how not to pass environment to child process by using ShellExecute or ShellExecuteEx

Hi, experts
I have a question here, I was asked to do but I could not make it:

We are launching default browser using ShellExecute, when using url, with "open" verb, it automatically launch default browser.

Here is the problem for us:
It brings the environment from launching process. Which will causing some problems for the browser.

I have provided following solutions, which are all rejected by the code reviewer:

1>Set back to system environment before we call shellexecute, and then call set environment to restore the environment variables.
2>Using CMD, by using the command "cmd /c <set environments>&&start "link" "",

1> rejected is because it can disturb calling process, 2>Rejected because it need another process.

We do not wanted to call createprocess, because that make things too complicated. So the question is

Anyone knows if there is a solutions to launch a process without inherit environments from parent process? Other than the way that I can think of.

Thank you for any help.

Evan LiSr SW EngineerAsked:
Who is Participating?
Darrell PorterConnect With a Mentor Enterprise Business Process ArchitectCommented:
Does this machine have other browsers installed?
Is the user you're logging in to ever had the default browser changed?
Is this a domain or local user account you are logged in as with these screenshots?

What is the goal of not using ShellExec?  Is there some perceived security risk on the part of your company/auditors?  If so, what is the stated risk?
Darrell PorterEnterprise Business Process ArchitectCommented:
If you want, in essence, a null environment (as opposed to setting the inheretence flag to null, which causes the launched process to inherit the parent's environment) simply create a "simple" environment and launch the process.

The mechanics of this are circuitously described in this link from Microsoft's MSDN site.

lpEnvironment [in, optional]
A pointer to the environment block for the new process. If this parameter is NULL, the new process uses the environment of the calling process.
An environment block consists of a null-terminated block of null-terminated strings. Each string is in the following form:
Because the equal sign is used as a separator, it must not be used in the name of an environment variable.
An environment block can contain either Unicode or ANSI characters. If the environment block pointed to by lpEnvironment contains Unicode characters, be sure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. If this parameter is NULL and the environment block of the parent process contains Unicode characters, you must also ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT.
The ANSI version of this function, CreateProcessA fails if the total size of the environment block for the process exceeds 32,767 characters.
Note that an ANSI environment block is terminated by two zero bytes: one for the last string, one more to terminate the block. A Unicode environment block is terminated by four zero bytes: two for the last string, two more to terminate the block.
Evan LiSr SW EngineerAuthor Commented:
Thank you for your answer, I knew createprocess can do that. But it does not launch default browser like shellexecute. Is there a verb, we can use for it to launch a default browser?

start /c "link" ""

can do that but we need CMD.exe

, the worry about cmd is that it could run a script automatically. I am not sure if it is a reasonable worry though.
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Darrell PorterEnterprise Business Process ArchitectCommented:
Rather than risk an exploitation, would it not be prudent to read the registry, determine what the specified default browser's full pathname is and execute the browser and pass it the URL?
Evan LiSr SW EngineerAuthor Commented:
Different browser way you have use different parameter to launch URL, we do not know the new browser what format to launch URL, so this way was not approved. We need a smarter way to do this. Thanks.
Darrell PorterEnterprise Business Process ArchitectCommented:
The appropriate method of determining how a HTTP or HTTPS document is handled is to open HKey Classes Root and look at the Open value of the Shell subkey in the http and https keys.  If this value is blank or null, then you open these document types with no parameters in the default browser.  If these values are not null or empty, then they contain parameters needed to open and render the page.
Evan LiSr SW EngineerAuthor Commented:
By changing the default browser this registry does not change, I have attached the reg file from my windows 10 machine. Does not look like the right that it reflect default browser registry
Darrell PorterEnterprise Business Process ArchitectCommented:
Look at the Default value in
  HKey Current User\Software\Clients\StartMenu\Internet.

This will tell you the name of the default browser for the current user.

Then, look at the Default value in
  HKey Current User\Software\Classes\http\shell\open\command
  HKey Current User\Software\Classes\https\shell\open\command

The User settings always override the system settings which is why Group Policy for browsers is set at the User level.
Evan LiSr SW EngineerAuthor Commented:
HKey Current User\Software\Classes\http\shell\open\command
   HKey Current User\Software\Classes\https\shell\open\command
When I change the default browser, the value here not in sync at all.
I found it one time but it was only progid. Not in this registry though
Darrell PorterEnterprise Business Process ArchitectCommented:
To determine current default browser, look in the following registry location:


Open in new window

That will tell you the designation of the correct default browser 100% of the time.

