Strange CMD behavior

November 9, 2010 at 08:59:03
Specs: WinNT4 - Win7
I'm bored. More specifically, I'm bored of answering homework questions, so I'm going to do something different.

What's going on here?

Tue 11/09/2010 11.46.05.78
E:\>w:
The system cannot find the drive specified.


Tue 11/09/2010 11.46.15.06
E:\>subst w: "%systemroot%"


Tue 11/09/2010 11.46.22.28
E:\>w:


Tue 11/09/2010 11.46.23.76
W:\system32\drivers\etc>
How'd I get to W:\system32\drivers\etc? The drive didn't exist two seconds ago, and I never issued a CD nor PUSHD, so why isn't my working directory W:\?

The answer is kinda stupid once you know what's happening, but a little trivia never hurt anyone, right?

How To Ask Questions The Smart Way


See More: Strange CMD behavior

Report •


#1
November 9, 2010 at 09:03:10
If it is a laptop do you use it at work as part of a domain because W: would normaly be a network drive. im going to say network drive.

Report •

#2
November 9, 2010 at 09:12:03
Good guess, but I created the drive with SUBST just seconds ago.

How To Ask Questions The Smart Way


Report •

#3
November 9, 2010 at 11:55:19
My guess would be either cmd was invoked via CreateProcess with a custom environment block or there was some commands prior to what is listed......


Cmd uses internal environment variables to hold the current directory. subst doesn't seem to clear these variables (at least not on xp), leading to such behaviour......


My best guess....

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Judago>subst n: "%systemroot%"

C:\Documents and Settings\Judago>n:

N:\>cd system32

N:\system32>cd drivers

N:\system32\drivers>cd etc

N:\system32\drivers\etc>c:

C:\Documents and Settings\Judago>subst /d n:

C:\Documents and Settings\Judago>n:
The system cannot find the drive specified.

C:\Documents and Settings\Judago>subst n: "%systemroot%"

C:\Documents and Settings\Judago>n:

N:\system32\drivers\etc>set "
=C:=C:\Documents and Settings\Judago
=ExitCode=00000000
=N:=N:\system32\drivers\etc

....(truncated)



Report •

Related Solutions

#4
November 9, 2010 at 18:15:53
Judago: Cmd uses internal environment variables to hold the current directory.
We have a winner! Faster than I'd thought, too. As for the "How?" well . . .
Tue 11/09/2010 21.06.41.62
E:\>reg query HKCU\Environment /v =W:

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Environment
    =W: REG_SZ  W:\system32\drivers\etc

The funny thing about this trick is the full path, allowing me to abuse the system like this:
Tue 11/09/2010 21.07.38.90
E:\>reg query HKCU\Environment /v =C:

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Environment
    =C: REG_SZ  E:\temp



Tue 11/09/2010 21.11.05.25
E:\>c:


Tue 11/09/2010 21.11.07.00
E:\temp>
I'm just not sure how to make something productive out of it. Granted, C:readme.txt is shorter than e:\temp\readme.txt, but that's what SUBST is for.

Also, The Old New Thing is an awesome blog, and everyone interested in the workings and concepts of Windows should read it.
How To Ask Questions The Smart Way


Report •

#5
November 9, 2010 at 19:32:30
I didn't even think about globals! That means that there would be at least three ways to achieve the same thing.


Razor2.3: Also, The Old New Thing is an awesome blog, and everyone interested in the workings and concepts of Windows should read it.

Agreed. I hadn't even read today's article when I posted, but it's suspiciously close in topic to this thread (well sort of...).


Report •


Ask Question