Jump to content











Photo
- - - - -

Minlogon and Explorer.exe . . .

minlogon explorer.exe shell

  • Please log in to reply
52 replies to this topic

#1 Squid

Squid

    Frequent Member

  • Advanced user
  • 105 posts
  •  
    United States

Posted 26 August 2014 - 02:37 PM

Greetings.  Long time, no post ;o)

 

I have a quick question for the community today.  This issue surrounds the use of Minlogon in the context of XP SP2.

 

I have a scenario which requires the launch of a program before Explorer.exe in the bootup process.  However, with the reduced featureset which Minlogon provides, the time-honored Userinit modification is no longer functional.  While one may still white-space "piggyback" more than one process onto "Shell" at the relevant Winlogon key, Explorer.exe must be fired first in the series; or the shell is not launched at all.  A simple knot...

 

So, this brings up two brief questions:

  1. Is there another place in the hives which could be utilized to launch a process before Explorer.exe in the normal bootup chain?
  2. Barring that (preferable) possibility, is there a commandline switch which may be passed to Explorer.exe to allow a launch in shell-mode IF Winlogon\Shell is set for something other than "Explorer.exe"?

 

Thanks again, folks; and have a great day.



#2 betrand

betrand

    Frequent Member

  • Advanced user
  • 467 posts
  •  
    France

Posted 26 August 2014 - 02:45 PM

Why don't you start cmd.exe as shell (or a batch file as shell), then run your programme before Explorer.exe.

Then run Explorer.exe from batch.



#3 Squid

Squid

    Frequent Member

  • Advanced user
  • 105 posts
  •  
    United States

Posted 26 August 2014 - 03:02 PM

@betrand:

 

Thanks for stopping by!

 

Actually, I already tried that.  The way M$ has things wired, Explorer.exe will not launch as shell (see question 2)...



#4 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 26 August 2014 - 03:23 PM

I am not sure to understand. :unsure:

 

Can you try setting cmd.exe (say) as shell, do whatever you have to do in it  - let's say execute a batch file and then have the batch file set Explorer as shell and launch it?

 

As a side note, JFYI, besideds the Wayback Machine, JSI tips are available on WindowsPro:

http://windowsitpro....explorer-starts

 

:duff:

Wonko 



#5 Squid

Squid

    Frequent Member

  • Advanced user
  • 105 posts
  •  
    United States

Posted 26 August 2014 - 04:16 PM

@Wonko:

Thanks for the new link to JSI...

Here's the problem.

As is mentioned in Microsoft KB 142905 (which is linked in question 2 of the OP), if one changes the value of Winlogon\Shell from "Explorer.exe" to anything else, Explorer.exe will not launch as shell.  I have tried it to be sure; and it fails.  Please read the KB for full details.  Best as I can tell, I'd need a "secret" commandline switch to make something like this work ;o)

At the very least, if I can do this without needing to create a "surrogate shell" (see question 1 of the OP), it'd be a better solution for me in this case...

 

Thanks again --



#6 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 26 August 2014 - 04:27 PM

Sure :), but not necessarily the secret command line exists.

 

Can you simply explain to me why it is not possible (provided that it works :unsure:) this:

 

 

 

Can you try setting cmd.exe (say) as shell, do whatever you have to do in it  - let's say execute a batch file and then have the batch file set Explorer as shell and launch it?

 

I.e. what  - in your specific situation - prevents you from using this workaround?

 

Or can you start Explorer and then kill it/restart it? :dubbio:

http://www.nirsoft.n...t_explorer.html

(but usually killing the shell is enough as the shell is normally set to autorestart)

 

:duff:

Wonko



#7 Squid

Squid

    Frequent Member

  • Advanced user
  • 105 posts
  •  
    United States

Posted 26 August 2014 - 07:15 PM

@Wonko:

 

If what you're thinking about here is putting together a batch which will toggle Winlogon\Shell to/from "Explorer.exe", unfortunately that won't work; as the system's behavior blocker will prohibit writes to this key after boot.  Sorry if I misunderstood your original post here :(

 

Thanks also for the link to nirsoft.  I don't know if I really want to put another fully-developed application into the system as a launcher; but maybe there's a way of taking this to a batch-level solution instead???

