Talk:Windows Shell Extension

From OniGalore
Revision as of 09:46, 8 May 2019 by Paradox-01 (talk | contribs) (General structure)
Jump to navigation Jump to search

Research

General structure


Hive

  • HKEY_CLASSES_ROOT is a merged view of the ...\Software\Classes sub hierarchies in
    • HKLM (HKEY_LOCAL_MACHINE)
    • HKCU (HKEY_CURRENT_USER)
  • HKCU is a mirrored view of HKEY_USERS\<User-SID>
  • Adding a Key to HKEY_CLASSES_ROOT\Software\Classes will add a key in HKEY_LOCAL_MACHINE\SOFTWARE\Classes and vice versa.


Key types

Reg_SZ

  • Standard string

Reg_EXPAND_SZ

  • Allows system variables like in "%SystemRoot"\Notepad.exe %1
  • When used it expands to become an actual path.

Other


Minimum requirements for new file types

  • HKEY_CLASSES_ROOT\.[yourExt]\shell\open\command
  • if this key will store a system variable, it's Default key will need to be of type REG_EXPAND_SZ
    • creating this manually gives a REG_SZ type, which will not work and cannot be changed within the regedit GUI
    • REG_EXPAND_SZ type can be created with reg files and programmatically


Mind already existing alternate hierarchies

  • HKEY_CLASSES_ROOT\.[yourExt]

If not empty, this key might have data such as extfile which will point to HKEY_CLASSES_ROOT\[extfile]

The second key then looks like this in full length:

  • HKEY_CLASSES_ROOT\extfile\shell\open\command

Such structures sometimes get automatically created:

  • HKEY_CLASSES_ROOT\ext_auto_file\shell\open\command


User overrides

The following will override HKEY_LOCAL_MACHINE keys as the HKEY_CURRENT_USER has a higher priority.

So, you can also think of HKEY_LOCAL_MACHINE keys as a fallback when HKEY_CURRENT_USER are removed again.

Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.yourExt
 OpenWithList
 OpenWithProgids
 UserChoice

If you set a default program for a file type, "UserChoice" will be created and point to that program and its (shell) context menu.

Better do backup and restore it when your own changes get uninstalled.


System overrides (backups) ?

Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts
 Applications\NOTEPAD.EXE_.yourExt (type REG_DWORD)
 other_extension_.yourExt (type REG_DWORD)


Sub Menus

For sub menus you need a SubCommands value. The commands may contain points in their name and are separated by semicolons.

shell
  |
  +-- MenuName
       |
       +-- Name: Icon, Type: REG_SZ, Data: "PATH_to_exe"
       +-- Name: MUIVerb, Type: REG_SZ, Data: displayed name
       +-- Name: SubCommands, Type: REG_SZ, Data: MenuName.commandName1;MenuName.commandName2;MenuName.commandNameN

Individual commands are then stored at

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell
MenuName.commandName1
  |
  +-- command
MenuName.commandName2
  |
  +-- command
MenuName.commandNameN
  |
  +-- command


Terms

  • The H in abbreviations stands for Hive.