How to set Environment Variables

Iron Contributor

@Tim Mangan I tried to set a environment variable using HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment, but that is not being picked up by the package. The configured variable does not appear in the package. Seems to be the same issue as with App-V 5.1. There is does not work also.

 

So I tried using the PSF tooling. My config.json is configured like

{
	"enableReportError": true,
	"applications": [],
	"processes": [],
	"config": {
		"dll": "EnvVarFixup32.dll",
		"EnvVars": [{
				"name": "APP_HOME",
				"value": "C:\\Program Files\\Test\\Test",
				"useregistry": "false"
			},
			{
				"name": "APP_TEST1",
				"value": "TestTestTest",
				"useregistry": "false"
			},
			{
				"name": "APP_TEST2",
				"value": "VFS\\ProgramFilesX64\\Zulu",
				"useregistry": "false"
			},
			{
				"name": "JAVA_HOME",
				"value": "C:\\Program Files\\Zulu\\zulu-8-jre\\bin",
				"useregistry": "false"
			}
		]
	}

}

But after deploying the package, none of the environment variables do appear in by cmd process. What am i doing wrong. I also added the file EnvVarFixup32.dll to the root of the package.

8 Replies

@TIMOTHY MANGAN We did some further testing with the variables and found out the following.

 

Using the examples decribed in MSIX-PackageSupportFramework/readme.md at develop · TimMangan/MSIX-PackageSupportFramework · GitHub we use:

                              {
                              	"dll": "EnvVarFixup.dll",
                                   	"config": {
                              		"EnvVars": [{
                              					"name": "ENVTEST1",
                              					"value": "Test1!",
                              					"useregistry": "false"
                              				},

But this is not working. Why, because in the code the envVars is case-sensitive. When using envVars it is all working ;) EnvVars is wrong and envVars is working.

According to the debug logs we see it is working.

Pollewops_0-1633012616717.png

 

However when starting a cmd and dump the environment variables, we do not see them available. Any idea why?

 

Thanks for the note on case sensitivity. Yes, the json is case sensitive and apparently the readme is incorrect; in that case I'll update the readme.

As to the other question, the package environment variables are not implemented in a list form (we have no intercept for that), but if you were to try to use the variable in a command inside that cmd window you should find that it works. As I don't see apps trying to list the variables before using them I don't think we need to fix that. But let me know if I'm wrong about that.
So in a cmd, the SET command wont’t list the configured variable, but an ECHO %TESTVAR% does or should display it?
As long as the cmd is running in the container with EnVarFixup, yes. At least that is the plan...
You should check the config.json file. I'm not sure if PsfTooling covers this case, but TMEditX should.

PsfTooling tries to be more surgical and not apply things where they aren't needed by default, whereas TMEdit by default tries to cover everything.

So with PsfTooling the Processes section tries to set a process match based on the individual shortcut target and it probably does not handle the shell launch cases (cmd, txt, pdf, etc files). You might need to manually change the process to ".*" which is what TMEditX does.

@TIMOTHY MANGAN Thanks for your support in all these questions. I updated my JSON and package and did another test. Below my CONFIG.JSON which basically contains 3 shortcuts to a BAT, CMD and PS1 file to start in the bubble.

{
	"applications": [{
			"id": "PSFLAUNCHER2",
			"executable": "c:\\program files\\Test\\Test.cmd",
			"arguments": "",
			"workingDirectory": "VFS\\ProgramFilesX64\\Test"
		},
		{
			"id": "PSFLAUNCHER1",
			"executable": "c:\\program files\\Test\\Test.bat",
			"arguments": "",
			"workingDirectory": "VFS\\ProgramFilesX64\\Test"
		},
		{
			"id": "PSFLAUNCHER3",
			"executable": "c:\\windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe",
			"arguments": "-ExecutionPolicy Bypass -file Test.ps1",
			"workingDirectory": "VFS\\ProgramFilesX64\\Test"
		}
	],
	"processes": [{
		"executable": ".*",
		"fixups": [{
				"dll": "TraceFixup.dll",
				"config": {
					"traceMethod": "outputDebugString",
					"traceLevels": {
						"default": "allFailures"
					}
				}
			},
			{
				"dll": "EnvVarFixup.dll",
				"config": {
					"envVars": [{
							"name": "APPHOME",
							"value": "APP-HOME Test",
							"useregistry": "false"
						},
						{
							"name": "JAVAHOME",
							"value": "JAVA-HOME Test",
							"useregistry": "false"
						},
						{
							"name": "VARTEST1",
							"value": "VAR Test One",
							"useregistry": "false"
						}
					]
				}
			}
		]
	}]
}

The CMD files contained a piece of code like:

echo "APPHOME %APPHOME%"
echo "JAVAHOME %JAVAHOME%"
echo "VARTEST1 %VARTEST1%"

 The outcome of my CMD is:

Pollewops_0-1633333539806.png

The Debug logs show:

