How Rundll Works
Rundll performs the following steps:
- It parses the command line.
- It loads the specified DLL via LoadLibrary().
- It obtains the address of the <entrypoint> function via GetProcAddress().
- It calls the <entrypoint> function, passing the command line tail which is the <optional arguments>.
- When the <entrypoint> function returns, Rundll.exe unloads the DLL and exits.