 

So, practically speaking, that leaves us with needing either a commandline "trick" to get Explorer.exe to "do the right thing" or another possible entry in the hives which could be used to launch a process before Explorer starts in the bootup sequence.

 

Trying to KISS the problem, if possible ;o)

 

 

Thanks again!


Edited by Squid, 26 August 2014 - 07:16 PM.


#8 betrand

betrand

    Frequent Member

  • Advanced user
  • 467 posts
  •  
    France

Posted 26 August 2014 - 07:34 PM

@Squid,

Is your prob:

[Explorer.exe] can operate in two modes:

  • Browser mode (similar to File Manager)
  • Shell mode (to manage the desktop, taskbar, and Start button)

?

Also, the KB is for NT4, but that might not make much difference.

 

Edit:

Run your app as a service.

I cheated, for that one. I googled.



#9 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 26 August 2014 - 07:40 PM

What is the "system's behavior blocker"?

 

It is normally possible to switch a shell AFAICR. :dubbio:

 

Try (only for the experiment) if Carapace works in your environment (I seem to remember having used in the XPCLI project early development, which uses Minlogon)_

http://reboot.pro/to...6-sharpe-shell/

 

Or see if something like these:

http://www.mp3car.co...dows-shell.html

http://www.novell.co...rench/3458.html

fit your bill.

 

:duff:

Wonko



#10 betrand

betrand

    Frequent Member

  • Advanced user
  • 467 posts
  •  
    France

Posted 26 August 2014 - 07:50 PM

 

Edit:

Run your app as a service.

I cheated, for that one. I googled.

But http://www.msfn.org/...m-as-a-service/

(Maybe OT?)



#11 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 27 August 2014 - 08:46 AM

Not at all a bad idea :), but - in the specific context  - may not be suited. :unsure:

 

The issue -generally speaking - with services auto starting is that it is difficult to time them exactly, also, not knowing what the process should do there is a concrete risk of "overlapping" it's activities with the Explorer shell starting up, possibly only once every few boots (that is the kind of intermittent issues that are nightmares to troubleshoot).

 

In other words, process loading and shell loading may behave as "parallel" tasks whilst what I seem to understand Squid is looking for is a strictly "sequential" set of tasks, first the "other" thing loads and does whatever it is supposed to do and only after this has been completed, Explorer is started as shell.

 

:duff:

Wonko



#12 Squid

Squid

    Frequent Member

  • Advanced user
  • 105 posts
  •  
    United States

Posted 27 August 2014 - 06:35 PM

@all:

 

Thanks for all of the ideas.  Not looking for a complete shell refit; but it's growing on me nonetheless...

 

 

In other words, process loading and shell loading may behave as "parallel" tasks whilst what I seem to understand Squid is looking for is a strictly "sequential" set of tasks, first the "other" thing loads and does whatever it is supposed to do and only after this has been completed, Explorer is started as shell.

 

Exactly.

 

So, why, at the very least, the simple courtesy of a commandline switch for Explorer.exe was not provided by M$ is totally beyond me...

 

To that end, NSSM can (sortof) serve the purpose here; but it's a bit of a kludge to need a dedicated app just to launch a single exe as a service without having the system get mixed up in its own underwear :blink:

 

Was hoping for a "clean" solution to a prelaunch sequence; but, as we know, M$ is anything but "clean."

 

Ugh.

 

 

Thanks again, folks, for all of the help.  Maybe something better than this corporate crapola will finally come to the fore...



#13 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 27 August 2014 - 06:52 PM

If you use the service approach, there may be a way, still depending on how exactly minlogon behaves, check this page:
http://www.lsdev.org...plorer_takeover
if - to be verified - the minlogon is "sensible" to the USR: (vs. the :SYS) in system.ini, it would be maybe possible to have the service start, do whatever it is supposed to do and then, before stopping/exiting, launch the Explorer. <- what is unclear is - as mentioned before - there is the possibility of a "race condition"

I presume that could be configuration 2 or 3 or 4 :unsure:

Since the Explorer upon launch finds the "proper" key set to nothing or set to explorer.exe, it should launch in "shell" mode. :dubbio:

 

There is another approach (but that cannot really say if it could apply to a minlogon build), making use of one of the "accessibility" options AND hacking it for use in the WinSta0\\Winlogon.

very loosely ONLY hinted here:

http://reboot.pro/to...or-a-challenge/

 

Tests need to be made ....

