OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Win 2000 & IE 'shell://' problem?
From: Nobu Hakeda (nobuhiro_securityfocusTRIALSOFTWARE.COM)
Date: Fri Jun 02 2000 - 16:40:04 CDT

Hi there,

I had read about this interesting(-to-me) issue in Show's
Hot Corner
<http://www.asahi-net.or.jp/~ki4s-nkmr/>, made some
research on it,
and found a basic usage of 'shell:' extension.

First of all, this seems to me nothing to do with IE.
Rather, I guess
this is a built-in functionality added to Win2K in either
shell
(explorer.exe) or shell extension (shell32.dll), or both.

Some supporting evidences are:

1. You can enter 'shell:' in Start->Run... or 'start
shell:' in
command prompt, and they both work just like as being
entered in IE.

2. Killing explorer.exe shell process disables the 'shell:'
functionality.

3. After the extension disabled, you can enable it again by
just
relaunching explorer.exe as a shell.

4. Some usable combinations of 'shell:xxx' I've found are
listed in
shell32.dll of Win2K.

If you want to double-check this, here's how you can kill
your
explorer.exe shell process:

1. Close all regular (folders/files-viewing) Explorers.
2. Launch Task Manager.
3. Make sure you can see only one explorer.exe in processes
list. It
is your 'shell' Explorer. Memorize its PID number.
4. Launch one regular Explorer.
5. Now you can see two explorer.exe in processes list in
Task Manager.
Kill one of explorer.exe with PID number you memorized.

...and to relaunch it again:

1. Close all regular Explorers.
2. Launch explorer.exe by File->New Task (Run...) with Task
Manager.
If you don't have one at this time, Press Alt-Ctrl-Del and
click
'Task Manager'.

Now, here is a list of 'shell:xxx' combinations I could
run: (Oh BTW,
I tested them on Win2K Professional 5.00.2195 with IE5
5.00.2920, both
US version.)

    shell:Common Administrative Tools
    shell:Administrative Tools
    shell:SystemX86
    shell:My Pictures
    shell:Profile
    shell:CommonProgramFiles
    shell:ProgramFiles
    shell:System
    shell:Windows
    shell:History
    shell:Cookies
    shell:Local AppData
    shell:AppData
    shell:Common Documents
    shell:Common Templates
    shell:Common AppData
    shell:Common Favorites
    shell:Common Desktop
    shell:Common Menu
    shell:Common Programs
    shell:Common Startup
    shell:Templates
    shell:PrintHood
    shell:NetHood
    shell:Favorites
    shell:Personal
    shell:SendTo
    shell:Recent
    shell:Menu
    shell:Programs
    shell:Startup
    shell:Desktop
    shell:Fonts
    shell:ConnectionsFolder
    shell:RecycleBinFolder
    shell:PrintersFolder
    shell:ControlPanelFolder
    shell:InternetFolder
    shell:DriveFolder
    shell:NetworkFolder
    shell:DesktopFolder

All of these launch a new explorer and open a corresponding
folder.
It is quite self-explanatory which folder will be opened
with them.

I could run them both from Start->Run... and in IE. I could
also run
from Command Prompt, but only of those with no blanks. For
example,

    start shell:startup

worked fine in Command Prompt, but neither

    start shell:common startup

nor

    start "shell:common startup"

did.

I could read some more texts from shell32.dll that seemed
to make
sense but didn't work. Those are:

    shell:CommonProgramFilesX86
    shell:ProgramFilesX86
    shell:Common AltStartup
    shell:AltStartup

I guess they are reserved for non-x86 versions of Win2K.
(Well, is
Alpha version of Win2K coming?) 

--
Nobu Hakeda <nobuhirotrialsoftware.com>
Trial Software Laboratories, Japan