00000001	0.00000000	[3116]  g_PackageFullName=test_1.0.23.0_x64__fg0t8wag126gc	
00000002	0.00004560	[3116]  g_PackageFamilyName=test_fg0t8wag126gc	
00000003	0.00010110	[3116]  g_ApplicationUserModelId=test_fg0t8wag126gc!PSFLAUNCHER2	
00000004	0.00014800	[3116]  g_ApplicationId=PSFLAUNCHER2	
00000005	0.00019480	[3116]  g_PackageRootPath=C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc	
00000006	0.00024190	[3116]  g_FinalPackageRootPath=\\?\C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc	
00000007	0.00029260	[3116]  g_CurrentExecutable=C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\VFS\ProgramFilesX64\Test\PsfLauncher2.exe	
00000008	0.00053690	[3116] Config.json not found in root of package C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc, look elsewhere.	
00000009	0.00074920	[3116] Config.json found in executable folder of package C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc	
00000010	0.00254990	[3116]  Processes config match=.*	
00000011	0.00334180	[3116] PsfRuntime is ready.	
00000012	0.00378480	[3116]  fixup not found at root of package, look elsewhere TraceFixup32.dll.	
00000013	0.00984140	[3116] config traceMethod is default	
00000014	0.01008900	[3116]  fixup found at . C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\VFS\ProgramFilesX64\Test\TraceFixup32.dll	
00000015	0.01059720	[3116]  Inject into current process: C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\VFS\ProgramFilesX64\Test\TraceFixup32.dll	
00000016	0.01171350	[3116] LoadLibrary:	
00000017	0.01178380	[3116]  File Name=C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\EnvVarFixup.dll	
00000018	0.01237080	[3116]  Result=Expected Failure	
00000019	0.01246850	[3116]  Last Error=126 (The specified module could not be found)	
00000020	0.01271630	[3116]  Calling Module=C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\VFS\ProgramFilesX64\Test\PsfRuntime32.dll	
00000021	0.01279940	[3116] LoadLibrary:	
00000022	0.01286590	[3116]  File Name=C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\EnvVarFixup32.dll	
00000023	0.01314120	[3116]  Result=Expected Failure	
00000024	0.01322660	[3116]  Last Error=126 (The specified module could not be found)	
00000025	0.01331330	[3116]  Calling Module=C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\VFS\ProgramFilesX64\Test\PsfRuntime32.dll	
00000026	0.01352820	[3116]  fixup not found at root of package, look elsewhere EnvVarFixup32.dll.	
00000027	0.01683790	[3116] NtQueryValueKey:	
00000028	0.01694030	[3116]  Value Name=	
00000029	0.01701370	[3116] PreferExternalManifest	
00000030	0.01707890	[3116] 	
00000031	0.01741750	[3116]  Result=Expected Failure	
00000032	0.01750540	[3116]  Status=C0000034 (Object Name not found)	
00000033	0.01837390	[3116]  Calling Module=C:\Windows\System32\KERNEL32.DLL	
00000034	0.01849100	[3116] Attaching EnvVarFixup	
00000035	0.01863870	[3116] Initializing EnvVarFixup	
00000036	0.01879930	[3116] EnvVarFixup InitializeConfiguration()	
00000037	0.01886130	[3116] [0] GetEnvFixup Config: name=APPHOME	
00000038	0.01892110	[3116] [0] GetEnvFixup Config: value=APP-HOME Test	
00000039	0.01915770	[3116] [0] GetEnvFixup Config: useregistry=false	
00000040	0.01922140	[3116] [0] GetEnvFixup Config: name=JAVAHOME	
00000041	0.01928080	[3116] [0] GetEnvFixup Config: value=JAVA-HOME Test	
00000042	0.01938060	[3116] [0] GetEnvFixup Config: useregistry=false	
00000043	0.01944040	[3116] [0] GetEnvFixup Config: name=VARTEST1	
00000044	0.01949940	[3116] [0] GetEnvFixup Config: value=VAR Test One	
00000045	0.01958590	[3116] [0] GetEnvFixup Config: useregistry=false	
00000046	0.01966940	[3116] EnvVarFixup: 3 config items read.	
00000047	0.01993030	[3116]  fixup found at . C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\VFS\ProgramFilesX64\Test\EnvVarFixup32.dll	
00000048	0.02029310	[3116]  Inject into current process: C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\VFS\ProgramFilesX64\Test\EnvVarFixup32.dll	
00000049	0.02039270	[3116]  In Launcher_main()	
00000050	0.02289420	[3116]  Json Application match against id=PSFLAUNCHER2	
00000051	0.02299730	[3116] NtQueryValueKey:	
00000052	0.02308230	[3116]  Value Name=	
00000053	0.02315720	[3116] ParentFolder	
00000054	0.02321850	[3116] 	
00000055	0.02330060	[3116]  Result=Expected Failure	
00000056	0.02337280	[3116]  Status=C0000034 (Object Name not found)	
00000057	0.02656720	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000058	0.02668540	[3116] NtQueryValueKey:	
00000059	0.02675330	[3116]  Value Name=	
00000060	0.02681540	[3116] Description	
00000061	0.02687360	[3116] 	
00000062	0.02693300	[3116]  Result=Expected Failure	
00000063	0.02701090	[3116]  Status=C0000034 (Object Name not found)	
00000064	0.02708410	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000065	0.02722250	[3116] NtQueryValueKey:	
00000066	0.02729720	[3116]  Value Name=	
00000067	0.02735990	[3116] ParsingName	
00000068	0.02741800	[3116] 	
00000069	0.02747890	[3116]  Result=Expected Failure	
00000070	0.02755710	[3116]  Status=C0000034 (Object Name not found)	
00000071	0.02762990	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000072	0.02770830	[3116] NtQueryValueKey:	
00000073	0.02776710	[3116]  Value Name=	
00000074	0.02782500	[3116] InfoTip	
00000075	0.02788240	[3116] 	
00000076	0.02794050	[3116]  Result=Expected Failure	
00000077	0.02801340	[3116]  Status=C0000034 (Object Name not found)	
00000078	0.02808370	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000079	0.02815910	[3116] NtQueryValueKey:	
00000080	0.02821750	[3116]  Value Name=	
00000081	0.02827620	[3116] LocalizedName	
00000082	0.02833450	[3116] 	
00000083	0.02839230	[3116]  Result=Expected Failure	
00000084	0.02846330	[3116]  Status=C0000034 (Object Name not found)	
00000085	0.02853380	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000086	0.02860960	[3116] NtQueryValueKey:	
00000087	0.02866850	[3116]  Value Name=	
00000088	0.02872930	[3116] Icon	
00000089	0.02878640	[3116] 	
00000090	0.02884530	[3116]  Result=Expected Failure	
