it is very confusing.

Any help would be greatly appreciated. I would also like to learn more, so any references (book, web links, etc) would also be great!

Answer

Michael picture Michael · Jul 8, 2010

Rundll32 only supports running DLL exports with the following signature:

void CALLBACK
  EntryPoint(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow);

It does not support running arbitrary entry points. Since ShellExecute does not have that signature, clearly bad things will happen.

INFO: Windows Rundll and Rundll32 Interface has more info on the rundll32 interface.

If you want to do the equivelent of ShellExecute from the command line, just use start:

C:\>start "C:\Documents and Settings\admin\Desktop\tmp"