How the App Paths Registry Key Makes Windows Both Faster and Safer
Why can you start Mozilla Firefox by typing “firefox” in the Run dialog and press enter? Firefox.exe is not located in any directory in the path. The same with Outlook (type “outlook”), PowerShell (“powershell”), VMware Workstation (“vmware”) or Adobe Reader (“acrord32”). This “magic application starting thingy” works because of a little-known Windows feature based on the “App Paths” registry key.
App Paths – Dissection
In your forays through the Windows registry you may have noticed a peculiar key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths, that has subkeys named like executables. Here is what it looks like on my machine:
Notice that the HKLM App Paths key and its counterpart in HKCU are basically mapping tables between executable names and their full paths. The direct subkeys of App Paths store the executable names, while each subkey’s default value stores the full path to that executable.
Notice also, that the key “firefox.exe” has a named value “Path” that stores the path to the program’s installation directory.
So what is this all about?
App Paths – Explanation
The App Paths key provides a mechanism that allows programmers to make their application startable by name only without having to modify the system-wide path.
Why would they do that? Vanity and overestimation of the importance of one’s own application. But, hey, it sometimes does come in handy to be able to start programs without having to type the full path, just hit Win+R instead and type the executable name.
Getting more technical, modifying the system path is not exactly best practice since it may slow down the system, break other applications and even create security holes. To provide an alternative, Microsoft added the App Paths functionality in XP. Whenever a new process is to be started with the API functions ShellExecute or ShellExecuteEx, and only a file name without a path is specified, Windows looks in the following places for the executable:
- The current working directory.
- The Windows directory.
- The Windows\System32 directory.
- The directories listed in the PATH environment variable.
- If there is a App Paths subkey with the name of the executable, the key’s default value is used as the program’s full path. If the subkey also has a value named Path, the string stored in Path is added to the PATH environment variable, but only for the process to be started.
As mentioned, the App Paths key has a second use, namely proving per-process PATH configurations, reducing the need of application developers to modify the global system PATH.
For further information and a list of other possible values please see the MSDN article Application Registration.
3 Comments
Awesome tip, especially for those of us who build & use console tools on Windows.
I was astonished (shocked?) to learn about this, because I’d never noticed it or seen it mentioned in more than 10 years of Windows console-app development work.
Death to PATH!
Couple of things to know about App Paths entries:
1/ Since CMD doesn’t normally use Shell API functions, App Paths keys aren’t consulted when an executable name is typed at a command line, UNLESS it’s entered as a parameter to the Start command. Start behaves like a command line version of Run and can therefore launch executables, files (of associated types) and URLs.
2/ The Path value under an App Paths subkey is PREpended to the process’ copy of the %PATH% variable, which is itself the user PATH variable (if any) prepending the system PATH variable.
3/ Executables that happen to have the same name will necessarily share the same App Paths key (if any), even if totally unrelated.
4/ Apps that rely on an App Paths “Path” entry may not work properly when published in Citrix XenApp (unless steps are taken to ensure that the extra PATH entries are made available to the app via other means).
And I defenatly wouldn’t call this thing “safer” , as it looks for me , it’s a direct help to virus writers, for example to redirect “word.exe” or even “iexplorer.exe” to the virus.