Helping people with computers... one answer at a time.

DLLs and EXE files are very much related, but they are two different things. I'll cover the differences and explain why knowing the difference matters.

DLL or EXE? Now, I'm beginning to get confused. I heard from one site that .dll and .exe files are two different things. But I've also heard about explorer.dll.exe. I've read from a site discussing about dll exe that dlls cannot be directly executed. So how's that work?

The difference shouldn't matter to most Windows users. In general, this is something that should be one of those hidden details that you never need to worry about.

Unfortunately, that's not the case.

I'll describe what DLLs and EXEs are and how they relate to each other.

And I'll also tell you why the folks who write malware make it important to know that there's a difference.

EXE files

".exe" files, or files that end in the four characters ".exe" are assumed by Windows (and even MS-DOS before it) to be executable programs.

Which is really just a fancy way of saying that they're the programs you run.

You'll recognize many examples:

  • explorer.exe - Windows Explorer and the Windows primary user interface

  • iexplore.exe - Internet Explorer web browser

  • chrome.exe - the Google Chrome browser

  • thunderbird.exe - the Mozilla Thunderbird email program

  • winword.exe - Microsoft Word, word processor

  • ... and so on

DLL files

DLL stands for Dynamic Link Library.

A library is a collection of software that is made available for programs to use. That means a program you run, such as 'winword.exe' from the list above, might load additional DLLs that contain more software that make up the program. In Word's case, perhaps the software for the "Word Art" feature is placed in a separate DLL that winword.exe loads either at startup or when you use that particular feature.

Software is often broken up into or provided as an .EXE and a collection of .DLLs for any of a number of reasons:

  • The DLL only needs to be loaded when it's used, which reduces load time and memory needs when not. Loading only when needed is the "dynamic" part of Dynamic Link Library.

  • The DLL may be shared among multiple programs. For example, if Word and PowerPoint both have WordArt as a feature, then they can both use that same .DLL to provide the feature (if written properly, of course). This avoids multiple programs from all needing to duplicate the software required to perform a task.

  • The DLL may provide functionality to another program. For example, using DLLs is one way that one program might cause features to appear in another, such as new context menu items in Windows Explorer.

In fact, much of Windows itself is implemented as DLLs that applications load and use to access your system.

It is true - DLLs cannot be directly executed. They're designed to be loaded and run by other programs: EXE programs.

Why the difference matters

In short, malware. In fact, your example perfectly shows one way that malware tries to mislead you:

explorer.dll.exe

That's an .exe file, and nothing else. Everything in front of the .exe is the name of the file - even the part that says ".dll". The file ends in .exe and Windows will treat that as a program. It is not a DLL. The fact that it has .dll in the middle of its name is completely meaningless - other than, to confuse and mislead you.

It is also not Windows Explorer - that's "explorer.exe" without the ".dll" in the middle. The name may be similar, but this is a completely unrelated file.

Why do this?

Because when displaying files by default, Windows will "hide extensions for known file types". That means that while the file's actual name is:

explorer.dll.exe

what will be displayed is:

explorer.dll

Hiding the ".exe" because that's a known file type.

It could fool you into thinking that's a DLL and not an EXE. What they might do from there is unclear.

One thing that I can tell you though: Don't double-click on it.

Double-clicking means "open this file", which for an .exe means "run this program". Even though it shows .dll, the real filename ends in .exe and that's exactly how Windows will treat it.

Misleading you in this manner is one technique to get you to install malware.

Article C5042 - January 15, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

10 Comments
Rahul
January 16, 2012 5:41 AM

Naah.... That is for the geeks.

If the extensions are hidden, it is much neater to look at. That is the main purpose of the GUI in the first place. And under this setting, if you happen to see an extension - the file is a suspect. Easier to detect a suspicious file this way than looking for double extensions. In fact the system itself can flag such multiple-extension files.

Besides there are so many extensions that displaying them would confuse most users. That must have been the purpose of the default setting, I suspect.

Personally, I prefer if the icons for all executable files would in someway indicate that they are executable - a system superimposed "X" perhaps. MS-Word files have "W" on the icon.

-Rahul.

Dan
January 17, 2012 9:43 AM

So are you saying to never open an exe file?

Not at all. Just be aware that a .exe file is a program and that by "opening" a .exe you're running a program. Make sure that's what you want to do.
Leo
17-Jan-2012
Mark J
January 17, 2012 11:28 AM

@Dan
Every time you run a program you are running an .exe file. The danger is in running an unknown .exe file. If you download a program from a trusted website, then you would have to run an .exe or an .msi file to install it. (An .msi file is a Microsoft Installation file which is also an executable file.)

Collin
January 17, 2012 1:39 PM

@Dan - specifically, I'd suggest Leo was referring to the the 'explorer.dll.exe' file given in the example.

@Rahul - It's exactly because there are so many filetypes that I think extensions should be visible by default. It can only benefit the users understanding of what's going on - something I'd sacrifice a 'clean' GUI for any day.

Mike
January 17, 2012 5:02 PM

Funny thing is, I've used a "." in the middle sometimes when naming a file, yet wasn't quite sure what I was looking at when coming across files with seemingly double extensions like the example above. In fact I've seen video files ending in .wmv.flv (as if you could use both formats). Anyone know why that would be done?

mahes
January 17, 2012 9:26 PM

Mr, Leo this .Dll file could make any difference in Linux
?why some program ask .dll file in Linux?

Frank
January 17, 2012 9:42 PM

What I do not understand is why does window use the hide known extensions as default when all that is doing is "assisting" Malware to be unknowingly executed???? What is Microsoft "gaining" by not so computer literate users unknowingly running .exe files??????

Mark J
January 17, 2012 11:02 PM

@Some conversion programs, for example, preserve the original extension and instead of changing the extension name the add another one. There's no particularly useful reason for that.

BOB FLAGG
January 19, 2012 11:05 PM

Thank you. Even a "computer dummy" like me now has some understanding for the difference between extensions .exe and .dll.

lance john
January 25, 2012 1:24 AM

thanks leo you saved me $$$ if malware gets into my computer i am a p plater or learner

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.