 

:duff:

Wonko



#14 sixcentgeorge

sixcentgeorge

    Frequent Member

  • Advanced user
  • 191 posts
  •  
    France

Posted 28 August 2014 - 09:52 AM

when i was using winnt4 , i started to find some ramdisk for free and wanted to have explorer.exe on it ...

so i found what you are saying that launching explorer does open the windows and not the taskbar....

 

for that you have to set the key for shell with path:\explorer.exe before launch of explorer

 

i was using a batch file as shell when booting that pass to regedit a command with a reg file changing the shell key

then in the startup folder of the taskbar of explorer you add a second bat file that reset the shell key to the bat file you use to launch your software and set the shell key to explorer.exe


Edited by sixcentgeorge, 28 August 2014 - 09:54 AM.


#15 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 28 August 2014 - 10:11 AM

when i was using winnt4 , i started to find some ramdisk for free and wanted to have explorer.exe on it ...

so i found what you are saying that launching explorer does open the windows and not the taskbar....

 

for that you have to set the key for shell with path:\explorer.exe before launch of explorer

 

i was using a batch file as shell when booting that pass to regedit a command with a reg file changing the shell key

then in the startup folder of the taskbar of explorer you add a second bat file that reset the shell key to the bat file you use to launch your software and set the shell key to explorer.exe

:)

Which is what was suggested on post #4 and then re-proposed on post #6, but that for whatever reason the OP does not want to pursue, because of a non better identified "system's behavior blocker". :dubbio: .

 

:duff:

Wonko



#16 betrand

betrand

    Frequent Member

  • Advanced user
  • 467 posts
  •  
    France

Posted 28 August 2014 - 04:42 PM

a non better identified "system's behavior blocker". :dubbio: .

:duff:
Wonko


I think OP means, if you launch Cmd.exe as shell, then try to change to Explorer.exe in regedit, it doesn't work or rather doesn't seem to work.
Btw, an old Explorer from Reactos used to bring up the taskbar and menu, while Cmd.exe was shell.
Though that Explorer didn't work well on subfolders.

#17 sixcentgeorge

sixcentgeorge

    Frequent Member

  • Advanced user
  • 191 posts
  •  
    France

Posted 28 August 2014 - 04:53 PM

may be that needs to log the computer using the administrator account , i think i did it like that .

with recent win that should be possible with the killing of uac



#18 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 28 August 2014 - 06:43 PM

Well, the "field" is "restricted" to Minlogon and XP SP2 (according to the OP).

 

As said, I seem to remember that in XPCLI experiments (which uses XP SP0 and minlogon), I had no particular issues in changing the shell, but I may well be wrong.

 

In any case minlogon has a number of different behaviours from the common Winlogon (as essentially, besides not being authenticated you login as System) and  as posted earlier in post #13, different shell configurations need to be tested.

 

There is still another possibility (which without the OP providing meaningful details is hard to say if suitable :dubbio:) that may be used, a Native app launched through BootExecute, i.e. in the booting timeframe, before the GUI (or "system") actually loads.

 

:duff:

Wonko



#19 Squid

Squid

    Frequent Member

  • Advanced user
  • 105 posts
  •  
    United States

Posted 28 August 2014 - 11:37 PM

OK.  Thanks again for all of the input.  Been off somewhere and busy chasing out a few bugs from another system (they multiply when you're not looking).

 

First, the behavior blocker in question is a tried-and-true, caveman-simple release of System Safety Monitor; an ancient Russian treasure which I've kept onboard for years.  Best piece of deliberate nagware ever made.  It, and common sense takes the place of VS and a whole series of related crapola on the system in question (BTW- the box never touches anything resembling a network).

 

Relatedly, this is the program which needs to be deployed before Explorer kicks off!  Minlogon cannot be hooked with the original DLL which came with SSM, hence the ruffled feathers.

