Using Rundll

A "DLL" file is a special program that never gets run. Instead, it has lots of cool utilities inside it that other programs can use. And the rundll and rundll32 programs let us run those buried utilities inside DLL files from a command line. But there is a problem. The DOS command line only passes strings (characters and words). Some DLLs functions expect specially formatted numbers, memory addresses, window handles, or object references. We will never be able to use those functions. There are other DLLs that we could use but will probably never figure out. Too bad. But that still leaves us a few cool functions we can call!

One way to find functions that can be activated via rundll (and rundll32) is to read through the Windows SDK (Software Development Kit). Ouch! Another way is to just pick exe and dll files at random and right-click them choosing "Quick View". If you scroll down, you might come to a section labeled "Exported Functions". That's what you want, but without further info on the needed arguments, you'll be left guessing as to whether they will work. Another way to find functions is to open any Explorer window and select "View" and "Options". Select the "File Types" tab and for each item hit the "Edit" button to see if rundll is used. Very tedious. Just as bad is searching the system registry. Guaranteed they will all work, but they may not do anything you want. But that's how things are.

Here's a collection of rundll and rundll32 command lines I've collected:

To bring up the "Format - 3 1/2  Floppy (A:)" window:
rundll32.exe shell32.dll,SHFormatDrive

To bring up the Control Panel "Date/Time Properties" window:
rundll32.exe shell32.dll,Control_RunDLL timedate.cpl

To bring up the Control Panel "Display Properties" window:
rundll32.exe shell32.dll,Control_RunDLL desk.cpl

To bring up the Control Panel "Display Properties" window and open the third tab (the third tab is 2 because the first tab is 0):
rundll32.exe shell32.dll,Control_RunDLL timedate.cpl,@0,2

To bring up the Control Panel "Network" window:
rundll32.exe shell32.dll,Control_RunDLL netcpl.cpl

To bring up the Control Panel "System Properties" window:
rundll32.exe shell32.dll,Control_RunDLL sysdm.cpl

To shut windows down using the Windows 3.1 API:
rundll user,exitwindows
or you can use the number that Quick View displays alongside the function name:
rundll user,#7

To try for a reboot using the Windows 3.1 API:
rundll user,exitwindowsexec
or
rundll user,#246

To shut Windows down using the Win32 API
rundll32 user.exe,#7

Make a beep
rundll user,messagebeep
rundll32 user.exe,messagebeep
rundll32 user.exe,#104

Shuts off COM2 serial port if the port was opened under the Windows 3.1 API
rundll user,closecomm
rundll32 user.exe,closecomm
rundll32 user.exe,#207

Polite windows restart
rundll user,exitwindowsexec

Polite power off
rundll user,exitwindows
rundll32 user.exe,exitwindows
rundll32 user.exe,#7

Forced immediate logoff
rundll32 user32.dll,ExitWindowsEx

Open DUN (dial up networking exported file):
rundll32.exe rnaui.dll,RnaRunImport

Start a dialup connection by name
rundll32.exe rnaui.dll,RnaDial %1

NetMeeting Speeddial CNF:
rundll32.exe msconf.dll,OpenConfLink %l

H.323 -or- Intel IPhone Internet telephony:
rundll32.exe msconf.dll,NewMediaPhone %l

URL Callto:
rundll32.exe msconf.dll,CallToProtocolHandler %l

URL:
rundll32.exe shdocvw.dll,OpenURL %l

URL Rlogin / Telnet / TN3270:
rundll32.exe url.dll,TelnetProtocolHandler %l

Email rfc822 EML:
rundll32.exe c:\windows\SYSTEM\mailnews.dll,EMLFileHandler

News rfc822 NWS:
rundll32.exe c:\windows\SYSTEM\mailnews.dll,News_RunDLL

URL File:
rundll32.exe url.dll,FileProtocolHandler %l

URL Mailto:
rundll32.exe c:\windows\SYSTEM\mailnews.dll,Mail_RunDLL

INF install:
C:\WINDOWS\rundll.exe setupx.dll,InstallHinfSection DefaultInstall 132

INF active install
rundll32.exe advpack.dll,LaunchINFSection %1, DefaultInstall

New briefcase
C:\WINDOWS\rundll32.exe syncui.dll,Briefcase_Create %1!d! %2

New LNK
RunDLL32 AppWiz.Cpl,NewLinkHere %1

open aif
rundll32 amovie.ocx,RunDll %1

play aif
rundll32 amovie.ocx,RunDll /play /close %1

open auf
C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\amovie.ocx,RunDll /open %1

play auf
C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\amovie.ocx,RunDll /play /close %1

open avi
C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\amovie.ocx,RunDll /open %1

play avi
C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\amovie.ocx,RunDll /play /close %1

open channel file
rundll32 cdfview.dll,OpenChannel %L

subscribe to channel
rundll32 cdfview.dll,Subscribe %L

print HTML
rundll32.exe C:\WINDOWS\SYSTEM\MSHTML.DLL,PrintHTML "%1"

printto HTML
rundll32.exe C:\WINDOWS\SYSTEM\MSHTML.DLL,PrintHTML "%1" "%2" "%3" "%4"

open midi
C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\amovie.ocx,RunDll /open %1

play midi
C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\amovie.ocx,RunDll /play /close %1

open MOV
rundll32 amovie.ocx,RunDll %1

play MOV
rundll32 amovie.ocx,RunDll /play /close %1

open MPEG
C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\amovie.ocx,RunDll /open %1

play MPEG
C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\amovie.ocx,RunDll /play /close %1

open sound
C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\amovie.ocx,RunDll /open %1

play sound
C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\amovie.ocx,RunDll /play /close %1

open unknown file
C:\WINDOWS\rundll32.exe shell32.dll,OpenAs_RunDLL %1

install screensaver
C:\WINDOWS\rundll32.exe desk.cpl,InstallScreenSaver %l
 

More great RUNDLL tips:
http://www.mvps.org/vb/tips/shellcpl.txt

http://www.rgagnon.com/pbdetails/pb-0204.html