This is a quickie.<\/p>\n\n\n\n
Using rundll32 to run stuff is well-known. You can load DLLs, and call APIs.<\/p>\n\n\n\n
Sometimes tho, we may get confused about data format we need to provide to APIs. If your API accepts an ANSI, or a Unicode string, different rules apply.<\/p>\n\n\n\n
The best way to test _any_ API executed via rundll32.exe is to call it by a ‘native’ name w\/o a suffix (A or W). This way, it will go through a sequence of:<\/p>\n\n\n\n
What it means (practically) is that if you supply an API name with a ‘A’ or ‘W’ suffix, the sequence of API name resolving is going to look like this:<\/p>\n\n\n\n
or<\/p>\n\n\n\n
Knowing the way rundll32.exe accepts and processes the API function names is actually very helpful – especially when you are calling functions that require Unicode strings as an argument…<\/p>\n","protected":false},"excerpt":{"rendered":"
This is a quickie. Using rundll32 to run stuff is well-known. You can load DLLs, and call APIs. Sometimes tho, we may get confused about data format we need to provide to APIs. If your API accepts an ANSI, or … Continue reading