00000091	0.02891580	[3116]  Status=C0000034 (Object Name not found)	
00000092	0.02898500	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000093	0.02906050	[3116] NtQueryValueKey:	
00000094	0.02911870	[3116]  Value Name=	
00000095	0.02917670	[3116] Security	
00000096	0.02923500	[3116] 	
00000097	0.02929300	[3116]  Result=Expected Failure	
00000098	0.02936450	[3116]  Status=C0000034 (Object Name not found)	
00000099	0.02943540	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000100	0.02951060	[3116] NtQueryValueKey:	
00000101	0.02956840	[3116]  Value Name=	
00000102	0.02962720	[3116] StreamResource	
00000103	0.02968310	[3116] 	
00000104	0.02974050	[3116]  Result=Expected Failure	
00000105	0.02981080	[3116]  Status=C0000034 (Object Name not found)	
00000106	0.02989300	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000107	0.02997100	[3116] NtQueryValueKey:	
00000108	0.03002890	[3116]  Value Name=	
00000109	0.03008800	[3116] StreamResourceType	
00000110	0.03014450	[3116] 	
00000111	0.03020370	[3116]  Result=Expected Failure	
00000112	0.03027440	[3116]  Status=C0000034 (Object Name not found)	
00000113	0.03034320	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000114	0.03042770	[3116] NtQueryValueKey:	
00000115	0.03048640	[3116]  Value Name=	
00000116	0.03054460	[3116] Roamable	
00000117	0.03060220	[3116] 	
00000118	0.03066080	[3116]  Result=Expected Failure	
00000119	0.03073140	[3116]  Status=C0000034 (Object Name not found)	
00000120	0.03080270	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000121	0.03088150	[3116] NtQueryValueKey:	
00000122	0.03094060	[3116]  Value Name=	
00000123	0.03100140	[3116] PreCreate	
00000124	0.03108280	[3116] 	
00000125	0.03114510	[3116]  Result=Expected Failure	
00000126	0.03121980	[3116]  Status=C0000034 (Object Name not found)	
00000127	0.03129160	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000128	0.03136850	[3116] NtQueryValueKey:	
00000129	0.03142700	[3116]  Value Name=	
00000130	0.03148540	[3116] Stream	
00000131	0.03154230	[3116] 	
00000132	0.03160050	[3116]  Result=Expected Failure	
00000133	0.03167240	[3116]  Status=C0000034 (Object Name not found)	
00000134	0.03174200	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000135	0.03182630	[3116] NtQueryValueKey:	
00000136	0.03188520	[3116]  Value Name=	
00000137	0.03194370	[3116] DefinitionFlags	
00000138	0.03200150	[3116] 	
00000139	0.03205990	[3116]  Result=Expected Failure	
00000140	0.03213090	[3116]  Status=C0000034 (Object Name not found)	
00000141	0.03220330	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000142	0.03227770	[3116] NtQueryValueKey:	
00000143	0.03233640	[3116]  Value Name=	
00000144	0.03240620	[3116] Attributes	
00000145	0.03246380	[3116] 	
00000146	0.03252190	[3116]  Result=Expected Failure	
00000147	0.03259300	[3116]  Status=C0000034 (Object Name not found)	
00000148	0.03266330	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000149	0.03273900	[3116] NtQueryValueKey:	
00000150	0.03279750	[3116]  Value Name=	
00000151	0.03285660	[3116] FolderTypeID	
00000152	0.03291310	[3116] 	
00000153	0.03297220	[3116]  Result=Expected Failure	
00000154	0.03304200	[3116]  Status=C0000034 (Object Name not found)	
00000155	0.03311510	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000156	0.03319060	[3116] NtQueryValueKey:	
00000157	0.03324900	[3116]  Value Name=	
00000158	0.03330820	[3116] InitFolderHandler	
00000159	0.03336530	[3116] 	
00000160	0.03342350	[3116]  Result=Expected Failure	
00000161	0.03349380	[3116]  Status=C0000034 (Object Name not found)	
00000162	0.03356360	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000163	0.03403190	[3116] NtOpenKey:	
00000164	0.03414450	[3116]  Path=	
00000165	0.03420810	[3116] PropertyBag	
00000166	0.03426580	[3116] 	
00000167	0.03433000	[3116]  Root=\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}	
00000168	0.03439310	[3116]  Object Attributes=00000040	
00000169	0.03445040	[3116]  (	
00000170	0.03451150	[3116] OBJ_CASE_INSENSITIVE	
00000171	0.03456850	[3116] )	
00000172	0.03462510	[3116] 	
00000173	0.03469040	[3116]  Access=00020019	
00000174	0.03474780	[3116]  (	
00000175	0.03480790	[3116] KEY_QUERY_VALUE	
00000176	0.03489620	[3116]  | KEY_ENUMERATE_SUB_KEYS	
00000177	0.03574550	[3116]  | KEY_NOTIFY	
00000178	0.03582660	[3116]  | READ_CONTROL	
00000179	0.03588980	[3116] )	
00000180	0.03594830	[3116] 	
00000181	0.03607760	[3116]  Options=00000000	
00000182	0.03614270	[3116]  (REG_OPTION_NON_VOLATILE)	
00000183	0.03620070	[3116] 	
00000184	0.03626030	[3116]  Result=Expected Failure	
00000185	0.03633770	[3116]  Status=C0000034 (Object Name not found)	
00000186	0.03641020	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000187	0.03668250	[3116] NtOpenKey:	
00000188	0.03677800	[3116]  Path=	
00000189	0.03683950	[3116] KnownFolders	
00000190	0.03689710	[3116] 	
00000191	0.03701170	[3116]  Root=\REGISTRY\USER\S-1-5-21-2396449878-2845259392-2342097501-10863\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\3	
00000192	0.03707520	[3116]  Object Attributes=00000040	
00000193	0.03713260	[3116]  (	
00000194	0.03719100	[3116] OBJ_CASE_INSENSITIVE	
00000195	0.03724890	[3116] )	
00000196	0.03730940	[3116] 	
00000197	0.03737190	[3116]  Access=00000001	
00000198	0.03742890	[3116]  (	
00000199	0.03748600	[3116] KEY_QUERY_VALUE	
00000200	0.03754390	[3116] )	
00000201	0.03760020	[3116] 	
00000202	0.03765930	[3116]  Options=00000000	
00000203	0.03771870	[3116]  (REG_OPTION_NON_VOLATILE)	
00000204	0.03777480	[3116] 	
00000205	0.03783370	[3116]  Result=Expected Failure	
00000206	0.03790690	[3116]  Status=C0000034 (Object Name not found)	
00000207	0.03797830	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000208	0.03831000	[3116] NtQueryValueKey:	
00000209	0.03837420	[3116]  Value Name=	
00000210	0.03843200	[3116] en-US	
00000211	0.03849070	[3116] 	
00000212	0.03856540	[3116]  Result=Expected Failure	
00000213	0.03863830	[3116]  Status=C0000034 (Object Name not found)	
00000214	0.03875290	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000215	0.03881350	[3116] NtQueryValueKey:	
