{
	"id": "091be655-5ff1-4943-ba61-290182fa88f4",
	"created_at": "2026-04-06T00:18:29.413881Z",
	"updated_at": "2026-04-10T03:21:03.634205Z",
	"deleted_at": null,
	"sha1_hash": "a7b01d955cb4d684e034918212e5a18fd73a8fac",
	"title": "PSBits/NoRunDll at master · gtworek/PSBits",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 29313,
	"plain_text": "PSBits/NoRunDll at master · gtworek/PSBits\r\nBy gtworek\r\nArchived: 2026-04-05 21:59:26 UTC\r\nSimple proof of concept and demonstration of RunDll32.exe limitations (a.k.a. \"it's by design\"). The solution\r\nconsists of 3 components:\r\n1. DLL - simple DLL exporting two methods, including \"RunMe()\" which is what you want to call,\r\n2. PowerShell script calling the method you want,\r\n3. cmd script with RunDLL32 trying to call the same method but effectively calling another one.\r\nDLL comes in C and in compiled version - your choice.\r\nThe behavior you can observe is \"by design\", not very-well-known way of working of RunDll32: When you call\r\nMethod() it tries to call MethodW() and MethodA() first instead of the one you asked.\r\nAnd the conclusion is \"Luke, use the for^H^H^H PowerShell!\"\r\nSource: https://github.com/gtworek/PSBits/tree/master/NoRunDll\r\nhttps://github.com/gtworek/PSBits/tree/master/NoRunDll\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://github.com/gtworek/PSBits/tree/master/NoRunDll"
	],
	"report_names": [
		"NoRunDll"
	],
	"threat_actors": [],
	"ts_created_at": 1775434709,
	"ts_updated_at": 1775791263,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a7b01d955cb4d684e034918212e5a18fd73a8fac.pdf",
		"text": "https://archive.orkl.eu/a7b01d955cb4d684e034918212e5a18fd73a8fac.txt",
		"img": "https://archive.orkl.eu/a7b01d955cb4d684e034918212e5a18fd73a8fac.jpg"
	}
}