DLL or EXE? Now, I’m beginning to get confused. I heard from one site that
.dll and .exe files are two different things. But I’ve also heard about
explorer.dll.exe. I’ve read from a site discussing about dll exe that dlls
cannot be directly executed. So how’s that work?
The difference shouldn’t matter to most Windows users. In general, this is something that should be one of those hidden details that you never need to worry about.
Unfortunately, that’s not the case.
I’ll describe what DLLs and EXEs are and how they relate to each other.
And I’ll also tell you why the folks who write malware make it important to
know that there’s a difference.
]]>
<![CDATA[
Become a Patron of Ask Leo! and go ad-free!
EXE files
“.exe” files, or files that end in the four characters “.exe” are assumed by
Windows (and even MS-DOS before it) to be executable
programs.
Which is really just a fancy way of saying that they’re the programs you
run.
You’ll recognize many examples:
- explorer.exe – Windows Explorer and the Windows primary user interface
- iexplore.exe – Internet Explorer web browser
- chrome.exe – the Google Chrome browser
- thunderbird.exe – the Mozilla Thunderbird email program
- winword.exe – Microsoft Word, word processor
- … and so on
DLL files
DLL stands for Dynamic Link Library.
A library is a collection of software that is made available for programs to
use. That means a program you run, such as ‘winword.exe’ from the list above, might load additional DLLs that contain more software that make up the program. In Word’s case,
perhaps the software for the “Word Art” feature is placed in a separate DLL
that winword.exe loads either at startup or when you use that particular
feature.
Software is often broken up into or provided as an .EXE and a collection of
.DLLs for any of a number of reasons:
- The DLL only needs to be loaded when it’s used, which reduces load time and memory needs when not. Loading only when needed is the “dynamic” part of Dynamic Link Library.
- The DLL may be shared among multiple programs. For example, if Word and
PowerPoint both have WordArt as a feature, then they can both use that same .DLL to provide the feature (if written properly, of course). This avoids multiple programs from all needing to duplicate the software required to perform a task. - The DLL may provide functionality to another program. For example, using DLLs
is one way that one program might cause features to appear in another, such as new
context menu items in Windows Explorer.
In fact, much of Windows itself is implemented as DLLs that applications load and use to access your system.
It is true – DLLs cannot be directly executed. They’re designed to be loaded
and run by other programs: EXE programs.
Why the difference matters
In short, malware. In fact, your example perfectly shows one way that malware tries to mislead you:
explorer.dll.exe
That’s an .exe file, and nothing else. Everything in front of the .exe is
the name of the file – even the part that says “.dll”. The file ends
in .exe and Windows will treat that as a program. It is not a DLL. The fact
that it has .dll in the middle of its name is completely meaningless
– other than, to confuse and mislead you.
It is also not Windows Explorer – that’s “explorer.exe” without the “.dll”
in the middle. The name may be similar, but this is a completely unrelated
file.
Why do this?
Because when displaying files by default, Windows will “hide extensions for
known file types”. That means that while the file’s actual name is:
explorer.dll.exe
what will be displayed is:
explorer.dll
Hiding the “.exe” because that’s a known file type.
It could fool you into thinking that’s a DLL and not an EXE. What they might
do from there is unclear.
One thing that I can tell you though: Don’t double-click on
it.
Double-clicking means “open this file”, which for an .exe means “run this
program”. Even though it shows .dll, the real filename ends in .exe and
that’s exactly how Windows will treat it.
Misleading you in this manner is one technique to get you to install
malware.
Naah…. That is for the geeks.
If the extensions are hidden, it is much neater to look at. That is the main purpose of the GUI in the first place. And under this setting, if you happen to see an extension – the file is a suspect. Easier to detect a suspicious file this way than looking for double extensions. In fact the system itself can flag such multiple-extension files.
Besides there are so many extensions that displaying them would confuse most users. That must have been the purpose of the default setting, I suspect.
Personally, I prefer if the icons for all executable files would in someway indicate that they are executable – a system superimposed “X” perhaps. MS-Word files have “W” on the icon.
-Rahul.
So are you saying to never open an exe file?
17-Jan-2012
@Dan
Every time you run a program you are running an .exe file. The danger is in running an unknown .exe file. If you download a program from a trusted website, then you would have to run an .exe or an .msi file to install it. (An .msi file is a Microsoft Installation file which is also an executable file.)
@Dan – specifically, I’d suggest Leo was referring to the the ‘explorer.dll.exe’ file given in the example.
@Rahul – It’s exactly because there are so many filetypes that I think extensions should be visible by default. It can only benefit the users understanding of what’s going on – something I’d sacrifice a ‘clean’ GUI for any day.
Funny thing is, I’ve used a “.” in the middle sometimes when naming a file, yet wasn’t quite sure what I was looking at when coming across files with seemingly double extensions like the example above. In fact I’ve seen video files ending in .wmv.flv (as if you could use both formats). Anyone know why that would be done?
Mr, Leo this .Dll file could make any difference in Linux
?why some program ask .dll file in Linux?
What I do not understand is why does window use the hide known extensions as default when all that is doing is “assisting” Malware to be unknowingly executed???? What is Microsoft “gaining” by not so computer literate users unknowingly running .exe files??????
Some conversion programs, for example, preserve the original extension and instead of changing the extension name the add another one. There’s no particularly useful reason for that.
Thank you. Even a “computer dummy” like me now has some understanding for the difference between extensions .exe and .dll.
thanks leo you saved me $$$ if malware gets into my computer i am a p plater or learner