Solved

Replacing Explorer.exe

Posted on 2002-04-02
11
355 Views
Last Modified: 2008-03-06
  I would like to be able to replace Windows 2000 Explorer with another program. This is difficult, because Explorer is locked while it is running. Does anyone know a way to do this from within Windows 2000. I have found that it can be done from the DOS prompt (after booting to DOS), but that is not the best solution. Any suggestions on how to unlock a running program so it can be changed from within Win2000?
0
Comment
Question by:Leithauser
  • 7
  • 3
11 Comments
 
LVL 44

Expert Comment

by:CrazyOne
Comment Utility
The short answer is no since Explorer is the shell.


The Crazy One
0
 
LVL 44

Expert Comment

by:CrazyOne
Comment Utility
If you want to change the shell you it still requies a reboot. What is it specifically you are wanting repalce Explorer with? Be very careful about messing around with system files.

To change the shell to something differernt you use this key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Shell TheShell

you must make sure the replacement is a true shell and not just a generic program.
0
 
LVL 44

Expert Comment

by:CrazyOne
Comment Utility
If you want to change the shell from the user side you can do it this way.

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

shell  ThePathAndTheShellFileName

You also need to make changes to this key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot

Shell  

Change the SYS portion to USR
0
 
LVL 44

Expert Comment

by:CrazyOne
Comment Utility
Before doing any of this you better save the current registry settings in case you run into problems. Of course change the shell in the Registry requires a reboot.
0
 
LVL 5

Author Comment

by:Leithauser
Comment Utility
    Perhaps a more detailed explanation would help. I currently have a program that replaces the Explorer shell in Windows 95/98/Me. It does this be changing the “Shell=Explorer.exe” line in system.ini with “Shell=MyProgram.exe” during installation and then rebooting. From then on, when Windows runs, there are no icons on the screen and no menu bar at the bottom. The user can only run my program. This is a security program.
   I would like to accomplish the same thing with Windows NT/2000/XP. However, the “Shell=” approach does not work there. I have found that I can accomplish the replacement by booting to DOS with a Windows 98 boot floppy and using “Copy MyProgram Explorer.exe” (after backing up Explorer.exe, of course) and then rebooting, but this is a rather unsatisfactory solution from a setup standpoint.
   What I need is either a way to do this replacement. Some possibilities are:
1) Do the copy MyProgram Explorer from within Windows (which is hard because Explorer is running and therefore locked)
2) A way to change the shell similar to the “Shell=” technique I use with Win 95/98/ME (this might involve changing the register)
3) A way to cause the computer to do the replacement while rebooting such as having my setup program create a temporary AUTOEXEC.BAT FILE that would do the copy before Windows starts, reboot, and then restore the original AUTOEXEC.BAT file
   Any comments would be appreciated. I could also use some clarification of the comment “you must make sure the replacement is a true shell and not just a generic program”. When I did the replacement from DOS my program seemed to work as the shell, although it needs some changes to work properly from Windows 2000/NT/XP.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 44

Expert Comment

by:CrazyOne
Comment Utility
Well forget about AUTOEXEC.BAT Win2000 doesn't use it.

Why not rename your program to something other than Explorer.exe. Then use the registry settings I mentioned in my prior comments to shell your program?
0
 
LVL 5

Author Comment

by:Leithauser
Comment Utility
<<Well forget about AUTOEXEC.BAT Win2000 doesn't use it.>>

   I figured as much.

<<Why not rename your program to something other than Explorer.exe. Then use the registry settings I mentioned
in my prior comments to shell your program? >>

   Sounds like the way to do it. I have little experience in manipulating the registry. Is there an easy API call for doing this change? Obviously, I want to be careful. I program in VB, so please do not give me a C code example. Psuedocode woudl be fine. Also, what files do I need to back up to restore the registry manually if something goes wrong?
0
 
LVL 44

Expert Comment

by:CrazyOne
Comment Utility
Umm Yeah I can give you some sample code although it will be in the Delphi language. Changing registry settings should be pretty straight forward in VB. I am resonably sure you can do it in VB without API's.

Backing up the registry programically in Win2000 is a bit tricky because of permissions but I do have code I use to backup the registry and it works if the permissions are set to allowing access to the hives involved. I have to do something for the next few hours so if you are able to be patient I will get back to you sometime withing the next 8hrs or so. :>)
0
 
LVL 5

Author Comment

by:Leithauser
Comment Utility
<<Umm Yeah I can give you some sample code although it will be in the Delphi language. Changing registry
settings should be pretty straight forward in VB. I am resonably sure you can do it in VB without API's.>>

  I do not think that VB has any functions for accessing the registry directly. As for the code, pseudocode would be fine.

Backing up the registry programically in Win2000 is a bit tricky because of permissions but I do have
code I use to backup the registry and it works if the permissions are set to allowing access to the
hives involved. I have to do something for the next few hours so if you are able to be patient I will
get back to you sometime withing the next 8hrs or so. :>)>>

   No rush. Take your time. I plan on taking tomorrow off anyway. Thanks for your help.
0
 
LVL 44

Accepted Solution

by:
CrazyOne earned 200 total points
Comment Utility
First off the registry is housed in the C:\WINNT\system32\config folder or C:\Windows\system32\config

The names of the registry files are

DEFAULT
SAM
SECURITY
SOFTWARE
SYSTEM

with no extensions. Unfortunately while Windows is running you can't directly copy these files you have to open each registry hive and then save that hive which will do the same thing as copying the file except it is much more involved.

