~skeeto/public-inbox

1

Re: Everything you never wanted to know about Win32 environment blocks

Kasper Brandt <poizan@poizan.dk>
Details
Message ID
<098b0421-af0e-46fb-8921-2a4e76f5a361@app.fastmail.com>
DKIM signature
pass
Download raw message
Hello Chris
With regards to environment variables beginning with '=', I would like to point your attention to this post on Raymond Chen's blog https://devblogs.microsoft.com/oldnewthing/20100506-00/?p=14133

Actually environment variables can and do start with '='. These also needs special handling as the entry

=C:=C:\Users\kb

should be interpreted as an environment variable with name "=C:" and value "C:\Users\kb" rather than an environment variable with an empty name and value of "C:=C:\Users\kb"

This is actually important to know when parsing an environment block because you may get problems with duplicate keys if you are parsing it into a dictionary the naive way. It's just too bad that this is contrary to what the official documentation from Microsoft claims.

Actually Raymond Chen's claim that they are only in cmd.exe and processes started from that does not seem to be true either, at least not anymore in Windows 11. When I look at the environment for explorer.exe and any processes started from that (i.e. everyting in my interactive session) they all have the entry

=::=::\

As an example is here a dump of the first 120 bytes of the environment block from a cmd.exe instance:
00000292`b157a090  3d 00 3a 00 3a 00 3d 00-3a 00 3a 00 5c 00 00 00  =.:.:.=.:.:.\...
00000292`b157a0a0  3d 00 43 00 3a 00 3d 00-43 00 3a 00 5c 00 55 00  =.C.:.=.C.:.\.U.
00000292`b157a0b0  73 00 65 00 72 00 73 00-5c 00 6b 00 62 00 00 00  s.e.r.s.\.k.b...
00000292`b157a0c0  41 00 4c 00 4c 00 55 00-53 00 45 00 52 00 53 00  A.L.L.U.S.E.R.S.
00000292`b157a0d0  50 00 52 00 4f 00 46 00-49 00 4c 00 45 00 3d 00  P.R.O.F.I.L.E.=.
00000292`b157a0e0  43 00 3a 00 5c 00 50 00-72 00 6f 00 67 00 72 00  C.:.\.P.r.o.g.r.
00000292`b157a0f0  61 00 6d 00 44 00 61 00-74 00 61 00 00 00 41 00  a.m.D.a.t.a...A.
00000292`b157a100  50 00 50 00 44 00 41 00-54 00 41 00 3d 00 43 00  P.P.D.A.T.A.=.C.
00000292`b157a110  3a 00 5c 00 55 00 73 00-65 00 72 00 73 00 5c 00  :.\.U.s.e.r.s.\.
00000292`b157a120  6b 00 62 00 5c 00 41 00-70 00 70 00 44 00 61 00  k.b.\.A.p.p.D.a.
00000292`b157a130  74 00 61 00 5c 00 52 00-6f 00 61 00 6d 00 69 00  t.a.\.R.o.a.m.i.
00000292`b157a140  6e 00 67 00 00 00 43 00-4c 00 49 00 45 00 4e 00  n.g...C.L.I.E.N.
00000292`b157a150  54 00 4e 00 41 00 4d 00-45 00 3d 00 50 00 4f 00  T.N.A.M.E.=.P.O.
00000292`b157a160  49 00 41 00 43 00 45 00-52 00 00 00 43 00 6f 00  I.A.C.E.R...C.o.
00000292`b157a170  6d 00 6d 00 6f 00 6e 00-50 00 72 00 6f 00 67 00  m.m.o.n.P.r.o.g.
00000292`b157a180  72 00 61 00 6d 00 46 00-69 00 6c 00 65 00 73 00  r.a.m.F.i.l.e.s.
00000292`b157a190  3d 00 43 00 3a 00 5c 00-50 00 72 00 6f 00 67 00  =.C.:.\.P.r.o.g.
00000292`b157a1a0  72 00 61 00 6d 00 20 00-46 00 69 00 6c 00 65 00  r.a.m. .F.i.l.e.

- Kasper F. Brandt

Re: Everything you never wanted to know about Win32 environment blocks

Details
Message ID
<20240930233147.jkimlpogaimcqwyn@nullprogram.com>
In-Reply-To
<098b0421-af0e-46fb-8921-2a4e76f5a361@app.fastmail.com> (view parent)
DKIM signature
missing
Download raw message
Thanks, Kasper! After retesting I can indeed I can create and access such 
variables. I'm unsure what I had been observing a year ago, but I suspect 
I didn't understand how this case was parsed and so misinterpreted the 
results. I've updated my article with this information.

Here's the quick test I just whipped up:
https://gist.github.com/skeeto/8493f6304eb3f6e2edd3351e0ad40332
Reply to thread Export thread (mbox)