A
asinning
We (the software company I work for) have been using a desktop.ini file
to (1) create a unique icon for the "library folders" used with our
application and (2) to associate these folders with our application so
that double-clicking on the folder launches our application and lets
our application open the library.
The desktop.in just looks like this:
[.ShellClassInfo]
ConfirmFileOp=0
CLSID={our-class-id}
And then in the registry:
To assign an icon to the folder:
Key Name:
HKEY_CLASSES_ROOT\CLSID\{our-class-id}\DefaultIcon
Class Name: <NO CLASS>
Value 0
Name: <NO NAME>
Type: REG_SZ
Data: path to our icon
To associate the folder with our application:
Key Name:
HKEY_CLASSES_ROOT\CLSID\{our-class-id}\Shell\Open\command
Class Name: <NO CLASS>
Value 0
Name: <NO NAME>
Type: REG_SZ
Data: "path to our application" "%1"
Unfortunately, the most recent XP security patch has broken this.
According to <http://secunia.com/advisories/11633/>:
"The problem is that "desktop.ini" files may contain CLSID references
to arbitrary executables in the "[.ShellClassInfo]" section. This can
be exploited to execute arbitrary files with another user's privileges
when the user browses a folder containing a malicious "desktop.ini"
file."
Does anybody know if there might be another way to accomplish this? I
spent a lot of time making this work, and now it's broke!
Thanks
to (1) create a unique icon for the "library folders" used with our
application and (2) to associate these folders with our application so
that double-clicking on the folder launches our application and lets
our application open the library.
The desktop.in just looks like this:
[.ShellClassInfo]
ConfirmFileOp=0
CLSID={our-class-id}
And then in the registry:
To assign an icon to the folder:
Key Name:
HKEY_CLASSES_ROOT\CLSID\{our-class-id}\DefaultIcon
Class Name: <NO CLASS>
Value 0
Name: <NO NAME>
Type: REG_SZ
Data: path to our icon
To associate the folder with our application:
Key Name:
HKEY_CLASSES_ROOT\CLSID\{our-class-id}\Shell\Open\command
Class Name: <NO CLASS>
Value 0
Name: <NO NAME>
Type: REG_SZ
Data: "path to our application" "%1"
Unfortunately, the most recent XP security patch has broken this.
According to <http://secunia.com/advisories/11633/>:
"The problem is that "desktop.ini" files may contain CLSID references
to arbitrary executables in the "[.ShellClassInfo]" section. This can
be exploited to execute arbitrary files with another user's privileges
when the user browses a folder containing a malicious "desktop.ini"
file."
Does anybody know if there might be another way to accomplish this? I
spent a lot of time making this work, and now it's broke!
Thanks
-- You might try creating the