Now here is the one of the twists. If the file system is NTFS then you can't simply use a DOS boot disk like the Win98 boot disk to copy your backup files to replace the ones in the system32\config folder. The user will need to boot a repair console usually by booting to the Win2000 CD or in some cases the user has installed the console on the hard disk. The problem here is that using the repair console limits access basically to only the WINNT or Windows folder. So I would suggest when you do your backup to create a sub folder within the WinDir. The NT Backup uses the C:\WINNT\repair\RegBack folder to backup the registry to. I would suggest not backing up the registry to this folder just because you don't know if the user does a regular backup or not and it may anger them if they find out you stepped on their backup. :>)  

Ok I have a list box with the following items which represents the registry hives that are going to be ripped and these are the actual name of the hives. Notice the only difference between the registry file name and the hive name is the DEFAULT.

.DEFAULT
SAM
SECURITY
SOFTWARE
SYSTEM

Now what I do is cycle through the list to rip the hives and save them using the same name as the actual registry file name.

Some Info

The list box name is lbRegFiles

Where the hives are located in the registry
{DEFAULT = HKEY_USERS\.DEFAULT
SAM = HKEY_LOCAL_MACHINE\SAM
SECURITY = HKEY_LOCAL_MACHINE\SECURITY
SOFTWARE = HKEY_LOCAL_MACHINE\SOFTWARE
SYSTEM = HKEY_LOCAL_MACHINE\SYSTEM
}

API's
 OpenProcessToken
 GetCurrentProcess
 LookupPrivilegeValue
 RegOpenKeyEx
 RegSaveKey
 RegCloseKey
 CloseHandle
 FormatMessage

TTokenPrivileges = TOKEN_PRIVILEGES structure

Now I know the following code probably won't make a lot of sense since the language is Delphi. So take it one-step at a time a break it down into VB syntax.

procedure TfrmRegBckupMain.btnBckupClick(Sender: TObject);
var
  i: Integer;
  iReturn: Longint;
  hk, hkTheRoot: HKEY;
  h: Thandle;
  liLuid: TLargeInteger;
  tpNew: TTokenPrivileges;
  tpPrev: PTokenPrivileges;
  wReturn: DWord;
  s, sErrMsg: string;


begin

  wReturn := sizeof(PTOKENPRIVILEGES);
  sErrMsg := '';
  try
    if not OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, h) then begin
      sErrMsg := sErrMsg + 'Could not Open Process'#10#13#10#13 + GetErrorMessage(GetLastError);
      Abort;
    end;
    if not LookupPrivilegeValue(nil, 'SeBackupPrivilege', liLuid) then begin
      sErrMsg := sErrMsg + 'Could not get Lookup Privileges'#10#13#10#13 + GetErrorMessage(GetLastError);
      Abort;
    end;
    tpNew.PrivilegeCount := 1;
    tpNew.Privileges[0].luid := liLuid;;
    tpNew.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
    AdjustTokenPrivileges(h, False, tpNew, sizeof(TTOKENPRIVILEGES), tpPrev, wReturn);
    for i := 0 to lbRegFiles.Items.Count - 1 do begin
      lbRegFiles.ItemIndex := i;
      s := Trim(lbRegFiles.Items[i]);
      if s <> 'Finished' then begin
        hkTheRoot := HKEY_LOCAL_MACHINE;
        if s = '.DEFAULT' then hkTheRoot := HKEY_USERS;
        iReturn := RegOpenKeyEx(hkTheRoot, PChar(s), 0, KEY_EXECUTE + KEY_READ, hk);
        if s = '.DEFAULT' then s := 'DEFAULT';
        if iReturn <> ERROR_SUCCESS then
          sErrMsg := sErrMsg + #10#13 + 'Could not Open Key ' + s + #10#13#10#13 + GetErrorMessage(iReturn)
        else begin
          iReturn := RegSaveKey(hk, PChar(s), nil);
          if iReturn <> ERROR_SUCCESS then
            sErrMsg := sErrMsg+ #10#13 + 'Could not Save Key ' + s + #10#13#10#13 + GetErrorMessage(iReturn);
        end;
        RegCloseKey(hk);
      end;
    end;
    AdjustTokenPrivileges(h, True, tpNew, sizeof(TTOKENPRIVILEGES), tpPrev, wReturn);
    CloseHandle(h);
 finally
  if Trim(sErrMsg) <> '' then
    ShowMessage(sErrMsg)
  else
    Application.Terminate;
 end;

end;

function GetErrorMessage(ErrorCode: integer): string;
const
  BUFFER_SIZE = 1024;
var
  lpMsgBuf: Pchar;
  LangID: DWORD;
begin
  lpMsgBuf:=AllocMem(BUFFER_SIZE);
  LangID:=$409;//GetUserDefaultLangID;
  FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM or FORMAT_MESSAGE_IGNORE_INSERTS,
                nil,ErrorCode,LangID,lpMsgBuf,BUFFER_SIZE,nil);
  Result:=StrPas(lpMsgBuf);
  FreeMem(lpMsgBuf);
end;
0
 
LVL 18

Expert Comment

by:JConchie
Comment Utility
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Accept CrazyOne's comment as answer."


Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

JConchie
EE Cleanup Volunteer
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now