AboutPricingCommunityTeamsStart Free TrialLog in
Avatar of Evan Li
Evan Li
Flag for United States of America asked on

how not to pass environment to child process by using ShellExecute or ShellExecuteEx

Hi, experts
I have a question here, I was asked to do but I could not make it:

We are launching default browser using ShellExecute, when using url, with "open" verb, it automatically launch default browser.

Here is the problem for us:
It brings the environment from launching process. Which will causing some problems for the browser.

I have provided following solutions, which are all rejected by the code reviewer:

1>Set back to system environment before we call shellexecute, and then call set environment to restore the environment variables.
2>Using CMD, by using the command "cmd /c <set environments>&&start "link" "www.myurl.com",

1> rejected is because it can disturb calling process, 2>Rejected because it need another process.

We do not wanted to call createprocess, because that make things too complicated. So the question is

Anyone knows if there is a solutions to launch a process without inherit environments from parent process? Other than the way that I can think of.

Thank you for any help.

Evan
C++
Avatar of undefined
Last Comment
Evan Li
8/22/2022 - Mon
Darrell Porter
If you want, in essence, a null environment (as opposed to setting the inheretence flag to null, which causes the launched process to inherit the parent's environment) simply create a "simple" environment and launch the process.

The mechanics of this are circuitously described in this link from Microsoft's MSDN site.

Specifically:
lpEnvironment [in, optional]
A pointer to the environment block for the new process. If this parameter is NULL, the new process uses the environment of the calling process.
An environment block consists of a null-terminated block of null-terminated strings. Each string is in the following form:
name=value\0
Because the equal sign is used as a separator, it must not be used in the name of an environment variable.
An environment block can contain either Unicode or ANSI characters. If the environment block pointed to by lpEnvironment contains Unicode characters, be sure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. If this parameter is NULL and the environment block of the parent process contains Unicode characters, you must also ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT.
The ANSI version of this function, CreateProcessA fails if the total size of the environment block for the process exceeds 32,767 characters.
Note that an ANSI environment block is terminated by two zero bytes: one for the last string, one more to terminate the block. A Unicode environment block is terminated by four zero bytes: two for the last string, two more to terminate the block.
Evan Li
ASKER
WalkaboutTigger:
Thank you for your answer, I knew createprocess can do that. But it does not launch default browser like shellexecute. Is there a verb, we can use for it to launch a default browser?

commandline:
start /c "link" "myurl.com"

can do that but we need CMD.exe

, the worry about cmd is that it could run a script automatically. I am not sure if it is a reasonable worry though.
Darrell Porter
Rather than risk an exploitation, would it not be prudent to read the registry, determine what the specified default browser's full pathname is and execute the browser and pass it the URL?
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Evan Li
ASKER
Different browser way you have use different parameter to launch URL, we do not know the new browser what format to launch URL, so this way was not approved. We need a smarter way to do this. Thanks.
Darrell Porter
The appropriate method of determining how a HTTP or HTTPS document is handled is to open HKey Classes Root and look at the Open value of the Shell subkey in the http and https keys.  If this value is blank or null, then you open these document types with no parameters in the default browser.  If these values are not null or empty, then they contain parameters needed to open and render the page.
Evan Li
ASKER
By changing the default browser this registry does not change, I have attached the reg file from my windows 10 machine. Does not look like the right that it reflect default browser registry
shelregistry.reg
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Darrell Porter
Look at the Default value in
  HKey Current User\Software\Clients\StartMenu\Internet.

This will tell you the name of the default browser for the current user.

Then, look at the Default value in
  HKey Current User\Software\Classes\http\shell\open\command
or
  HKey Current User\Software\Classes\https\shell\open\command

The User settings always override the system settings which is why Group Policy for browsers is set at the User level.
Evan Li
ASKER
HKey Current User\Software\Classes\http\shell\open\command
 or
   HKey Current User\Software\Classes\https\shell\open\command
When I change the default browser, the value here not in sync at all.
I found it one time but it was only progid. Not in this registry though
Darrell Porter
To determine current default browser, look in the following registry location:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice

Open in new window


That will tell you the designation of the correct default browser 100% of the time.

