Solved

how not to pass environment to child process by using ShellExecute or ShellExecuteEx

Posted on 2016-08-19
16
70 Views
Last Modified: 2016-09-13
Hi, experts
I have a question here, I was asked to do but I could not make it:

We are launching default browser using ShellExecute, when using url, with "open" verb, it automatically launch default browser.

Here is the problem for us:
It brings the environment from launching process. Which will causing some problems for the browser.

I have provided following solutions, which are all rejected by the code reviewer:

1>Set back to system environment before we call shellexecute, and then call set environment to restore the environment variables.
2>Using CMD, by using the command "cmd /c <set environments>&&start "link" "www.myurl.com",

1> rejected is because it can disturb calling process, 2>Rejected because it need another process.

We do not wanted to call createprocess, because that make things too complicated. So the question is

Anyone knows if there is a solutions to launch a process without inherit environments from parent process? Other than the way that I can think of.

Thank you for any help.

Evan
0
Comment
Question by:Evan Li
  • 8
  • 8
16 Comments
 
LVL 15

Expert Comment

by:WalkaboutTigger
ID: 41763306
If you want, in essence, a null environment (as opposed to setting the inheretence flag to null, which causes the launched process to inherit the parent's environment) simply create a "simple" environment and launch the process.

The mechanics of this are circuitously described in this link from Microsoft's MSDN site.

Specifically:
lpEnvironment [in, optional]
A pointer to the environment block for the new process. If this parameter is NULL, the new process uses the environment of the calling process.
An environment block consists of a null-terminated block of null-terminated strings. Each string is in the following form:
name=value\0
Because the equal sign is used as a separator, it must not be used in the name of an environment variable.
An environment block can contain either Unicode or ANSI characters. If the environment block pointed to by lpEnvironment contains Unicode characters, be sure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. If this parameter is NULL and the environment block of the parent process contains Unicode characters, you must also ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT.
The ANSI version of this function, CreateProcessA fails if the total size of the environment block for the process exceeds 32,767 characters.
Note that an ANSI environment block is terminated by two zero bytes: one for the last string, one more to terminate the block. A Unicode environment block is terminated by four zero bytes: two for the last string, two more to terminate the block.
0
 

Author Comment

by:Evan Li
ID: 41763718
WalkaboutTigger:
Thank you for your answer, I knew createprocess can do that. But it does not launch default browser like shellexecute. Is there a verb, we can use for it to launch a default browser?

commandline:
start /c "link" "myurl.com"

can do that but we need CMD.exe

, the worry about cmd is that it could run a script automatically. I am not sure if it is a reasonable worry though.
0
 
LVL 15

Expert Comment

by:WalkaboutTigger
ID: 41763914
Rather than risk an exploitation, would it not be prudent to read the registry, determine what the specified default browser's full pathname is and execute the browser and pass it the URL?
0
 

Author Comment

by:Evan Li
ID: 41764433
Different browser way you have use different parameter to launch URL, we do not know the new browser what format to launch URL, so this way was not approved. We need a smarter way to do this. Thanks.
0
 
LVL 15

Expert Comment

by:WalkaboutTigger
ID: 41764653
The appropriate method of determining how a HTTP or HTTPS document is handled is to open HKey Classes Root and look at the Open value of the Shell subkey in the http and https keys.  If this value is blank or null, then you open these document types with no parameters in the default browser.  If these values are not null or empty, then they contain parameters needed to open and render the page.
0
 

Author Comment

by:Evan Li
ID: 41764755
By changing the default browser this registry does not change, I have attached the reg file from my windows 10 machine. Does not look like the right that it reflect default browser registry
shelregistry.reg
0
 
LVL 15

Expert Comment

by:WalkaboutTigger
ID: 41767265
Look at the Default value in
  HKey Current User\Software\Clients\StartMenu\Internet.

This will tell you the name of the default browser for the current user.

Then, look at the Default value in
  HKey Current User\Software\Classes\http\shell\open\command
or
  HKey Current User\Software\Classes\https\shell\open\command

The User settings always override the system settings which is why Group Policy for browsers is set at the User level.
0
 

Author Comment

by:Evan Li
ID: 41768197
HKey Current User\Software\Classes\http\shell\open\command
 or
   HKey Current User\Software\Classes\https\shell\open\command
When I change the default browser, the value here not in sync at all.
I found it one time but it was only progid. Not in this registry though
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 15

Expert Comment

by:WalkaboutTigger
ID: 41790523
To determine current default browser, look in the following registry location:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice

Open in new window


That will tell you the designation of the correct default browser 100% of the time.

