Re: Win 2000 & IE 'shell://' problem?

[nobuhiro_securityfocus () TRIALSOFTWARE COM (Nobu Hakeda)]

Hi there,

I had read about this interesting(-to-me) issue in Show's 
Hot Corner 
<http://www.asahi-net.or.jp/~ki4s-nkmr/>, made some 
research on it, 
and found a basic usage of 'shell:' extension. 

First of all, this seems to me nothing to do with IE. 
Rather, I guess 
this is a built-in functionality added to Win2K in either 
shell 
(explorer.exe) or shell extension (shell32.dll), or both. 

Some supporting evidences are:

1. You can enter 'shell:' in Start->Run... or 'start 
shell:' in 
command prompt, and they both work just like as being 
entered in IE.

2. Killing explorer.exe shell process disables the 'shell:' 
functionality. 

3. After the extension disabled, you can enable it again by 
just 
relaunching explorer.exe as a shell.

4. Some usable combinations of 'shell:xxx' I've found are 
listed in 
shell32.dll of Win2K. 

If you want to double-check this, here's how you can kill 
your 
explorer.exe shell process:

1. Close all regular (folders/files-viewing) Explorers.
2. Launch Task Manager.
3. Make sure you can see only one explorer.exe in processes 
list. It 
is your 'shell' Explorer. Memorize its PID number.
4. Launch one regular Explorer. 
5. Now you can see two explorer.exe in processes list in 
Task Manager.
Kill one of explorer.exe with PID number you memorized.

...and to relaunch it again:

1. Close all regular Explorers.
2. Launch explorer.exe by File->New Task (Run...) with Task 
Manager. 
If you don't have one at this time, Press Alt-Ctrl-Del and 
click 
'Task Manager'.

Now, here is a list of 'shell:xxx' combinations I could 
run: (Oh BTW, 
I tested them on Win2K Professional 5.00.2195 with IE5 
5.00.2920, both 
US version.)

    shell:Common Administrative Tools
    shell:Administrative Tools
    shell:SystemX86
    shell:My Pictures
    shell:Profile
    shell:CommonProgramFiles
    shell:ProgramFiles
    shell:System
    shell:Windows
    shell:History
    shell:Cookies
    shell:Local AppData
    shell:AppData
    shell:Common Documents
    shell:Common Templates
    shell:Common AppData
    shell:Common Favorites
    shell:Common Desktop
    shell:Common Menu
    shell:Common Programs
    shell:Common Startup
    shell:Templates
    shell:PrintHood
    shell:NetHood
    shell:Favorites
    shell:Personal
    shell:SendTo
    shell:Recent
    shell:Menu
    shell:Programs
    shell:Startup
    shell:Desktop
    shell:Fonts
    shell:ConnectionsFolder
    shell:RecycleBinFolder
    shell:PrintersFolder
    shell:ControlPanelFolder
    shell:InternetFolder
    shell:DriveFolder
    shell:NetworkFolder
    shell:DesktopFolder

All of these launch a new explorer and open a corresponding 
folder. 
It is quite self-explanatory which folder will be opened 
with them.

I could run them both from Start->Run... and in IE. I could 
also run 
from Command Prompt, but only of those with no blanks. For 
example, 

    start shell:startup

worked fine in Command Prompt, but neither

    start shell:common startup

nor

    start "shell:common startup"

did.

I could read some more texts from shell32.dll that seemed 
to make 
sense but didn't work. Those are:

    shell:CommonProgramFilesX86
    shell:ProgramFilesX86
    shell:Common AltStartup
    shell:AltStartup

I guess they are reserved for non-x86 versions of Win2K. 
(Well, is 
Alpha version of Win2K coming?)

--
Nobu Hakeda <nobuhiro () trialsoftware com>
Trial Software Laboratories, Japan