UST and Long File Names

  • Article

I think this will be the last article to come from James’ post on debugging MAPI (previous posts here, here, and here). This last one bit me when I was trying to gather a UST trace from a customer.

Here’s the deal: The image file name associated with an executable can be different depending on how the process is launched. And Image File Execution Options (IFEO) works on the image file name, not the executable name. To illustrate this, we can rename mfcmapi.exe (my favorite executable, natch) to ThisIsAReallyLongName.exe and run some tests. First, let’s determine the short file name for this file:

 D:\MFCMAPI>dir /x ThisIsAReallyLongName.exe

03/16/2009  10:28 AM         1,982,976 THISIS~1.EXE ThisIsAReallyLongName.exe

Next, we launch Procmon and look for anyone opening an IFEO key for a process with “this” in the name. Let’s try launching the process from the command line, using both the long and the short name:

 D:\MFCMAPI>ThisIsAReallyLongName.exe

64-bit cmd.exe RegOpenKey

  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ThisIsAReallyLongName.exe

D:\MFCMAPI>THISIS~1.EXE

64-bit cmd.exe RegOpenKey

  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ThisIsAReallyLongName.exe

I trimmed and formatted the Procmon output a bit for clarity. The columns are bitness, process name, operation, and key read. So far, no difference in the keys. Let’s see what happens if we ask the debugger to launch the process:

 D:\MFCMAPI>windbg ThisIsAReallyLongName.exe

64-bit windbg.exe RegOpenKey

  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ThisIsAReallyLongName.exe

32-bit ThisIsAReallyLongName.exe RegOpenKey

  HKLM\SOFTWARE\Microsoft\WINDOWS NT\CURRENTVERSION\Image File Execution Options\ThisIsAReallyLongName.exe

D:\MFCMAPI>windbg THISIS~1.EXE

64-bit windbg.exe RegOpenKey

  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\THISIS~1.EXE

32-bit THISIS~1.EXE RegOpenKey

  HKLM\SOFTWARE\Microsoft\WINDOWS NT\CURRENTVERSION\Image File Execution Options\THISIS~1.EXE

The first thing we notice is now both the launching process and the launched process are reading IFEO keys. Next, we notice the 64/32 bit difference showing up in the paths. But the biggest difference is one is looking for a key named “ThisIsAReallyLongName.exe” while the other looks for “THISIS~1.EXE”.

So maybe this is a quirk of the debugger? Let’s try running the app from Start Run:

 Start\Run: d:\mfcmapi\ThisIsAReallyLongName.exe

64-bit Explorer.EXE RegOpenKey

  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ThisIsAReallyLongName.exe

Start\Run: d:\mfcmapi\thisis~1.exe

64-bit Explorer.EXE RegOpenKey

  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\thisis~1.exe

We’re back to one process reading the keys, but we still see that the key name depends on whether we used the long or short name for the file.

So – the upshot here, combined with the 32/64 bit issue from before, is when setting IFEO options to enable UST (or anything else IFEO is used for), you potentially need to set the options in 4 places, depending on the bitness of the process, whether or not a long file name is involved, and who launched the process.