How exactly does RunDll32 call a function, without knowing the number/types of arguments that the function can take?
Does it have a built-in compiler or something of the sort?
RunDll32 is pretty much a thin wrapper that calls LoadLibrary to load the given DLL, calls GetProcAddress to get the function address of the desired function, and then calls the function.
It can't call just any exported function in the DLL, though—it assumes that the function has a very specific function signature of the following:
void CALLBACK
EntryPoint(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow);
where CALLBACK is a macro that expands to the __stdcall calling convention. See this knowledge base article for a more detailed description.
If your DLL's function does not have the correct signature or calling convention, lots of badness will ensue. See What can go wrong when you mismatch the calling convention? for lots of gory details. Fortunately (or perhaps unfortunately), RunDll32 is written in such a way to ameliorate those types of errors, but that still doesn't mean it's a good idea. Do not use RunDll32 to call functions that do not have the correct signature. It's just a ticking time bomb waiting to go off in the next version of Windows.
It can't call just any function, it can only call function specifically written to be called. Hence, there is no magic.
来源:https://stackoverflow.com/questions/8207510/how-does-rundll32-work