The defined Default value there is a pointer to the entry in HKEY_CLASSES_ROOT

And the command for performing the open action will be in

HKEY_CLASSES_ROOT\xxxxxxxxxx\shell\open\command

Open in new window

in the (Default) value, where xxxxxxxxxx is the browser designation found in the above key.
0
 
LVL 15

Expert Comment

by:WalkaboutTigger
ID: 41790534
And here is a VBScript to determine what the default browser is based on the value in the above-specified key.

wscript.echo browser 
 
Function Browser 
    Const HKEY_CURRENT_USER = &H80000001 
    Const strKeyPath = "Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice" 
    Const strValueName = "Progid" 
    Dim strValue, objRegistry, i 
' Browser list: 
    Dim blist(13,1) 
    blist(0,0) = "Internet Explorer"    : blist(0,1) = "ie"
    blist(8,0) = "Internet Explorer"    : blist(8,1) = "IE.HTTP"
    blist(11,0) = "Internet Explorer"    : blist(11,1) = "IE.AssocFile.HTM"
    blist(12,0) = "Internet Explorer"    : blist(12,1) = "IE.FTP"
    blist(13,0) = "Internet Explorer"    : blist(13,1) = "IE.HTTPS"
    blist(1,0) = "Edge"                    : blist(1,1) = "appxq0fevzme2pys62n3e0fbqa7peapykr8v" 
    blist(2,0) = "Firefox"                : blist(2,1) = "firefox" 
    blist(9,0) = "Firefox"                : blist(9,1) = "FirefoxURL"
    blist(10,0) = "Firefox"                : blist(10,1) = "FirefoxHTML"
    blist(3,0) = "Chrome"                : blist(3,1) = "chrome" 
    blist(4,0) = "Chrome"                : blist(3,1) = "ChromeHTML" 
    blist(5,0) = "Safari"                : blist(5,1) = "safari" 
    blist(6,0) = "Avant"                : blist(6,1) = "browserexeurl" 
    blist(7,0) = "Opera"                : blist(7,1) = "opera" 
    Set objRegistry = GetObject("winmgmts:\\.\root\default:StdRegProv") 
    objRegistry.GetStringValue HKEY_CURRENT_USER,strKeyPath,strValueName,strValue 
    If IsNull(strValue) Then 
        browser = "Internet Explorer (Windows standard)": Exit Function 
    Else 
        For i = 0 To Ubound (blist, 1) 
            If Instr (1, strValue, blist(i,1), vbTextCompare) Then
            	Browser = blist(i,0) & " - User choice"
            	strBrowserPath = strValue
            	strBrowserPath = strBrowserPath & "\shell\open\command"
            	objRegistry.GetStringValue HKEY_CLASSES_ROOT,strBrowserPath,"",strValue
            	Browser = Browser & vbCrLf & "Browser command is: " & strValue
            	Exit Function 
            End If
        Next 
    End If 
    browser = "Unknown web browser! (signature: '" & strValue & "')" 
End Function

Open in new window


I have tested this on Windows 7 Enterprise, Windows 7 Professional, Windows 10 Enterprise, and Windows 10 Pro.
0
 

Author Comment

by:Evan Li
ID: 41790736
Thank you a lot. You are right about this in Windows 10. But it is not working for Windows 7 pro.

under:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell
there are only 2 keys:
BagMRU
Bags

So there is no way I can for the path that you have given. I am not sure how you can do it for windows 7?

Thanks.

Evan
0
 
LVL 15

Expert Comment

by:WalkaboutTigger
ID: 41793097
I am looking at 5 different Windows 7 Pro machines right now, and every one of them has the Associations key in Shell.

Tell me more about your Windows 7 Pro installation - is it a fresh install?  Is it using GPO's to set default registry?

Tell me what your goal is - because I can pretty much guarantee you that every FinTech software out there either uses a ShellExec method to launch the browser or specifies which browser and version of said browser they support.

ShellExec cannot launch an unauthorised application if you specify the full path.  In the case of a URL, the system decides which browser to use based on the registry entries outlined in the script I provided unless the user has never changed the default browser, in which case it will look to the HKCR/HTTP or HKCR/HTTPS keys.
0
 

Author Comment

by:Evan Li
ID: 41793734
I have attached the images of the windows 7 version and what windows registry look like. I do not know how do you have extra info.
Windows7registry1.jpg
Windows7registry2.jpg
WindowsVersion.jpg
0
 
LVL 15

Accepted Solution

by:
WalkaboutTigger earned 500 total points
ID: 41794765
Does this machine have other browsers installed?
Is the user you're logging in to ever had the default browser changed?
Is this a domain or local user account you are logged in as with these screenshots?

What is the goal of not using ShellExec?  Is there some perceived security risk on the part of your company/auditors?  If so, what is the stated risk?
0
 

Author Comment

by:Evan Li
ID: 41794851
After I setup Chrome. And I setup chrome to be my default browser, I see the registry. Thank you.
0
 

Author Closing Comment

by:Evan Li
ID: 41796707
Close this question, as I know the solution now. Thanks.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Article by: SunnyDark
This article's goal is to present you with an easy to use XML wrapper for C++ and also present some interesting techniques that you might use with MS C++. The reason I built this class is to ease the pain of using XML files with C++, since there is…
IntroductionThis article is the second in a three part article series on the Visual Studio 2008 Debugger.  It provides tips in setting and using breakpoints. If not familiar with this debugger, you can find a basic introduction in the EE article loc…
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now