mirror of
https://github.com/reactos/reactos.git
synced 2024-06-09 22:15:23 +00:00
4929d8ddb8
Suppose you copy a CPL file (e.g. console.dll renamed into console.cpl)
into a path containing spaces, for example into the Desktop:
C:\Documents and Settings\Administrator\Desktop\console.cpl
If the shell registry value for the "open" action of 'cplfile' does not
contain quotes around %1, then the Control_RunDLL function will attempt
to load "C:\Documents" as a file, which of course does not exist.
(NOTE: Missing in ReactOS: Doing a PathFindOnPath() or a PathFileExists()
call to verify that the file actually exists, instead of blindly trying
to run it and failing later in kernel32!LoadExecuteExW ...)
Adding quotes around the %1 fixes this and the correct file is being
loaded.
This behaviour has been confirmed to exist e.g. on Windows Server 2003
too (and is thus *NOT* a bug in ReactOS/Wine's Control_RunDLL
implementation).
----------------------
How to confirm this behaviour, in Win2k3 x86:
1. Start Win2k3 in debug mode under WinDbg. Ensure you have the debug
symbols available.
2. Once loaded, break into the debugger, attach context to explorer.exe,
and enter the magical :) single WinDbg command (all in one line, with
**NO inserted newlines!!**):
bp shell32!CPL_RunMeBaby ".echo \"CPL CmdLine:\"; ?? (wchar_t*)*(void**)(@esp+12);
bp SHLWAPI!PathIsFileSpecW \".echo \\\"CPL Path:\\\"; ?? (wchar_t*)*(void**)(@esp+4);
bc \\\"SHLWAPI!PathIsFileSpecW\\\"; g;\"; g"
(Explanation:
a breakpoint is placed in the internal shell32!CPL_RunMeBaby function.
When the bp is hit, it runs the large WinDbg command inside the quotes.
This command echoes an informative line, then dumps the 3rd parameter
of the function on the stack that contains the CPL command-line.
It then adds a new breakpoint in SHLWAPI!PathIsFileSpecW, which is the
function that is being called *just after* the internal parsing of the
CPL command-line, and will verify whether the extracted CPL path does
exist. That new breakpoint in turn will run a WinDbg command that will:
(i) Display the CPL file path (1st-param of that new function), then
(ii) Clear that breakpoint. Finally, automatic continuation ensues.)
3. On vanilla Win2k3, whose 'cplfile' "open" action does contain the
quotes around %1:
rundll32.exe shell32.dll,Control_RunDLL "%1",%*
you will observe the following:
CPL CmdLine:
wchar_t * 0x00094e30
""C:\Documents and Settings\Administrator\Desktop\console.cpl","
CPL Path:
wchar_t * 0x0007f898
"C:\Documents and Settings\Administrator\Desktop\console.cpl"
Notice the extra pair of quotes around the CPL filename in the CmdLine.
4. When modifying the 'cplfile' "open" action by *removing* the quotes
around %1, you will instead see the following, thereby confirming
the behaviour, which is now identical to what used to happen in ROS:
CPL CmdLine:
wchar_t * 0x00094e30
"C:\Documents and Settings\Administrator\Desktop\console.cpl,"
CPL Path:
wchar_t * 0x0007f898
"C:\Documents"
Due to the (now) absence of quotes around %1, the command-line gets
wrongly parsed and the extracted file path is incorrect.
|
||
|---|---|---|
| .. | ||
| armllb | ||
| bcd | ||
| bgfx | ||
| bootdata | ||
| environ | ||
| freeldr | ||
| CMakeLists.txt | ||