Jump to content

REG_EXPAND_SZ Issue


DentArthurDent

Recommended Posts

I recently had a registry-related problem on my XP system that caused me a lot of grief in trying to figure out what was wrong. Once I had figured it out, I thought that the cause was something that a registry tool should be looking for and as I had recently tried out CCleaner, thought you might want to include at as one of the checks that should be built-in.

 

Probably the best way to describe it is to indicate what has to be done and then followup with some details about how I figured it out.

 

Suggestion

 

CCleaner should look for any registry entries that: 1) have key values which utilize environment variables and 2) are not set up as the REG_EXPAND_SZ datatype.

 

Clarification:

1) String values to execute programs and such in the registry can utilize environment variables which are substituted when used. For example:

 

2) The registry has different datatypes. Two possible types for string data, are REG_SZ (fixed length string) and REG_EXPAND_SZ (variable length, null-terminated string).

 

Reason:

The reason for this is that, if these values are REG_SZ datatype, their usage will not be correct. For example, if the shell open entry for a text file points to "%SystemRoot%\\System32\Notepad.exe %1" and the entry is REG_SZ, utilizing it by right-clicking some file and selecting Open will cause an "Access Denied" message.

 

I realize that this is not so much a "cleaning" issue as a "fixing" one, but maybe it should be an included feature as it "cleans" bad/unusable entries.

 

 

How It Came About

I tried to right-click a batch file (.bat extension) and select the Edit option and I got the aforementioned Windows message "Access Denied". After doing some analysis, I found out that this behaviour was occurring on all .bat and .reg files, but not .cmd. Further, none of the files that this was happening to were locked as the message would lead one to believe.

 

So, I dug into the registry to see what was going on. For this discussion, I will just talk about bat and cmd files. Both HKCL entries pointed to the default batfile and cmdfile entries. Both were identical in structure and content, except for one little thing. The (Default) value for the cmdfile's shell edit and the corresponding one for the batfile were the same values except that the cmdfile's had a datatype of REG_EXPAND_SZ, while the batfile had REG_SZ.

 

I have included the regedit export files' text below (just the different keys).

----batfile----

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\batfile]

@="MS-DOS Batch File"

"EditFlags"=hex:30,04,00,00

 

[HKEY_CLASSES_ROOT\batfile\shell\edit\command]

@="%SystemRoot%\\System32\\NOTEPAD.EXE %1"

 

[HKEY_CLASSES_ROOT\batfile\shell\print\command]

@="%SystemRoot%\\System32\\NOTEPAD.EXE /p %1"

---------------

 

----cmdfile----

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\cmdfile]

@="Windows NT Command Script"

"EditFlags"=hex:30,04,00,00

 

[HKEY_CLASSES_ROOT\cmdfile\shell\edit\command]

@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\

00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\

54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,25,00,31,00,00,\

00

 

[HKEY_CLASSES_ROOT\cmdfile\shell\print\command]

@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\

00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\

54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,2f,00,70,00,20,\

00,25,00,31,00,00,00

---------------

 

As you can see, the key values are different for the default entries, but the strings are the same. The "hex(2)" format is how REG_EXPAND_SZ must be exported/inserted using a registry merge file.

 

After modifying a merge file for the batfile hive entries to be identical to that of the cmdfile's, I ran the merge file and voila! I was now able to use the context menu's Edit option to open the file in question in Notepad.

 

 

Addenda Points

Following are some numbered points that are related to this issue.

 

1) How my system got this way is not particularily important. But suffice it to say that I had been using various file editors and had gone into their options and enabled, then disabled using them as the default programs for the file types in question. I would assume that some software title had managed to muck up the default entries somehow.

 

2) In my research on the web, I found a a couple of Microsoft Knowledge Base articles related to these differences: http://support.microsoft.com/kb/141377 and http://support.microsoft.com/kb/104011.

 

3) The XP regedit.exe program has no way to create a default value of REG_EXPAND_SZ datatype. You have to create a merge file and use "@=hex(2):00,00" to insert a empty string of that datatype. Note that you can created named values of the REG_EXPAND_SZ datatype, just not the default value.

 

 

Summary

I hope that CCleaner can be improved to address this as I believe it is likely happening to a lot of people who have installed software that does not realize this important registry rule. As it was difficult for me to uncover this registry rule (why doesn't regedit.exe warn users when trying to set a string value that incorporates environment variables?). The cryptic nature of the error message and the fact that it had nothing to do with file locking (the normal reason for an "Access Denied" message) make it something worth dealing with.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.