 

Next, part of the native protection scheme includes a targeted read-only reg protocol to ensure the shell of choice remains so throughout boot (a good idea); hence, no dice as far as the "toggle-the-shell" scheme goes.  Since I have this "block" feature available to me for this particular box, I want to keep it viable for a couple of reasons...

 

SO, at any rate, that's the TMI version for "inquiring minds."  In sum:

  • I have a box which relies directly on a behavior blocker for lightweight protection which is principally used to keep some treasured programs available and ready for skilled hands only.
  • I switched over to Minlogon for several purposes related to some unnamed (but known) complaints stemming from designed-in mischief related to the standard Winlogon applet.
  • For the heck of it, I always like to keep things simple and streamlined; and want to avoid calling upon a "helper app" for the work, if possible (Being a good sport, I even concocted an AHK "imposter" script which I thought was cute and clever: Based on the resulting BSOD, the old boat didn't).
  • Finally, another shell is worth entertaining, but I love my horrific desktop mess; and don't know of any FOSS which will allow such bad habits to continue unhindered ;)

 

BTW, it's been great connecting with this community across the years -- Keep up the good work!

 

 

Prosit.


Edited by Squid, 28 August 2014 - 11:39 PM.


#20 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 29 August 2014 - 08:31 AM

Well, you are not very "open" to possible solutions (no offence intended :)), you surely have any number of good reasons to build that thick brick wall all around you, but after you have built it you cannot expect to solve the "by design" lack of doors and windows by using a magic wand (that additionally needs to be not too magic and possible not even a wand, but only a simple spell) that will dematerialize yourself from within the circular wall re-materializing you on the outside of it.

I know that a simple Star Trek transporter would do nicely ;):

http://en.wikipedia....ter_(Star_Trek)

but the technology has not been fully developed.... :( and most probably IF it was already available, you would (correctly BTW) raise the exception that since you carry with you a symbiont, like Trills, you cannot use it:

http://en.wikipedia....ic_Restrictions

 

:dubbio:

 

 

 

Last :ph34r: attempt (still in the Winsta0\Winlogon direction, that as said may work on minlogon machines too, bit needs to be tested):

http://calebdelnay.c...-secure-desktop

 

And, in the good old hackerish style :w00t: what about disassembling Explorer.exe :ph34r: (or one of the zillion supporting dll's) find where the check for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell is and remove/bypass it?

 

:duff:

Wonko



#21 Squid

Squid

    Frequent Member

  • Advanced user
  • 105 posts
  •  
    United States

Posted 29 August 2014 - 05:59 PM

@Wonko:

 

No offense taken.  But --

The real, core issue here is the fact that this had to come up at all.  The main problem comes in to play when one needs to partially cripple a piece of software they paid good money for, just to avoid harassment from the company which developed it.  Now that's got teeth --

Secondly, it rubs salt in things when one is obliged to do a Silly Walk to perform a relatively commonsense operation on a pay-per-seat system which was supposedly designed and assembled by "top-grade professionals".  Indeed, there's more than one reason why I've switched away from running M$ on anything which touches the web; and wonder openly at the endless revenue stream which the Consumer Culture lavishes on a certain single interest in Redmond. 

 

Oh, ho ho!  You sly dog!  You got me monologuing!  I can't believe it...

 

;)

 

THAT SAID, it'd be a relief to simply pop in a new shell which might allow a clean, simple solution to the issue; all while adding features and stability to the mix.  That, along with a pigpen desktop arrangement would certainly cause a smile.

 

 

Thanks again, folks --



#22 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 29 August 2014 - 06:37 PM

The real, core issue here is the fact that this had to come up at all.  

Sure it is :), but life is tough :( .

The minlogon "path" (which I am sure you chose for a reason) has it's drawbacks, another among the reasons why I asked (vainly) since several years if anyone of the (often self-proclaimed) programmers were interested in making an alternative to it.

 

:duff:

Wonko



#23 Squid

Squid

    Frequent Member

  • Advanced user
  • 105 posts
  •  
    United States

Posted 30 August 2014 - 03:05 PM

@Wonko:

 

 

I asked (vainly) since several years if anyone of the (often self-proclaimed) programmers were interested in making an alternative to it.

 

See http://perldoc.perl....perl.html#NOTES for more information.

 

 

Have a great weekend --



#24 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12707 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 02 September 2014 - 08:51 AM

The primary question is solved in MultiPE.

Here the application easyDriveLetter is started before explorer.

 

It can start a lot of applications, controlled by easyDriveLetter.ini.

 

Maybe you can adapt it for your purposes.

 

Peter

[LaunchPC]
Count=19
Launch1=%SystemRoot%\System32\rundll32.exe|setupapi.dll,InstallHinfSection HDAudio_Device 132 X:\Drivers\HDAudBus\hdaudbus.inf|SILENT
Launch2=%SystemRoot%\System32\rundll32.exe|setupapi.dll,InstallHinfSection MS_MMMCI 132 X:\Drivers\audstub\wave.inf|SILENT
Launch3=%SystemRoot%\System32\rundll32.exe|setupapi.dll,InstallHinfSection MSPCLOCK 132 X:\Drivers\MSPCLOCK\ksfilter.inf|SILENT
Launch4=%SystemRoot%\System32\rundll32.exe|setupapi.dll,InstallHinfSection WDM_SYSAUDIO 132 X:\Drivers\sysaudio\wdmaudio.inf|SILENT
Launch5=%SystemRoot%\System32\rundll32.exe|setupapi.dll,InstallHinfSection USBAudio 132 X:\Drivers\usbaudio\wdma_usb.inf|SILENT
Launch6=%SystemRoot%\System32\rundll32.exe|setupapi.dll,InstallHinfSection StreamIP.Device 132 X:\Drivers\streamip\streamip.inf|SILENT
Launch7=%SystemRoot%\System32\rundll32.exe|setupapi.dll,InstallHinfSection HdAudModel 132 X:\Drivers\VIAHdAudAddService\oem81.inf|SILENT
Launch8=%SystemRoot%\System32\rundll32.exe|setupapi.dll,InstallHinfSection L1e.ndi 132 X:\Drivers\L1e\oem24.inf|SILENT
Launch9=%SystemRoot%\System32\HwPnp.exe|-all +@Network|SILENT
Launch10=%SystemRoot%\System32\HwPnp.exe|-all +@Media|SILENT
Launch11=%SystemRoot%\System32\HwPnp.exe|-all +@System|SILENT
Launch12=%SystemRoot%\System32\HwPnp.exe|-all +USB\ /a /p /d /s
Launch13=%SystemRoot%\System32\mountUSB.exe||SILENTNOWAIT
Launch14=%SystemRoot%\System32\RemapDrives.exe|/x X: /x R: $@$???$@$
Launch15=%SystemRoot%\System32\ReloadEnv.exe|
Launch16=%SystemRoot%\System32\IconRefresh.exe||SILENT
Launch17=R:\Programme\NVDA\NVDA.exe||SILENTNOWAIT
Launch18=%SystemRoot%\System32\PENetwork.exe||NOWAIT
Launch19=%SystemRoot%\System32\MountStorPE.exe|-h

[LaunchVM]
Count=5
Launch1=%SystemRoot%\System32\RemapDrives.exe|/x X: /x R: $@$???$@$
Launch2=%SystemRoot%\System32\ReloadEnv.exe|
Launch3=%SystemRoot%\System32\IconRefresh.exe||SILENT
Launch4=R:\Programme\NVDA\NVDA.exe||SILENTNOWAIT
Launch5=%SystemRoot%\System32\PENetwork.exe||NOWAIT

[PCScreen]
xRes=1280
yRes=1024

[VMScreen]
xRes=1024
yRes=768

[PCScreenAlt]
xRes=1024
yRes=768

[VMScreenAlt]
xRes=800
yRes=600

[Params]
Newletter=X:




#25 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 02 September 2014 - 12:04 PM

 

The primary question is solved in MultiPE.

Here the application easyDriveLetter is sarted before explorer.

 

 

HOW EXACTLY it is started? :unsure:

(You posted an example of what the tool can start by parsing it's easydriveletter.ini, but not how the actual tool is started)

 

:duff:

Wonko







Also tagged with one or more of these keywords: minlogon, explorer.exe, shell

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users