The defined Default value there is a pointer to the entry in HKEY_CLASSES_ROOT

And the command for performing the open action will be in 

HKEY_CLASSES_ROOT\xxxxxxxxxx\shell\open\command

Open in new window

in the (Default) value, where xxxxxxxxxx is the browser designation found in the above key.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Darrell Porter
And here is a VBScript to determine what the default browser is based on the value in the above-specified key.

wscript.echo browser 
 
Function Browser 
    Const HKEY_CURRENT_USER = &H80000001 
    Const strKeyPath = "Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice" 
    Const strValueName = "Progid" 
    Dim strValue, objRegistry, i 
' Browser list: 
    Dim blist(13,1) 
    blist(0,0) = "Internet Explorer"    : blist(0,1) = "ie"
    blist(8,0) = "Internet Explorer"    : blist(8,1) = "IE.HTTP"
    blist(11,0) = "Internet Explorer"    : blist(11,1) = "IE.AssocFile.HTM"
    blist(12,0) = "Internet Explorer"    : blist(12,1) = "IE.FTP"
    blist(13,0) = "Internet Explorer"    : blist(13,1) = "IE.HTTPS"
    blist(1,0) = "Edge"                    : blist(1,1) = "appxq0fevzme2pys62n3e0fbqa7peapykr8v" 
    blist(2,0) = "Firefox"                : blist(2,1) = "firefox" 
    blist(9,0) = "Firefox"                : blist(9,1) = "FirefoxURL"
    blist(10,0) = "Firefox"                : blist(10,1) = "FirefoxHTML"
    blist(3,0) = "Chrome"                : blist(3,1) = "chrome" 
    blist(4,0) = "Chrome"                : blist(3,1) = "ChromeHTML" 
    blist(5,0) = "Safari"                : blist(5,1) = "safari" 
    blist(6,0) = "Avant"                : blist(6,1) = "browserexeurl" 
    blist(7,0) = "Opera"                : blist(7,1) = "opera" 
    Set objRegistry = GetObject("winmgmts:\\.\root\default:StdRegProv") 
    objRegistry.GetStringValue HKEY_CURRENT_USER,strKeyPath,strValueName,strValue 
    If IsNull(strValue) Then 
        browser = "Internet Explorer (Windows standard)": Exit Function 
    Else 
        For i = 0 To Ubound (blist, 1) 
            If Instr (1, strValue, blist(i,1), vbTextCompare) Then
            	Browser = blist(i,0) & " - User choice"
            	strBrowserPath = strValue
            	strBrowserPath = strBrowserPath & "\shell\open\command"
            	objRegistry.GetStringValue HKEY_CLASSES_ROOT,strBrowserPath,"",strValue
            	Browser = Browser & vbCrLf & "Browser command is: " & strValue
            	Exit Function 
            End If
        Next 
    End If 
    browser = "Unknown web browser! (signature: '" & strValue & "')" 
End Function

Open in new window


I have tested this on Windows 7 Enterprise, Windows 7 Professional, Windows 10 Enterprise, and Windows 10 Pro.
Evan Li
ASKER
Thank you a lot. You are right about this in Windows 10. But it is not working for Windows 7 pro.

under:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell
there are only 2 keys:
BagMRU
Bags

So there is no way I can for the path that you have given. I am not sure how you can do it for windows 7?

Thanks.

Evan
Darrell Porter
I am looking at 5 different Windows 7 Pro machines right now, and every one of them has the Associations key in Shell.

Tell me more about your Windows 7 Pro installation - is it a fresh install?  Is it using GPO's to set default registry?

Tell me what your goal is - because I can pretty much guarantee you that every FinTech software out there either uses a ShellExec method to launch the browser or specifies which browser and version of said browser they support.

ShellExec cannot launch an unauthorised application if you specify the full path.  In the case of a URL, the system decides which browser to use based on the registry entries outlined in the script I provided unless the user has never changed the default browser, in which case it will look to the HKCR/HTTP or HKCR/HTTPS keys.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Evan Li
ASKER
I have attached the images of the windows 7 version and what windows registry look like. I do not know how do you have extra info.
Windows7registry1.jpg
Windows7registry2.jpg
WindowsVersion.jpg
ASKER CERTIFIED SOLUTION
Darrell Porter
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Evan Li
ASKER
After I setup Chrome. And I setup chrome to be my default browser, I see the registry. Thank you.
Evan Li
ASKER
Close this question, as I know the solution now. Thanks.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
Plans and Pricing
Resources
Product
Podcasts
Careers
Contact Us
Teams
Certified Expert Program
Credly Partnership
Udemy Partnership
Privacy Policy
Terms of Use

© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent