HTA can't run ie4uinit.exe

I'm trying to refresh desktop icons from an HTA using the following:

var shell = new ActiveXObject("WScript.Shell");
shell.run("C:\\Windows\\System32\\ie4uinit.exe -show");

I'm running it as administrator and I'm positive C:\Windows\System32\ie4uinit.exe exists.

If I use the exactly same command from a vbscript .vbs it runs the file successfuly.

Is it some kind of restriction? Why HTA can't run C:\Windows\System32\ie4uinit.exe ?

The error message:

How can I make this work?

Azevedo

Posted 2018-09-18T20:59:26.540

Reputation: 511

So what is the error message when it doesn't work? – DavidPostill – 2018-09-18T21:16:33.960

I updated the question with the error screen. – Azevedo – 2018-09-18T21:32:22.610

It still seems to me that 32-bit redirection can account for ie4uinit not found. Are you sure you are executing in 64-bit mode at the moment the dialog is displayed? – harrymc – 2018-09-21T18:41:23.460

Positive. 64bit. I checked the proccess image in the task manager. – Azevedo – 2018-09-21T20:29:10.927

What happens when you run as System using psexec -i -s? As another test enable for your account Bypass traverse checking.

– harrymc – 2018-09-22T07:24:12.633

Could you also show the contents of the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htafile\Shell\Open\Command and the header tags of your HTML. – harrymc – 2018-09-22T09:09:23.827

The reg key contains: C:\Windows\SysWOW64\mshta.exe "%1" {1A460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1A460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* – Azevedo – 2018-09-22T12:41:52.550

This is the 32-bit HTA handler : C:\Windows\SysWOW64\mshta.exe - SysWOW64. It looks more and more like redirection is the answer, even if by some unknown magic the dialog is produced by a 64-bit task. You might try using C:\Windows\System32\mshta.exe, but it might break some stuff - there is a reason for the 32-bit version being the default handler. – harrymc – 2018-09-22T15:32:12.867

Answers

Your registry key of HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htafile\Shell\Open\Command contains the value of :

C:\Windows\SysWOW64\mshta.exe "%1" {1A460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1A460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*

The is the 32-bit HTA handler, which means that you are running in 32-bit mode.

This further means that you are using the 32-bit version of VBScript, so that Windows file redirection is actually causing it to look in C:\Windows\SysWOW64, where ie4uinit.exe does not exist.

A solution to avoid maintaining two different versions of your VBScript scripts is to be found in this ServerFault answer.

Alternatively, you might try starting your application using the 64-bit HTA handler, found at C:\Windows\System32\mshta.exe.

You should be aware of the fact that Microsoft is no longer actively supporting HTA applications, preferring instead to concentrate on Windows Forms and similar technologies, so it is quite likely that HTA will become deprecated some time in the future.

harrymc

Posted 2018-09-18T20:59:26.540

Reputation: 306 093

All 64bit here. Still not that. I've given the full path to ie4uinit.exe – Azevedo – 2018-09-21T18:29:56.027

Task Manager in Windows 10 no longer shows the 32- and 64-bitness of a process. You need Process Explorer for that, showing the Image Type column, or double-click the exe and see it in the Image field. – harrymc – 2018-09-22T16:36:01.930

You may still in theory access the real system32 by using the File System Redirector : C:\Windows\Sysnative\ie4uinit.exe, although I don't know how well this will work in your environment. Note that Sysnative is not a directory, only a traversal tool, and that it doesn't exist for 64-bit apps.

– harrymc – 2018-09-23T07:07:12.040

@Azevedo: Any comments? – harrymc – 2018-09-25T17:05:36.050

Still the same. – Azevedo – 2018-09-25T18:00:53.810

It will stay the same as long as you run in 32-bit mode. The link I gave has a solution which I haven't tested. – harrymc – 2018-09-25T18:29:10.557

Do you still have some misgivings about the correctness of my answer? – harrymc – 2018-09-28T08:50:11.057