4

Test Environment:

  • Windows 10 professional edition x64, True
  • Windows Server 2003 R2 x86, False
  • Windows Server 2008 R2 Enterprise x64, False
  • Windows Server 2008 R2 DataCenter x64, True

There are 2(or 3 depends on x86 or x64) notepad.exe in Windows\, respectively Windows\notepad.exe; Windows\System32\notepad.exe; Windows\SysWOW64\notepad.exe. In the mentioned environments marked as True, all these three show this behavior below.

Behavior:

when I copy notepad.exe (to any location), the copied executable will not launch when executed, no matter where I put it. there is no warning, there is no process being created. For this I checked serveral settings:

  1. file permission.
    • file permission looks OK, i.e. has the execution permission set.
  2. file ownership.
    • actually this should be irrelevant, but just in case, I checked that ownership of original notepad is "TrustedInstaller", the copied executable's owner is Administrator Group, grant ownership back to TrustedInstaller didn't help, either.
  3. Software Restriction Policy & AppLocker Policy
    • there are no such policies on my system when I use gpedit.msc to check them. ( I thought of hidden defaults, but that theory won't hold as it does not seem to be the case for other executables in System32, such as calc.exe/cmd.exe etc.)

Other Behaviors:

I have tried launching the copied executable using cmd/powershell/start, but no avail.

I tried copy cmd.exe/calc.exe/other executables in System32/other random executables I have/ to system32/, only notepad.exe seems to showing this behavior.

I tried to takeown of the original notepad.exe, and rename it to notepad2.exe, then it won't launch, if you change the name back to notepad.exe, it will launch again.

The Question:

I wonder what's the mechanism that does this?

Improve this question
2
  • I was unable to reproduce this problem on any of my Windows Server VMs
    – Ramhound
    Commented May 31, 2017 at 2:22
  • What happens if you do the same thing with other executables?  Have you tried running them from the Command Prompt, with or without the start command? Please do not respond in comments; edit your question to make it clearer and more complete.
    – Scott - Слава Україні
    Commented May 31, 2017 at 2:23

1 Answer 1

Reset to default
4

Answered by Sander Berkouwer in social.technet.microsoft.com:

Mark Russinovich ran into the same problem when he copied notepad.exe from the Windows directory to his profile directory. After some fiddling he found out the following:

"I knew that .mui files store language-dependent resources like strings and accelerators, so I was pretty certain that Notepad’s failure to load its accelerators was due to its inability to find the appropriate resource file for my local, US English (En-us). To verify this I made an En-us subdirectory in my profile directory and copied Notepad.exe.mui into it, reran Notepad from my directory, and it worked."

I guess your solution is to get notepad.exe.mui in a subfolder named like your locale.

Your OS language may differ, if in doubt, just search for Notepad.exe.mui file.

The answer for the question is "this is not an explicit mechanism preventing the moved executable from being loaded, this is a reference resolution". I can confirm that the described method is working.

Improve this answer
3
  • Berkouwer's answer relies on Mark Russinovich's blog as its main source, so I would suggest editing in the current URL of that blog post: learn.microsoft.com/en-us/archive/blogs/markrussinovich/…
    – AJM
    Commented Nov 29, 2023 at 13:52
  • 1
    Thanks for the feedback. I have included the fresh link in the answer. It was probably lost when I copy-pasted the text initially.
    – user488399
    Commented Nov 30, 2023 at 18:13
  • Thanks for adding the link.
    – AJM
    Commented Nov 30, 2023 at 18:51

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .