为什么ShellExecute找不到文件？ [英] Why ShellExecute can not find a file?

问题描述

来自一个* nix世界我非常困惑于Windows的行为和它的安全系统。

我只是试图执行一个外部程序我的应用程序。我发现了WinAPI函数ShellExecute，除非在启动一些放置在％windir％\System32 子目录中的程序时，它会按预期工作。

• 执行ping.exe成功

    ShellExecute open，c：\\Windows\\System32\\ping.exe'，NULL，NULL，SW_SHOW））; 
   // ^^^ OK，retcode == 42 
    




• java.exe的执行失败

    ShellExecute（NULL，open，c：\\Windows\\System32\\java.exe，NULL，NULL，SW_SHOW） 
   // ^^^ ERROR_FILE_NOT_FOUND，retcode == 2 
    

b $ b

这很奇怪，因为 java.exe在System32中存在，具有用户组的读/执行权限，可以从cmd调用。

  C：\> dir /qc:\Windows \System32\java.exe 
驱动器C中的卷没有标签。 
卷序列号是56E3-0868 
 
目录c：\Windows \System32 
 
 11.01.2012 23:40 172 320 NT AUTHORITY\SYSTEM java.exe 
 1文件172 320字节
 0目录226 127 564 800字节空闲
 
 C：\> cacls c：\Windows \System32\java.exe 
c：\Windows \System32\java.exe NT AUTHORITY \SYSTEM：F 
 BUILTIN\管理员：F 
 BUILTIN\Users： R 
  

我在这里缺少什么？

如果我将c：\Windows \Sytem32\calc.exe复制到c ：\Windows \Sytem32\calc2.exe， ShellExecute可以运行原始calc.exe，但失败与calc2.exe虽然文件是相同的！唯一的区别是TrustedInstaller组的额外权限calc2 .exe和java.exe缺失。一个巧合？

解决方案

您是否正在运行64位操作系统？

如果是这样， C：\Windows \System32 将包含64位二进制文​​件，而 C：\Windows \SysWOW64 将包含32位二进制文​​件（是的，它真的是这样的方式）。出于向后兼容性原因，当运行32位进程时，Windows重定向访问 C：\Windows \System32 到 C：\Windows \ SysWOW64 。

因此，如果您使用32位进程来查看 C：\Windows \ System32 ，你实际上看到的是 C：\Windows \SysWOW64 。

您可以致电 Wow64DisableWow64FsRedirection 函数来禁用此行为。请注意文档中的警告，并仔细考虑是否适用于您的案例：

注意 code> Wow64DisableWow64FsRedirection 函数影响当前线程执行的所有文件操作，如果文件系统重定向禁用任何时间长度，这可能会有意想不到的后果。例如，DLL加载取决于文件系统重定向，因此禁用文件系统重定向将导致DLL加载失败。此外，许多功能实现使用延迟加载，并将失败，而禁用重定向。初始延迟加载操作的故障状态是持久的，因此即使在重新启用文件系统重定向后，延迟加载功能的任何后续使用也将失败。为了避免这些问题，在调用不得重定向的特定文件I / O函数（例如 CreateFile ）之前立即禁用文件系统重定向，并重新启用文件系统重定向之后立即使用 Wow64RevertWow64FsRedirection 。

as comming from a *nix world I'm very confused with Windows behaviour and probably its security system.

I'm simply trying to execute an external program within my app. I've found the WinAPI function ShellExecute which works as expected except when launching some programs placed in %windir%\System32 subdirectory.

• execution of ping.exe succeeds

  ShellExecute(NULL, "open", "c:\\Windows\\System32\\ping.exe', NULL, NULL, SW_SHOW) );
  // ^^^ OK, retcode == 42
  

• execution of java.exe fails

  ShellExecute(NULL, "open", "c:\\Windows\\System32\\java.exe', NULL, NULL, SW_SHOW) );
  // ^^^ ERROR_FILE_NOT_FOUND, retcode == 2
  

It's very strange because java.exe does exist in System32, has read/execute permissions for Users group and can be invoked from cmd.

C:\>dir /q c:\Windows\System32\java.exe
 Volume in drive C has no label.
 Volume Serial Number is 56E3-0868

 Directory of c:\Windows\System32

11.01.2012  23:40           172 320 NT AUTHORITY\SYSTEM    java.exe
               1 File(s)        172 320 bytes
               0 Dir(s)  226 127 564 800 bytes free

C:\>cacls c:\Windows\System32\java.exe
c:\Windows\System32\java.exe NT AUTHORITY\SYSTEM:F
                             BUILTIN\Administrators:F
                             BUILTIN\Users:R

What am I missing here ?

OS is Windows 7 Home edition.

Update: If I copy c:\Windows\Sytem32\calc.exe to c:\Windows\Sytem32\calc2.exe, ShellExecute can run original calc.exe but fails with calc2.exe although files are identical !! The only difference are additional permissions for TrustedInstaller group which calc2.exe and also java.exe are missing. A coincidence ?

解决方案

Are you running a 64 bit operating system?

If so, C:\Windows\System32 will contain 64 bit binaries while C:\Windows\SysWOW64 will contain 32 bit binaries (yes, it really is that way around). For backwards compatibility reasons, when running 32 bit processes, Windows redirects access to C:\Windows\System32 to C:\Windows\SysWOW64.

So if you're using a 32 bit process to look at C:\Windows\System32, you're actually seeing what's in C:\Windows\SysWOW64.

You can call the Wow64DisableWow64FsRedirection function to disable this behavior. Do note the warning in the documentation and consider carefully whether it applies to your case:

Note: The Wow64DisableWow64FsRedirection function affects all file operations performed by the current thread, which can have unintended consequences if file system redirection is disabled for any length of time. For example, DLL loading depends on file system redirection, so disabling file system redirection will cause DLL loading to fail. Also, many feature implementations use delayed loading and will fail while redirection is disabled. The failure state of the initial delay-load operation is persisted, so any subsequent use of the delay-load function will fail even after file system redirection is re-enabled. To avoid these problems, disable file system redirection immediately before calls to specific file I/O functions (such as CreateFile) that must not be redirected, and re-enable file system redirection immediately afterward using Wow64RevertWow64FsRedirection.

这篇关于为什么ShellExecute找不到文件？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！