# EXE vs DLL
## EXE
exe are seperate programs which can be loaded into memory as an independent process
## DLL
* dlls are PE modules that are loaded to existing processes and cannot live independentely in the memory
* dll's main purpose is to deliver some functionality a calling process needs
## Generating a PE file
we need source code and a compiler to translate and compile the code into machine code which is then understandable by the CPU which is executing the program
## Difference between writing C program for EXE and DLL
the basic diffrence is how you call your code in your module or program
### EXE
in EXE case there should be a function called main which is called by the OS Loader when it finishes all initialization of the new process
### Compiliing EXE
### DLL
* in DLL the process is already exist and then it's imported due to the funcionality it implants
* the loader reads a DLL from the disk reserve some space in the target process and loads the DLL into the space and then it calls a dll function called DLL main and this function initializes the library and then the loader hands off the control to the process and then the process an call functions from the loaded DLL
* DllMain is the entry point for DLLs so when the OS Loader wants to load the dll into a process it will call DllMain DLL\_PROCESS\_ATTACH and when it wants to unload the dll from the process it will also call DllMain DLL\_PROCESS\_DETACH
* This code snippet is an example of a Windows Dynamic Link Library (DLL) that exports a single function called "RunME" using the \_\_declspec(dllexport) directive. When this DLL is loaded into a process, the operating system will call the DllMain function to notify the DLL about various events such as process/thread attach and detach.
* In this case, the DllMain function simply switches on the ul\_reason\_for\_call parameter to determine the type of event and takes no further action. This is a common pattern for DllMain implementations where the developer is not interested in performing any initialization or cleanup work.
* The RunME function displays a message box using the MessageBox function with the "MB\_OK" flag, which indicates that the message box should contain an OK button. The message box contains the text "RT Operator, here I come!" and has the title "RTO". The function returns TRUE, indicating success.
* Overall, this code snippet is a basic example of a DLL with a single exported function that displays a message box when called.
* The DllMain function is an optional entry point function for Windows DLLs. It is called by the operating system when various events occur, such as when the DLL is loaded into a process or when a process or thread attaches or detaches from the DLL.
The function takes three parameters:
* **hModule :** A handle to the DLL module.
* **ul\_reason\_for\_call :** An indication of why the function was called. This parameter can be one of four values:
* **DLL\_PROCESS\_ATTACH :** The DLL is being loaded into a process for the first time.
* **DLL\_PROCESS\_DETACH :** The DLL is being unloaded from a process.
* **DLL\_THREAD\_ATTACH :** A new thread is being created in the current process and the DLL is being attached to the thread.
* **DLL\_THREAD\_DETACH :** A thread in the current process is exiting and the DLL is being detached from the thread.
* **lpReserved :** Reserved for future use.
The function should return a BOOL value indicating success or failure. In the code snippet provided, the function simply switches on the value of ul\_reason\_for\_call to determine the reason for the function call and takes no further action. The function returns TRUE to indicate success.
### Compiling DLL
## Using dumpbin to list all the functions exported by a DLL
```powershell
dumpbin /exports implant.dll
```
**Running dll's exported functions :**
