Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Replacing Explorer.exe

Posted on 2002-04-02
11
358 Views
Last Modified: 2008-03-06
  I would like to be able to replace Windows 2000 Explorer with another program. This is difficult, because Explorer is locked while it is running. Does anyone know a way to do this from within Windows 2000. I have found that it can be done from the DOS prompt (after booting to DOS), but that is not the best solution. Any suggestions on how to unlock a running program so it can be changed from within Win2000?
0
Comment
Question by:Leithauser
  • 7
  • 3
11 Comments
 
LVL 44

Expert Comment

by:CrazyOne
ID: 6914466
The short answer is no since Explorer is the shell.


The Crazy One
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 6914481
If you want to change the shell you it still requies a reboot. What is it specifically you are wanting repalce Explorer with? Be very careful about messing around with system files.

To change the shell to something differernt you use this key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Shell TheShell

you must make sure the replacement is a true shell and not just a generic program.
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 6914491
If you want to change the shell from the user side you can do it this way.

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

shell  ThePathAndTheShellFileName

You also need to make changes to this key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot

Shell  

Change the SYS portion to USR
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 44

Expert Comment

by:CrazyOne
ID: 6914495
Before doing any of this you better save the current registry settings in case you run into problems. Of course change the shell in the Registry requires a reboot.
0
 
LVL 5

Author Comment

by:Leithauser
ID: 6918546
    Perhaps a more detailed explanation would help. I currently have a program that replaces the Explorer shell in Windows 95/98/Me. It does this be changing the “Shell=Explorer.exe” line in system.ini with “Shell=MyProgram.exe” during installation and then rebooting. From then on, when Windows runs, there are no icons on the screen and no menu bar at the bottom. The user can only run my program. This is a security program.
   I would like to accomplish the same thing with Windows NT/2000/XP. However, the “Shell=” approach does not work there. I have found that I can accomplish the replacement by booting to DOS with a Windows 98 boot floppy and using “Copy MyProgram Explorer.exe” (after backing up Explorer.exe, of course) and then rebooting, but this is a rather unsatisfactory solution from a setup standpoint.
   What I need is either a way to do this replacement. Some possibilities are:
1) Do the copy MyProgram Explorer from within Windows (which is hard because Explorer is running and therefore locked)
2) A way to change the shell similar to the “Shell=” technique I use with Win 95/98/ME (this might involve changing the register)
3) A way to cause the computer to do the replacement while rebooting such as having my setup program create a temporary AUTOEXEC.BAT FILE that would do the copy before Windows starts, reboot, and then restore the original AUTOEXEC.BAT file
   Any comments would be appreciated. I could also use some clarification of the comment “you must make sure the replacement is a true shell and not just a generic program”. When I did the replacement from DOS my program seemed to work as the shell, although it needs some changes to work properly from Windows 2000/NT/XP.
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 6919173
Well forget about AUTOEXEC.BAT Win2000 doesn't use it.

Why not rename your program to something other than Explorer.exe. Then use the registry settings I mentioned in my prior comments to shell your program?
0
 
LVL 5

Author Comment

by:Leithauser
ID: 6919196
<<Well forget about AUTOEXEC.BAT Win2000 doesn't use it.>>

   I figured as much.

<<Why not rename your program to something other than Explorer.exe. Then use the registry settings I mentioned
in my prior comments to shell your program? >>

   Sounds like the way to do it. I have little experience in manipulating the registry. Is there an easy API call for doing this change? Obviously, I want to be careful. I program in VB, so please do not give me a C code example. Psuedocode woudl be fine. Also, what files do I need to back up to restore the registry manually if something goes wrong?
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 6919294
Umm Yeah I can give you some sample code although it will be in the Delphi language. Changing registry settings should be pretty straight forward in VB. I am resonably sure you can do it in VB without API's.

Backing up the registry programically in Win2000 is a bit tricky because of permissions but I do have code I use to backup the registry and it works if the permissions are set to allowing access to the hives involved. I have to do something for the next few hours so if you are able to be patient I will get back to you sometime withing the next 8hrs or so. :>)
0
 
LVL 5

Author Comment

by:Leithauser
ID: 6919417
<<Umm Yeah I can give you some sample code although it will be in the Delphi language. Changing registry
settings should be pretty straight forward in VB. I am resonably sure you can do it in VB without API's.>>

  I do not think that VB has any functions for accessing the registry directly. As for the code, pseudocode would be fine.

Backing up the registry programically in Win2000 is a bit tricky because of permissions but I do have
code I use to backup the registry and it works if the permissions are set to allowing access to the
hives involved. I have to do something for the next few hours so if you are able to be patient I will
get back to you sometime withing the next 8hrs or so. :>)>>

   No rush. Take your time. I plan on taking tomorrow off anyway. Thanks for your help.
0
 
LVL 44

Accepted Solution

by:
CrazyOne earned 200 total points
ID: 6920097
First off the registry is housed in the C:\WINNT\system32\config folder or C:\Windows\system32\config

The names of the registry files are

DEFAULT
SAM
SECURITY
SOFTWARE
SYSTEM

with no extensions. Unfortunately while Windows is running you can't directly copy these files you have to open each registry hive and then save that hive which will do the same thing as copying the file except it is much more involved.