00000216	0.03887390	[3116]  Value Name=	
00000217	0.03893190	[3116] en-US	
00000218	0.03899050	[3116] 	
00000219	0.03906140	[3116]  Result=Expected Failure	
00000220	0.03913270	[3116]  Status=C0000034 (Object Name not found)	
00000221	0.03943260	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000222	0.03950170	[3116] NtQueryValueKey:	
00000223	0.03956140	[3116]  Value Name=	
00000224	0.03962050	[3116] en-US	
00000225	0.03967910	[3116] 	
00000226	0.03975260	[3116]  Result=Expected Failure	
00000227	0.03982420	[3116]  Status=C0000034 (Object Name not found)	
00000228	0.04017470	[3116]  Calling Module=C:\Windows\System32\KERNEL32.DLL	
00000229	0.04038520	[3116] NtQueryValueKey:	
00000230	0.04045030	[3116]  Value Name=	
00000231	0.04054990	[3116] en	
00000232	0.04062430	[3116] 	
00000233	0.04070350	[3116]  Result=Expected Failure	
00000234	0.04077800	[3116]  Status=C0000034 (Object Name not found)	
00000235	0.04102450	[3116]  Calling Module=C:\Windows\System32\KERNEL32.DLL	
00000236	0.04111930	[3116] NtOpenKey:	
00000237	0.04118390	[3116]  Path=	
00000238	0.04124240	[3116] Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings	
00000239	0.04130320	[3116] 	
00000240	0.04136590	[3116]  Root=\REGISTRY\MACHINE	
00000241	0.04142450	[3116]  Object Attributes=00000040	
00000242	0.04148300	[3116]  (	
00000243	0.04154070	[3116] OBJ_CASE_INSENSITIVE	
00000244	0.04159860	[3116] )	
00000245	0.04166060	[3116] 	
00000246	0.04171850	[3116]  Access=00000001	
00000247	0.04177730	[3116]  (	
00000248	0.04183600	[3116] KEY_QUERY_VALUE	
00000249	0.04189330	[3116] )	
00000250	0.04195390	[3116] 	
00000251	0.04201250	[3116]  Options=00000000	
00000252	0.04206990	[3116]  (REG_OPTION_NON_VOLATILE)	
00000253	0.04212890	[3116] 	
00000254	0.04220350	[3116]  Result=Expected Failure	
00000255	0.04227690	[3116]  Status=C0000034 (Object Name not found)	
00000256	0.04238670	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000257	0.04242470	[3116] NtOpenKey:	
00000258	0.04252870	[3116]  Path=	
00000259	0.04258550	[3116] Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings	
00000260	0.04262960	[3116] 	
00000261	0.04267680	[3116]  Root=\REGISTRY\MACHINE	
00000262	0.04272560	[3116]  Object Attributes=00000040	
00000263	0.04277330	[3116]  (	
00000264	0.04281320	[3116] OBJ_CASE_INSENSITIVE	
00000265	0.04286010	[3116] )	
00000266	0.04289940	[3116] 	
00000267	0.04294750	[3116]  Access=00000001	
00000268	0.04299020	[3116]  (	
00000269	0.04303420	[3116] KEY_QUERY_VALUE	
00000270	0.04307800	[3116] )	
00000271	0.04312130	[3116] 	
00000272	0.04316640	[3116]  Options=00000000	
00000273	0.04321160	[3116]  (REG_OPTION_NON_VOLATILE)	
00000274	0.04325400	[3116] 	
00000275	0.04329790	[3116]  Result=Expected Failure	
00000276	0.04335610	[3116]  Status=C0000034 (Object Name not found)	
00000277	0.04341280	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000278	0.04355460	[3116]  StartingScript commandString=	
00000279	0.04359150	[3116]  StartingScript currentDirectory=	
00000280	0.04362850	[3116] StartingScript waitForScriptToFinish=true	
00000281	0.04371060	[3116]  Shell Launch=c:\program files\Test\Test.cmd	
00000282	0.04374740	[3116]     Arguments=	
00000283	0.04378500	[3116]  Working Directory: =C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\VFS\ProgramFilesX64\Test	
00000284	0.04410870	[3116] NtQueryValueKey:	
00000285	0.04417780	[3116]  Value Name=	
00000286	0.04422410	[3116] PackageRootFolder	
00000287	0.04426650	[3116] 	
00000288	0.04431120	[3116]  Result=Expected Failure	
00000289	0.04437940	[3116]  Status=80000005 (Buffer Overflow)	
00000290	0.04441810	[3116]  Required Length=136	
00000291	0.04447420	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000292	0.04455200	[3116] NtQueryValueKey:	
00000293	0.04459670	[3116]  Value Name=	
00000294	0.04464090	[3116] PackageStatus	
00000295	0.04468240	[3116] 	
00000296	0.04478860	[3116]  Result=Expected Failure	
00000297	0.04486820	[3116]  Status=C0000034 (Object Name not found)	
00000298	0.04495220	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000299	0.04501210	[3116] NtQueryValueKey:	
00000300	0.04507140	[3116]  Value Name=	
00000301	0.04512890	[3116] PackageSid	
00000302	0.04518770	[3116] 	
00000303	0.04526360	[3116]  Result=Expected Failure	
00000304	0.04532640	[3116]  Status=80000005 (Buffer Overflow)	
00000305	0.04537140	[3116]  Required Length=52	
00000306	0.04541110	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000307	0.04549300	[3116] NtQueryValueKey:	
00000308	0.04554210	[3116]  Value Name=	
00000309	0.04558070	[3116] CapabilitySids	
00000310	0.04562270	[3116] 	
00000311	0.04566660	[3116]  Result=Expected Failure	
00000312	0.04577090	[3116]  Status=80000005 (Buffer Overflow)	
00000313	0.04583780	[3116]  Required Length=56	
00000314	0.04590110	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000315	0.04607180	[3116] NtQueryValueKey:	
00000316	0.04611830	[3116]  Value Name=	
00000317	0.04616400	[3116] DevelopmentMode	
00000318	0.04620690	[3116] 	
00000319	0.04625170	[3116]  Result=Expected Failure	
00000320	0.04631100	[3116]  Status=C0000034 (Object Name not found)	
00000321	0.04636710	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000322	0.04724710	[3116] NtOpenKey:	
00000323	0.04732410	[3116]  Path=	
00000324	0.04737470	[3116] SOFTWARE\Microsoft\OLEAUT	
00000325	0.04741730	[3116] 	
00000326	0.04746380	[3116]  Root=\REGISTRY\MACHINE	
00000327	0.04751000	[3116]  Object Attributes=00000040	
00000328	0.04755320	[3116]  (	
00000329	0.04760230	[3116] OBJ_CASE_INSENSITIVE	
00000330	0.04764010	[3116] )	
00000331	0.04768300	[3116] 	
00000332	0.04772820	[3116]  Access=00000001	
00000333	0.04777110	[3116]  (	
00000334	0.04782520	[3116] KEY_QUERY_VALUE	
00000335	0.04785560	[3116] )	
00000336	0.04789790	[3116] 	
00000337	0.04794220	[3116]  Options=00000000	
00000338	0.04798700	[3116]  (REG_OPTION_NON_VOLATILE)	
00000339	0.04803320	[3116] 	
00000340	0.04807730	[3116]  Result=Expected Failure	
00000341	0.04813510	[3116]  Status=C0000034 (Object Name not found)	
00000342	0.04819560	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000343	0.04917650	[3116] NtOpenKey:	
00000344	0.04930140	[3116]  Path=	
00000345	0.04935100	[3116] SOFTWARE\Microsoft\Windows NT\CurrentVersion\msasn1	
00000346	0.04938060	[3116] 	
00000347	0.04942140	[3116]  Root=\REGISTRY\MACHINE	
00000348	0.04946860	[3116]  Object Attributes=00000040	
00000349	0.04951200	[3116]  (	
00000350	0.04955610	[3116] OBJ_CASE_INSENSITIVE	
00000351	0.04959920	[3116] )	
00000352	0.04964050	[3116] 	
00000353	0.04968740	[3116]  Access=00020019	
00000354	0.04973060	[3116]  (	
00000355	0.04978000	[3116] KEY_QUERY_VALUE	
00000356	0.04981840	[3116]  | KEY_ENUMERATE_SUB_KEYS	
00000357	0.04986270	[3116]  | KEY_NOTIFY	
00000358	0.04992780	[3116]  | READ_CONTROL	
00000359	0.04997520	[3116] )	
00000360	0.05001680	[3116] 	
00000361	0.05005910	[3116]  Options=00000000	
00000362	0.05011150	[3116]  (REG_OPTION_NON_VOLATILE)	
00000363	0.05014490	[3116] 	
00000364	0.05018920	[3116]  Result=Expected Failure	
00000365	0.05025400	[3116]  Status=C0000034 (Object Name not found)	
00000366	0.05030550	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000367	0.05063890	[3116] NtCreateKey:	
00000368	0.05070630	[3116]  Path=	
00000369	0.05075200	[3116] Software\Microsoft\SecurityManager\CapAuthz\HasRepaired	
00000370	0.05079520	[3116] 	
00000371	0.05084590	[3116]  Root=\REGISTRY\MACHINE	
00000372	0.05088670	[3116]  Object Attributes=00000040	
00000373	0.05092930	[3116]  (	
00000374	0.05097330	[3116] OBJ_CASE_INSENSITIVE	
00000375	0.05101590	[3116] )	
00000376	0.05105840	[3116] 	
00000377	0.05110540	[3116]  Access=0000000E	
00000378	0.05114820	[3116]  (	
00000379	0.05119170	[3116] KEY_SET_VALUE	
00000380	0.05123520	[3116]  | KEY_CREATE_SUB_KEY	
00000381	0.05127880	[3116]  | KEY_ENUMERATE_SUB_KEYS	
00000382	0.05132220	[3116] )	
00000383	0.05136460	[3116] 	
00000384	0.05140800	[3116]  Class=	
00000385	0.05145130	[3116] 	
00000386	0.05149710	[3116]  Options=00000001	
00000387	0.05154010	[3116]  (	
00000388	0.05158340	[3116] REG_OPTION_VOLATILE	
00000389	0.05162650	[3116] )	
00000390	0.05167300	[3116] 	
00000391	0.05171240	[3116]  Result=Failure	
00000392	0.05177470	[3116]  Status=C0000022 (Access Denied)	
00000393	0.05182690	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000394	0.05216220	[3116] NtCreateKey:	
00000395	0.05224260	[3116]  Path=	
00000396	0.05228780	[3116] HasRepaired	
00000397	0.05233100	[3116] 	
00000398	0.05237860	[3116]  Root=\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz	
00000399	0.05242620	[3116]  Object Attributes=00000040	
00000400	0.05246930	[3116]  (	
00000401	0.05251320	[3116] OBJ_CASE_INSENSITIVE	
00000402	0.05255620	[3116] )	
00000403	0.05259910	[3116] 	
00000404	0.05264640	[3116]  Access=0000000E	
00000405	0.05268910	[3116]  (	
00000406	0.05273330	[3116] KEY_SET_VALUE	
00000407	0.05277690	[3116]  | KEY_CREATE_SUB_KEY	
00000408	0.05282070	[3116]  | KEY_ENUMERATE_SUB_KEYS	
00000409	0.05286390	[3116] )	
00000410	0.05290620	[3116] 	
00000411	0.05295050	[3116]  Class=	
00000412	0.05299310	[3116] 	
00000413	0.05303800	[3116]  Options=00000001	
00000414	0.05308050	[3116]  (	
00000415	0.05312410	[3116] REG_OPTION_VOLATILE	
00000416	0.05316720	[3116] )	
00000417	0.05321030	[3116] 	
00000418	0.05325360	[3116]  Result=Failure	
00000419	0.05331140	[3116]  Status=C0000022 (Access Denied)	
00000420	0.05336670	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000421	0.05354460	[3116] NtQueryValueKey:	
00000422	0.05359220	[3116]  Value Name=	
00000423	0.05363750	[3116] MaxRpcSize	
00000424	0.05368100	[3116] 	
00000425	0.05372610	[3116]  Result=Expected Failure	
00000426	0.05378940	[3116]  Status=C0000034 (Object Name not found)	
00000427	0.05384350	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000428	0.05396070	[3116] NtOpenKey:	
00000429	0.05400910	[3116]  Path=	
00000430	0.05405710	[3116] \Registry\Machine\System\CurrentControlSet\Services\CCG	
00000431	0.05410080	[3116] 	
00000432	0.05414810	[3116]  Object Attributes=00000040	
00000433	0.05419190	[3116]  (	
00000434	0.05423590	[3116] OBJ_CASE_INSENSITIVE	
00000435	0.05427940	[3116] )	
00000436	0.05432320	[3116] 	
00000437	0.05436910	[3116]  Access=00020019	
00000438	0.05441410	[3116]  (	
00000439	0.05445980	[3116] KEY_QUERY_VALUE	
00000440	0.05450480	[3116]  | KEY_ENUMERATE_SUB_KEYS	
00000441	0.05454860	[3116]  | KEY_NOTIFY	
00000442	0.05459310	[3116]  | READ_CONTROL	
00000443	0.05463680	[3116] )	
00000444	0.05467960	[3116] 	
00000445	0.05472390	[3116]  Result=Expected Failure	
00000446	0.05478090	[3116]  Status=C0000034 (Object Name not found)	
00000447	0.05483800	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000448	0.05493700	[3116] NtOpenKey:	
00000449	0.05499280	[3116]  Path=	
00000450	0.05503250	[3116] \Registry\Machine\System\CurrentControlSet\Services\CCG	
00000451	0.05507630	[3116] 	
00000452	0.05512300	[3116]  Object Attributes=00000040	
00000453	0.05516620	[3116]  (	
00000454	0.05521060	[3116] OBJ_CASE_INSENSITIVE	
00000455	0.05525450	[3116] )	
00000456	0.05529690	[3116] 	
00000457	0.05534470	[3116]  Access=00020019	
00000458	0.05538810	[3116]  (	
00000459	0.05543210	[3116] KEY_QUERY_VALUE	
00000460	0.05547590	[3116]  | KEY_ENUMERATE_SUB_KEYS	
00000461	0.05552330	[3116]  | KEY_NOTIFY	
00000462	0.05556750	[3116]  | READ_CONTROL	
00000463	0.05561570	[3116] )	
00000464	0.05565820	[3116] 	
00000465	0.05570280	[3116]  Result=Expected Failure	
00000466	0.05576020	[3116]  Status=C0000034 (Object Name not found)	
00000467	0.05581610	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000468	0.05599950	[3116] NtOpenKey:	
00000469	0.05607140	[3116]  Path=	
00000470	0.05611800	[3116] PsfLauncher2.exe	
00000471	0.05616120	[3116] 	
00000472	0.05620870	[3116]  Root=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options	
00000473	0.05625520	[3116]  Object Attributes=00000240	
00000474	0.05629840	[3116]  (	
00000475	0.05634340	[3116] OBJ_CASE_INSENSITIVE	
00000476	0.05638720	[3116]  | OBJ_KERNEL_HANDLE	
00000477	0.05643020	[3116] )	
00000478	0.05647330	[3116] 	
00000479	0.05652100	[3116]  Access=00000009	
00000480	0.05656370	[3116]  (	
00000481	0.05660830	[3116] KEY_QUERY_VALUE	
00000482	0.05665230	[3116]  | KEY_ENUMERATE_SUB_KEYS	
00000483	0.05669650	[3116] )	
00000484	0.05674060	[3116] 	
00000485	0.05678690	[3116]  Result=Expected Failure	
00000486	0.05684340	[3116]  Status=C0000034 (Object Name not found)	
00000487	0.05689980	[3116]  Calling Module=C:\Windows\SYSTEM32\ntdll.dll	
00000488	0.05707230	[3116] NtOpenKey:	
00000489	0.05714440	[3116]  Path=	
00000490	0.05719340	[3116] Software\Policies\Microsoft\Windows NT\Rpc	
00000491	0.05723570	[3116] 	
00000492	0.05728180	[3116]  Root=\REGISTRY\MACHINE	
00000493	0.05732910	[3116]  Object Attributes=00000040	
00000494	0.05737290	[3116]  (	
00000495	0.05741710	[3116] OBJ_CASE_INSENSITIVE	
00000496	0.05746030	[3116] )	
00000497	0.05750310	[3116] 	
00000498	0.05755050	[3116]  Access=00020019	
00000499	0.05759400	[3116]  (	
00000500	0.05763780	[3116] KEY_QUERY_VALUE	
00000501	0.05768420	[3116]  | KEY_ENUMERATE_SUB_KEYS	
00000502	0.05772930	[3116]  | KEY_NOTIFY	
00000503	0.05777430	[3116]  | READ_CONTROL	
00000504	0.05781760	[3116] )	
00000505	0.05786060	[3116] 	
00000506	0.05790590	[3116]  Options=00000000	
00000507	0.05795040	[3116]  (REG_OPTION_NON_VOLATILE)	
00000508	0.05799300	[3116] 	
00000509	0.05803730	[3116]  Result=Expected Failure	
00000510	0.05809450	[3116]  Status=C0000034 (Object Name not found)	
00000511	0.05815210	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000512	0.05831390	[3116] NtQueryValueKey:	
00000513	0.05836130	[3116]  Value Name=	
00000514	0.05840690	[3116] IdleTimerWindow	
00000515	0.05844970	[3116] 	
00000516	0.05849460	[3116]  Result=Expected Failure	
00000517	0.05855180	[3116]  Status=C0000034 (Object Name not found)	
00000518	0.05860820	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000519	0.05949630	[3116] NtOpenKey:	
00000520	0.05957360	[3116]  Path=	
00000521	0.05962350	[3116] SOFTWARE\Microsoft\SecurityManager\CapAuthz	
00000522	0.05966760	[3116] 	
00000523	0.05971330	[3116]  Root=\REGISTRY\MACHINE	
00000524	0.05976110	[3116]  Object Attributes=00000040	
00000525	0.05980500	[3116]  (	
00000526	0.05984930	[3116] OBJ_CASE_INSENSITIVE	
00000527	0.05990190	[3116] )	
00000528	0.05994540	[3116] 	
00000529	0.05999430	[3116]  Access=00060009	
00000530	0.06003900	[3116]  (	
00000531	0.06008340	[3116] KEY_QUERY_VALUE	
00000532	0.06012750	[3116]  | KEY_ENUMERATE_SUB_KEYS	
00000533	0.06017230	[3116]  | READ_CONTROL	
00000534	0.06021590	[3116]  | WRITE_DAC	
00000535	0.06026160	[3116] )	
00000536	0.06030200	[3116] 	
00000537	0.06034810	[3116]  Options=00000000	
00000538	0.06039490	[3116]  (REG_OPTION_NON_VOLATILE)	
00000539	0.06043790	[3116] 	
00000540	0.06048220	[3116]  Result=Failure	
00000541	0.06054220	[3116]  Status=C0000022 (Access Denied)	
00000542	0.06059980	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000543	0.06072080	[3116] NtOpenKey:	
00000544	0.06079280	[3116]  Path=	
00000545	0.06084030	[3116] SOFTWARE\Microsoft\SecurityManager\CapAuthz	
00000546	0.06088390	[3116] 	
00000547	0.06093040	[3116]  Root=\REGISTRY\MACHINE	
00000548	0.06097740	[3116]  Object Attributes=00000040	
00000549	0.06102040	[3116]  (	
00000550	0.06106500	[3116] OBJ_CASE_INSENSITIVE	
00000551	0.06110800	[3116] )	
00000552	0.06115100	[3116] 	
00000553	0.06119780	[3116]  Access=00060000	
00000554	0.06124150	[3116]  (	
00000555	0.06128610	[3116] READ_CONTROL	
00000556	0.06133140	[3116]  | WRITE_DAC	
00000557	0.06137480	[3116] )	
00000558	0.06141790	[3116] 	
00000559	0.06146270	[3116]  Options=00000000	
00000560	0.06150760	[3116]  (REG_OPTION_NON_VOLATILE)	
00000561	0.06155040	[3116] 	
00000562	0.06159480	[3116]  Result=Failure	
00000563	0.06165240	[3116]  Status=C0000022 (Access Denied)	
00000564	0.06170860	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000565	0.06188930	[3116] NtOpenKey:	
00000566	0.06196790	[3116]  Path=	
00000567	0.06201580	[3116] Software\Microsoft\SecurityManager\CapAuthz\HasRepaired	
00000568	0.06205920	[3116] 	
00000569	0.06210440	[3116]  Root=\REGISTRY\MACHINE	
00000570	0.06215100	[3116]  Object Attributes=00000040	
00000571	0.06219410	[3116]  (	
00000572	0.06223790	[3116] OBJ_CASE_INSENSITIVE	
00000573	0.06228130	[3116] )	
00000574	0.06232630	[3116] 	
00000575	0.06237470	[3116]  Access=00010000	
00000576	0.06241900	[3116]  (	
00000577	0.06246340	[3116] DELETE	
00000578	0.06250700	[3116] )	
00000579	0.06254990	[3116] 	
00000580	0.06259370	[3116]  Result=Failure	
00000581	0.06265210	[3116]  Status=C0000022 (Access Denied)	
00000582	0.06270890	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000583	0.06301840	[3116] NtOpenKey:	
00000584	0.06309570	[3116]  Path=	
00000585	0.06314370	[3116] Software\Microsoft\SecurityManager\CapDBRedirect	
00000586	0.06318760	[3116] 	
00000587	0.06323380	[3116]  Root=\REGISTRY\MACHINE	
00000588	0.06328090	[3116]  Object Attributes=00000040	
00000589	0.06332460	[3116]  (	
00000590	0.06336990	[3116] OBJ_CASE_INSENSITIVE	
00000591	0.06341260	[3116] )	
00000592	0.06345650	[3116] 	
00000593	0.06350370	[3116]  Access=00020019	
00000594	0.06354780	[3116]  (	
00000595	0.06359180	[3116] KEY_QUERY_VALUE	
00000596	0.06363600	[3116]  | KEY_ENUMERATE_SUB_KEYS	
00000597	0.06368030	[3116]  | KEY_NOTIFY	
00000598	0.06372490	[3116]  | READ_CONTROL	
00000599	0.06376830	[3116] )	
00000600	0.06381120	[3116] 	
00000601	0.06385770	[3116]  Options=00000000	
00000602	0.06390300	[3116]  (REG_OPTION_NON_VOLATILE)	
00000603	0.06394640	[3116] 	
00000604	0.06399090	[3116]  Result=Expected Failure	
00000605	0.06404870	[3116]  Status=C0000034 (Object Name not found)	
00000606	0.06410510	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000607	0.06425590	[3116] NtQueryValueKey:	
00000608	0.06430350	[3116]  Value Name=	
00000609	0.06434890	[3116] AppPackageType	
00000610	0.06439340	[3116] 	
00000611	0.06443800	[3116]  Result=Expected Failure	
00000612	0.06449630	[3116]  Status=80000005 (Buffer Overflow)	
00000613	0.06454320	[3116]  Required Length=16	
00000614	0.06459990	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000615	0.06467450	[3116] NtQueryValueKey:	
00000616	0.06472000	[3116]  Value Name=	
00000617	0.06476460	[3116] PackageSid	
00000618	0.06480780	[3116] 	
00000619	0.06485320	[3116]  Result=Expected Failure	
00000620	0.06498810	[3116]  Status=80000005 (Buffer Overflow)	
00000621	0.06507240	[3116]  Required Length=182	
00000622	0.06510120	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000623	0.06519040	[3116] NtQueryValueKey:	
00000624	0.06523700	[3116]  Value Name=	
00000625	0.06528130	[3116] PackageSid	
00000626	0.06532440	[3116] 	
00000627	0.06536910	[3116]  Result=Expected Failure	
00000628	0.06542860	[3116]  Status=80000005 (Buffer Overflow)	
00000629	0.06547510	[3116]  Required Length=182	
00000630	0.06553480	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000631	0.06561180	[3116] NtQueryValueKey:	
00000632	0.06565700	[3116]  Value Name=	
00000633	0.06570160	[3116] CapSids	
00000634	0.06574490	[3116] 	
00000635	0.06578880	[3116]  Result=Expected Failure	
00000636	0.06584570	[3116]  Status=80000005 (Buffer Overflow)	
00000637	0.06589290	[3116]  Required Length=192	
00000638	0.06594850	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000639	0.06601250	[3116] NtQueryValueKey:	
00000640	0.06605790	[3116]  Value Name=	
00000641	0.06610190	[3116] CapSids	
00000642	0.06614460	[3116] 	
00000643	0.06618860	[3116]  Result=Expected Failure	
00000644	0.06624460	[3116]  Status=80000005 (Buffer Overflow)	
00000645	0.06629060	[3116]  Required Length=192	
00000646	0.06634650	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000647	0.06642620	[3116] NtQueryValueKey:	
00000648	0.06647230	[3116]  Value Name=	
00000649	0.06651700	[3116] DeviceCapSids	
00000650	0.06656030	[3116] 	
00000651	0.06660460	[3116]  Result=Expected Failure	
00000652	0.06666220	[3116]  Status=C0000034 (Object Name not found)	
00000653	0.06671760	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000654	0.06678210	[3116] NtQueryValueKey:	
00000655	0.06682770	[3116]  Value Name=	
00000656	0.06687240	[3116] CustomCapSids	
00000657	0.06691530	[3116] 	
00000658	0.06695920	[3116]  Result=Expected Failure	
00000659	0.06701740	[3116]  Status=C0000034 (Object Name not found)	
00000660	0.06707270	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000661	0.06713690	[3116] NtQueryValueKey:	
00000662	0.06718260	[3116]  Value Name=	
00000663	0.06722790	[3116] ApplicationFlags	
00000664	0.06727170	[3116] 	
00000665	0.06731560	[3116]  Result=Expected Failure	
00000666	0.06737130	[3116]  Status=80000005 (Buffer Overflow)	
00000667	0.06741720	[3116]  Required Length=16	
00000668	0.06747210	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000669	0.06764080	[3116] NtOpenKey:	
00000670	0.06771570	[3116]  Path=	
00000671	0.06776570	[3116] Software\Microsoft\Windows\CurrentVersion\AppModel\StateChange\PackageList\test_1.0.23.0_x64__fg0t8wag126gc	
00000672	0.06780990	[3116] 	
00000673	0.06785640	[3116]  Root=\REGISTRY\MACHINE	
00000674	0.06790330	[3116]  Object Attributes=00000040	
00000675	0.06794680	[3116]  (	
00000676	0.06799060	[3116] OBJ_CASE_INSENSITIVE	
00000677	0.06803350	[3116] )	
00000678	0.06807670	[3116] 	
00000679	0.06812350	[3116]  Access=00020119	
00000680	0.06816680	[3116]  (	
00000681	0.06821080	[3116] KEY_QUERY_VALUE	
00000682	0.06825650	[3116]  | KEY_ENUMERATE_SUB_KEYS	
00000683	0.06830000	[3116]  | KEY_NOTIFY	
00000684	0.06834440	[3116]  | READ_CONTROL	
00000685	0.06838760	[3116] )	
00000686	0.06843060	[3116] 	
00000687	0.06847570	[3116]  Options=00000000	
00000688	0.06852080	[3116]  (REG_OPTION_NON_VOLATILE)	
00000689	0.06856590	[3116] 	
00000690	0.06860820	[3116]  Result=Expected Failure	
00000691	0.06866630	[3116]  Status=C0000034 (Object Name not found)	
00000692	0.06872240	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000693	0.06886050	[3116] NtQueryValueKey:	
00000694	0.06890740	[3116]  Value Name=	
00000695	0.06895270	[3116] PackageRepositoryRoot	
00000696	0.06899560	[3116] 	
00000697	0.06904070	[3116]  Result=Expected Failure	
00000698	0.06909780	[3116]  Status=80000005 (Buffer Overflow)	
00000699	0.06914480	[3116]  Required Length=106	
00000700	0.06920240	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000701	0.06931720	[3116] NtQueryValueKey:	
00000702	0.06936660	[3116]  Value Name=	
00000703	0.06941230	[3116] PackageRepositoryRoot	
00000704	0.06945550	[3116] 	
00000705	0.06950000	[3116]  Result=Expected Failure	
00000706	0.06955680	[3116]  Status=80000005 (Buffer Overflow)	
00000707	0.06960270	[3116]  Required Length=106	
00000708	0.06965830	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000709	0.07010510	[3116] NtOpenKey:	
00000710	0.07017160	[3116]  Path=	
00000711	0.07022970	[3116] cmd.exe	
00000712	0.07026020	[3116] 	
00000713	0.07031820	[3116]  Root=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options	
00000714	0.07035990	[3116]  Object Attributes=00000240	
00000715	0.07040180	[3116]  (	
00000716	0.07044500	[3116] OBJ_CASE_INSENSITIVE	
00000717	0.07048830	[3116]  | OBJ_KERNEL_HANDLE	
00000718	0.07053100	[3116] )	
00000719	0.07057290	[3116] 	
00000720	0.07061920	[3116]  Access=00000009	
00000721	0.07066270	[3116]  (	
00000722	0.07071130	[3116] KEY_QUERY_VALUE	
00000723	0.07074930	[3116]  | KEY_ENUMERATE_SUB_KEYS	
00000724	0.07079300	[3116] )	
00000725	0.07083460	[3116] 	
00000726	0.07088310	[3116]  Result=Expected Failure	
00000727	0.07094030	[3116]  Status=C0000034 (Object Name not found)	
00000728	0.07099630	[3116]  Calling Module=C:\Windows\SYSTEM32\ntdll.dll	
00000729	0.07108200	[3116] NtOpenKey:	
00000730	0.07112970	[3116]  Path=	
00000731	0.07117560	[3116] \Registry\Machine\Software\Microsoft\Wow64\x86\xtajit	
00000732	0.07121860	[3116] 	
00000733	0.07126430	[3116]  Object Attributes=00000640	
00000734	0.07130760	[3116]  (	
00000735	0.07135290	[3116] OBJ_CASE_INSENSITIVE	
00000736	0.07139770	[3116]  | OBJ_KERNEL_HANDLE	
00000737	0.07144130	[3116]  | OBJ_FORCE_ACCESS_CHECK	
00000738	0.07148440	[3116] )	
00000739	0.07152710	[3116] 	
00000740	0.07157360	[3116]  Access=00000101	
00000741	0.07161640	[3116]  (	
00000742	0.07166070	[3116] KEY_QUERY_VALUE	
00000743	0.07170400	[3116] )	
00000744	0.07174760	[3116] 	
00000745	0.07179180	[3116]  Result=Expected Failure	
00000746	0.07184850	[3116]  Status=C0000034 (Object Name not found)	
00000747	0.07190470	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000748	0.09038900	[3116] NtOpenKey:	
00000749	0.09046750	[3116]  Path=	
00000750	0.09053490	[3116] \Registry\MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls	
00000751	0.09059430	[3116] 	
00000752	0.09065670	[3116]  Object Attributes=00000040	
00000753	0.09071520	[3116]  (	
00000754	0.09077350	[3116] OBJ_CASE_INSENSITIVE	
00000755	0.09082990	[3116] )	
00000756	0.09088600	[3116] 	
00000757	0.09094980	[3116]  Access=00000001	
00000758	0.09100690	[3116]  (	
00000759	0.09106410	[3116] KEY_QUERY_VALUE	
00000760	0.09112200	[3116] )	
00000761	0.09117820	[3116] 	
00000762	0.09123630	[3116]  Result=Expected Failure	
00000763	0.09131000	[3116]  Status=C0000034 (Object Name not found)	
00000764	0.09138100	[3116]  Calling Module=C:\Windows\System32\KERNEL32.DLL	
00000765	0.09149520	[3116] NtOpenKey:	
00000766	0.09155750	[3116]  Path=	
00000767	0.09161800	[3116] \Registry\MACHINE\System\CurrentControlSet\Control\SafeBoot\Option	
00000768	0.09167430	[3116] 	
00000769	0.09173420	[3116]  Object Attributes=00000040	
00000770	0.09179100	[3116]  (	
00000771	0.09184800	[3116] OBJ_CASE_INSENSITIVE	
00000772	0.09190480	[3116] )	
00000773	0.09196080	[3116] 	
00000774	0.09202160	[3116]  Access=00000003	
00000775	0.09207850	[3116]  (	
00000776	0.09213580	[3116] KEY_QUERY_VALUE	
00000777	0.09219610	[3116]  | KEY_SET_VALUE	
00000778	0.09226830	[3116] )	
00000779	0.09230030	[3116] 	
00000780	0.09236820	[3116]  Result=Expected Failure	
00000781	0.09242290	[3116]  Status=C0000034 (Object Name not found)	
00000782	0.09247960	[3116]  Calling Module=C:\Windows\System32\KERNEL32.DLL	
00000783	0.09260190	[3116] NtQueryValueKey:	
00000784	0.09264830	[3116]  Value Name=	
00000785	0.09269320	[3116] TransparentEnabled	
00000786	0.09273590	[3116] 	
00000787	0.09278030	[3116]  Result=Expected Failure	
00000788	0.09283590	[3116]  Status=C0000034 (Object Name not found)	
00000789	0.09289130	[3116]  Calling Module=C:\Windows\System32\KERNEL32.DLL	
00000790	0.09299190	[3116] NtOpenKey:	
00000791	0.09303840	[3116]  Path=	
00000792	0.09308710	[3116] \REGISTRY\USER\S-1-5-21-2396449878-2845259392-2342097501-10863\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers	
00000793	0.09312960	[3116] 	
00000794	0.09317640	[3116]  Object Attributes=00000040	
00000795	0.09322040	[3116]  (	
00000796	0.09326790	[3116] OBJ_CASE_INSENSITIVE	
00000797	0.09331190	[3116] )	
00000798	0.09335910	[3116] 	
00000799	0.09340460	[3116]  Access=00000001	
00000800	0.09344790	[3116]  (	
00000801	0.09349170	[3116] KEY_QUERY_VALUE	
00000802	0.09353540	[3116] )	
00000803	0.09357800	[3116] 	
00000804	0.09362220	[3116]  Result=Expected Failure	
00000805	0.09367940	[3116]  Status=C0000034 (Object Name not found)	
00000806	0.09373550	[3116]  Calling Module=C:\Windows\System32\KERNEL32.DLL	
00000807	0.09446210	[3116] NtQueryValueKey:	
00000808	0.09450920	[3116]  Value Name=	
00000809	0.09455710	[3116] PackageRepositoryRoot	
00000810	0.09460180	[3116] 	
00000811	0.09464700	[3116]  Result=Expected Failure	
00000812	0.09470650	[3116]  Status=80000005 (Buffer Overflow)	
00000813	0.09475310	[3116]  Required Length=106	
00000814	0.09481040	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000815	0.09494300	[3116] NtQueryValueKey:	
00000816	0.09499060	[3116]  Value Name=	
00000817	0.09503690	[3116] PackageRepositoryRoot	
00000818	0.09508010	[3116] 	
00000819	0.09512490	[3116]  Result=Expected Failure	
00000820	0.09518300	[3116]  Status=80000005 (Buffer Overflow)	
00000821	0.09522930	[3116]  Required Length=106	
00000822	0.09528450	[3116]  Calling Module=C:\Windows\System32\KERNELBASE.dll	
00000823	0.09564110	[3116] NtQueryValueKey:	
00000824	0.09569150	[3116]  Value Name=	
00000825	0.09573740	[3116] PreferExternalManifest	
00000826	0.09578030	[3116] 	
00000827	0.09582500	[3116]  Result=Expected Failure	
00000828	0.09588420	[3116]  Status=C0000034 (Object Name not found)	
00000829	0.09594130	[3116]  Calling Module=C:\Windows\System32\KERNEL32.DLL	
00000830	0.09645590	[3116]  Possible injection to process C:\Windows\SysWOW64\cmd.exe 9864.	
00000831	5.21323824	[3116] Process Launch Ready to run any end scripts.	
00000832	5.21331358	[3116]  EndingScript commandString=	
00000833	5.21336651	[3116]  EndingScript currentDirectory=	
00000834	5.21341705	[3116] Process Launch complete.	

Maybe above makes sense to you and could point me to the mistake i made or the fix that is required.

Thanks.

I am teaching a class, so I don't have time to look into this in detail right now, but quickly I see the following:
1 - The Trace fixup is not compatible with the other fixups, It should be removed.
2 - The executable parameter of the application is incorrect (Applications 1 and 2). Since the file is not native and is part of your package, that reference should be a relative one; a form similar to how you specified the working directory.

3 - On an x64 system, the cmd.exe will be a 64-bit process, so the 64bit versions of dlls would be needed.  32bit dlls were attempted because the reference to the cmd was no good.

@TIMOTHY MANGAN I made the modifications but still it does not work. Maybe it is related to my Windows 10 version 20H2. Or should support for envVar be available in there as well?

 

1. I did remove the TraceFixup but that does not make any difference. So I enabled it since I like the feature of seeing what is going on during the test.

2. I change the path to a relative one. Makes no difference :(

3. I forced the 64 bit versions of all DLLs and see in the debugview that those 64bit versions are loaded succesfull now.

 

Additionally from PowerShell I also tried: $env:APPHOME and  [System.Environment]::GetEnvironmentVariable('APPHOME'). Both did not work.

 

Happy continuing teaching the class. Hope to see you in November in Culemborg in The Netherlands.