动态链接库函数启动器Rundll32

HMODULE g_hmodDLL;

BOOL APIENTRY DllMain( HANDLE hModule,
                       DWORD ul_reason_for_call,
                       LPVOID lpReserved
      )
{
if (ul_reason_for_call == DLL_PROCESS_ATTACH)
        g_hmodDLL =HMODULE(hModule);

return TRUE;
}

extern "C" __declspec(dllexport) void CALLBACK MagicDel(HWND,
                                                        HINSTANCE,
                                                        LPTSTR lpCmdLine,
                                                        int)
{
    // delete the executable file that created this process
    Sleep(2000);
    DeleteFile(lpCmdLine);

    // delete ourself
    char filenameDLL[MAX_PATH];
    GetModuleFileName(g_hmodDLL, filenameDLL, sizeof(filenameDLL));

    __asm
    {
   lea     eax, filenameDLL
   push    0
   push    0
   push    eax
   push    ExitProcess
   push    g_hmodDLL
   push    DeleteFile
   push    FreeLibrary
   ret
    }
}

extern   "C"   __declspec(dllexport) void __cdecl   MyEntry(HWND   hwnd,                 //   handle   to   owner   window
               HINSTANCE   hinst,     //   instance   handle   for   the   DLL
               LPTSTR   lpCmdLine,   //   string   the   DLL   will   parse
               int   nCmdShow             //   show   state
               )
{
MessageBox(NULL,lpCmdLine,"",MB_OK);
}

调用方法：
rundll32.exe rdTest.dll,MyEntry "hello!"

The Run DLL utility (Rundll32.exe) included in Windows enables you to call functions exported from a 32-bit DLL. These functions must have the following syntax:

void CALLBACK EntryPoint(
  HWND hwnd,        // handle to owner window
  HINSTANCE hinst,  // instance handle for the DLL
  LPTSTR lpCmdLine, // string the DLL will parse
  int nCmdShow      // show state
);

Note that EntryPoint is a placeholder for the actual function name. For a list of possible show states, see WinMain.

The following is the command-line syntax for Rundll32:

rundll32 DllName,FunctionName [Arguments]

DllName

Specifies the name of the DLL. The name cannot contain spaces, commas, or quotation marks. The utility searches for the DLL using the search criteria documented for the LoadLibrary function. Therefore, it is best to use the short name and provide a full path for the DLL.

FunctionName

Specifies the name of the function to call in DllName. Requires a comma (without no spaces) between DllName and FunctionName.

Arguments

Optional arguments for FunctionName.

Rundll32 loads the specified DLL using LoadLibrary, obtains the address of the function using the GetProcAddress function, and calls the function with the specified arguments, if any. When the function returns, Rundll32 unloads the DLL and exits.

Windows NT/2000: It is possible to create a Unicode version of the function. Rundll32 first tries to find a function named EntryPointW. If it cannot find this function, it tries EntryPointA, then EntryPoint. To create a DLL that supports ANSI on Windows 95/98/Me and Unicode otherwise, export two functions: EntryPointW and EntryPoint.

参阅：

http://support.microsoft.com/kb/164787

http://blogs.msdn.com/b/oldnewthing/archive/2004/01/15/58973.aspx