The defined Default value there is a pointer to the entry in HKEY_CLASSES_ROOT

And the command for performing the open action will be in


Open in new window

in the (Default) value, where xxxxxxxxxx is the browser designation found in the above key.
Darrell PorterEnterprise Business Process ArchitectCommented:
And here is a VBScript to determine what the default browser is based on the value in the above-specified key.

wscript.echo browser 
Function Browser 
    Const HKEY_CURRENT_USER = &H80000001 
    Const strKeyPath = "Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice" 
    Const strValueName = "Progid" 
    Dim strValue, objRegistry, i 
' Browser list: 
    Dim blist(13,1) 
    blist(0,0) = "Internet Explorer"    : blist(0,1) = "ie"
    blist(8,0) = "Internet Explorer"    : blist(8,1) = "IE.HTTP"
    blist(11,0) = "Internet Explorer"    : blist(11,1) = "IE.AssocFile.HTM"
    blist(12,0) = "Internet Explorer"    : blist(12,1) = "IE.FTP"
    blist(13,0) = "Internet Explorer"    : blist(13,1) = "IE.HTTPS"
    blist(1,0) = "Edge"                    : blist(1,1) = "appxq0fevzme2pys62n3e0fbqa7peapykr8v" 
    blist(2,0) = "Firefox"                : blist(2,1) = "firefox" 
    blist(9,0) = "Firefox"                : blist(9,1) = "FirefoxURL"
    blist(10,0) = "Firefox"                : blist(10,1) = "FirefoxHTML"
    blist(3,0) = "Chrome"                : blist(3,1) = "chrome" 
    blist(4,0) = "Chrome"                : blist(3,1) = "ChromeHTML" 
    blist(5,0) = "Safari"                : blist(5,1) = "safari" 
    blist(6,0) = "Avant"                : blist(6,1) = "browserexeurl" 
    blist(7,0) = "Opera"                : blist(7,1) = "opera" 
    Set objRegistry = GetObject("winmgmts:\\.\root\default:StdRegProv") 
    objRegistry.GetStringValue HKEY_CURRENT_USER,strKeyPath,strValueName,strValue 
    If IsNull(strValue) Then 
        browser = "Internet Explorer (Windows standard)": Exit Function 
        For i = 0 To Ubound (blist, 1) 
            If Instr (1, strValue, blist(i,1), vbTextCompare) Then
            	Browser = blist(i,0) & " - User choice"
            	strBrowserPath = strValue
            	strBrowserPath = strBrowserPath & "\shell\open\command"
            	objRegistry.GetStringValue HKEY_CLASSES_ROOT,strBrowserPath,"",strValue
            	Browser = Browser & vbCrLf & "Browser command is: " & strValue
            	Exit Function 
            End If
    End If 
    browser = "Unknown web browser! (signature: '" & strValue & "')" 
End Function

Open in new window

I have tested this on Windows 7 Enterprise, Windows 7 Professional, Windows 10 Enterprise, and Windows 10 Pro.
Evan LiSr SW EngineerAuthor Commented:
Thank you a lot. You are right about this in Windows 10. But it is not working for Windows 7 pro.


there are only 2 keys:

So there is no way I can for the path that you have given. I am not sure how you can do it for windows 7?


Darrell PorterEnterprise Business Process ArchitectCommented:
I am looking at 5 different Windows 7 Pro machines right now, and every one of them has the Associations key in Shell.

Tell me more about your Windows 7 Pro installation - is it a fresh install?  Is it using GPO's to set default registry?

Tell me what your goal is - because I can pretty much guarantee you that every FinTech software out there either uses a ShellExec method to launch the browser or specifies which browser and version of said browser they support.

ShellExec cannot launch an unauthorised application if you specify the full path.  In the case of a URL, the system decides which browser to use based on the registry entries outlined in the script I provided unless the user has never changed the default browser, in which case it will look to the HKCR/HTTP or HKCR/HTTPS keys.
Evan LiSr SW EngineerAuthor Commented:
I have attached the images of the windows 7 version and what windows registry look like. I do not know how do you have extra info.
Evan LiSr SW EngineerAuthor Commented:
After I setup Chrome. And I setup chrome to be my default browser, I see the registry. Thank you.
Evan LiSr SW EngineerAuthor Commented:
Close this question, as I know the solution now. Thanks.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.