DLL or EXE? Now, I’m beginning to get confused. I heard from one site that
.dll and .exe files are two different things. But I’ve also heard about
explorer.dll.exe. I’ve read from a site discussing about dll exe that dlls
cannot be directly executed. So how’s that work?
The difference shouldn’t matter to most Windows users. In general, this is something that should be one of those hidden details that you never need to worry about.
Unfortunately, that’s not the case.
I’ll describe what DLLs and EXEs are and how they relate to each other.
And I’ll also tell you why the folks who write malware make it important to
know that there’s a difference.
Become a Patron of Ask Leo! and go ad-free!
“.exe” files, or files that end in the four characters “.exe” are assumed by
Windows (and even MS-DOS before it) to be executable
Which is really just a fancy way of saying that they’re the programs you
You’ll recognize many examples:
- explorer.exe – Windows Explorer and the Windows primary user interface
- iexplore.exe – Internet Explorer web browser
- chrome.exe – the Google Chrome browser
- thunderbird.exe – the Mozilla Thunderbird email program
- winword.exe – Microsoft Word, word processor
- … and so on
DLL stands for Dynamic Link Library.
A library is a collection of software that is made available for programs to
use. That means a program you run, such as ‘winword.exe’ from the list above, might load additional DLLs that contain more software that make up the program. In Word’s case,
perhaps the software for the “Word Art” feature is placed in a separate DLL
that winword.exe loads either at startup or when you use that particular
Software is often broken up into or provided as an .EXE and a collection of
.DLLs for any of a number of reasons:
- The DLL only needs to be loaded when it’s used, which reduces load time and memory needs when not. Loading only when needed is the “dynamic” part of Dynamic Link Library.
- The DLL may be shared among multiple programs. For example, if Word and
PowerPoint both have WordArt as a feature, then they can both use that same .DLL to provide the feature (if written properly, of course). This avoids multiple programs from all needing to duplicate the software required to perform a task.
- The DLL may provide functionality to another program. For example, using DLLs
is one way that one program might cause features to appear in another, such as new
context menu items in Windows Explorer.
In fact, much of Windows itself is implemented as DLLs that applications load and use to access your system.
It is true – DLLs cannot be directly executed. They’re designed to be loaded
and run by other programs: EXE programs.
Why the difference matters
In short, malware. In fact, your example perfectly shows one way that malware tries to mislead you:
That’s an .exe file, and nothing else. Everything in front of the .exe is
the name of the file – even the part that says “.dll”. The file ends
in .exe and Windows will treat that as a program. It is not a DLL. The fact
that it has .dll in the middle of its name is completely meaningless
– other than, to confuse and mislead you.
It is also not Windows Explorer – that’s “explorer.exe” without the “.dll”
in the middle. The name may be similar, but this is a completely unrelated
Why do this?
Because when displaying files by default, Windows will “hide extensions for
known file types”. That means that while the file’s actual name is:
what will be displayed is:
Hiding the “.exe” because that’s a known file type.
It could fool you into thinking that’s a DLL and not an EXE. What they might
do from there is unclear.
One thing that I can tell you though: Don’t double-click on
Double-clicking means “open this file”, which for an .exe means “run this
program”. Even though it shows .dll, the real filename ends in .exe and
that’s exactly how Windows will treat it.
Misleading you in this manner is one technique to get you to install