Now here is the one of the twists. If the file system is NTFS then you can't simply use a DOS boot disk like the Win98 boot disk to copy your backup files to replace the ones in the system32\config folder. The user will need to boot a repair console usually by booting to the Win2000 CD or in some cases the user has installed the console on the hard disk. The problem here is that using the repair console limits access basically to only the WINNT or Windows folder. So I would suggest when you do your backup to create a sub folder within the WinDir. The NT Backup uses the C:\WINNT\repair\RegBack folder to backup the registry to. I would suggest not backing up the registry to this folder just because you don't know if the user does a regular backup or not and it may anger them if they find out you stepped on their backup. :>)  

Ok I have a list box with the following items which represents the registry hives that are going to be ripped and these are the actual name of the hives. Notice the only difference between the registry file name and the hive name is the DEFAULT.

.DEFAULT
SAM
SECURITY
SOFTWARE
SYSTEM

Now what I do is cycle through the list to rip the hives and save them using the same name as the actual registry file name.

Some Info

The list box name is lbRegFiles

Where the hives are located in the registry
{DEFAULT = HKEY_USERS\.DEFAULT
SAM = HKEY_LOCAL_MACHINE\SAM
SECURITY = HKEY_LOCAL_MACHINE\SECURITY
SOFTWARE = HKEY_LOCAL_MACHINE\SOFTWARE
SYSTEM = HKEY_LOCAL_MACHINE\SYSTEM
}

API's
 OpenProcessToken
 GetCurrentProcess
 LookupPrivilegeValue
 RegOpenKeyEx
 RegSaveKey
 RegCloseKey
 CloseHandle
 FormatMessage

TTokenPrivileges = TOKEN_PRIVILEGES structure

Now I know the following code probably won't make a lot of sense since the language is Delphi. So take it one-step at a time a break it down into VB syntax.

procedure TfrmRegBckupMain.btnBckupClick(Sender: TObject);
var
  i: Integer;
  iReturn: Longint;
  hk, hkTheRoot: HKEY;
  h: Thandle;
  liLuid: TLargeInteger;
  tpNew: TTokenPrivileges;
  tpPrev: PTokenPrivileges;
  wReturn: DWord;
  s, sErrMsg: string;


begin

  wReturn := sizeof(PTOKENPRIVILEGES);
  sErrMsg := '';
  try
    if not OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, h) then begin
      sErrMsg := sErrMsg + 'Could not Open Process'#10#13#10#13 + GetErrorMessage(GetLastError);
      Abort;
    end;
    if not LookupPrivilegeValue(nil, 'SeBackupPrivilege', liLuid) then begin
      sErrMsg := sErrMsg + 'Could not get Lookup Privileges'#10#13#10#13 + GetErrorMessage(GetLastError);
      Abort;
    end;
    tpNew.PrivilegeCount := 1;
    tpNew.Privileges[0].luid := liLuid;;
    tpNew.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
    AdjustTokenPrivileges(h, False, tpNew, sizeof(TTOKENPRIVILEGES), tpPrev, wReturn);
    for i := 0 to lbRegFiles.Items.Count - 1 do begin
      lbRegFiles.ItemIndex := i;
      s := Trim(lbRegFiles.Items[i]);
      if s <> 'Finished' then begin
        hkTheRoot := HKEY_LOCAL_MACHINE;
        if s = '.DEFAULT' then hkTheRoot := HKEY_USERS;
        iReturn := RegOpenKeyEx(hkTheRoot, PChar(s), 0, KEY_EXECUTE + KEY_READ, hk);
        if s = '.DEFAULT' then s := 'DEFAULT';
        if iReturn <> ERROR_SUCCESS then
          sErrMsg := sErrMsg + #10#13 + 'Could not Open Key ' + s + #10#13#10#13 + GetErrorMessage(iReturn)
        else begin
          iReturn := RegSaveKey(hk, PChar(s), nil);
          if iReturn <> ERROR_SUCCESS then
            sErrMsg := sErrMsg+ #10#13 + 'Could not Save Key ' + s + #10#13#10#13 + GetErrorMessage(iReturn);
        end;
        RegCloseKey(hk);
      end;
    end;
    AdjustTokenPrivileges(h, True, tpNew, sizeof(TTOKENPRIVILEGES), tpPrev, wReturn);
    CloseHandle(h);
 finally
  if Trim(sErrMsg) <> '' then
    ShowMessage(sErrMsg)
  else
    Application.Terminate;
 end;

end;

function GetErrorMessage(ErrorCode: integer): string;
const
  BUFFER_SIZE = 1024;
var
  lpMsgBuf: Pchar;
  LangID: DWORD;
begin
  lpMsgBuf:=AllocMem(BUFFER_SIZE);
  LangID:=$409;//GetUserDefaultLangID;
  FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM or FORMAT_MESSAGE_IGNORE_INSERTS,
                nil,ErrorCode,LangID,lpMsgBuf,BUFFER_SIZE,nil);
  Result:=StrPas(lpMsgBuf);
  FreeMem(lpMsgBuf);
end;
0
 
LVL 18

Expert Comment

by:JConchie
ID: 8701474
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Accept CrazyOne's comment as answer."


Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

JConchie
EE Cleanup Volunteer
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
The advancement in technology has been a great source of betterment and empowerment for the human race, Nevertheless, this is not to say that technology doesn’t have any problems. We are bombarded with constant distractions, whether as an overload o…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question