In my previous post I have provided a list of ‘new’ protocols I noticed in the latest Windows 11 build.

One that immediately caught my attention was “ms-notepad://”. You can use it to launch Notepad via “ms-notepad://<filename>” links and it also accepts command line switches.

So…

One could launch:

ms-notepad://foobar.txt

and that would make Notepad attempt to open one of these:

• C:\Users\<user>\ms-notepad:\foobar.txt\
• C:\Users\<user>\ms-notepad:\foobar.txt.txt

or

ms-notepad://..\..\..\foobar.txt

to open:

• C:\foobar.txt
• C:\foobar.txt.txt

If you embed a link pointing to the above foobar.txt file in a HTML file and open in f.ex. Microsoft Edge, and then click the link, you will see Notepad trying to open the following files:

• C:\Users\<user>\ms-notepad:..%5C..%5C..%5Cfoobar.txt\
• C:\Users\<user>\ms-notepad:..%5C..%5C..%5Cfoobar.txt.txt

It looks like the protocol handler is not doing very well with this unexpected input.

Additionally, new Notepad.exe accepts a /TESTING:>argument> command line argument. I don’t fully understand how the program processes this argument, but I noticed it has to be provided in a Base64 form.

So:

file://..\..\..\test\foobar.txt   

can be converted to a Base64 blob:

ZmlsZTovLy4uXC4uXC4uXHRlc3RcZm9vYmFyLnR4dCAgICA=

One can then launch Notepad with a TESTING argument from a command line or via a protocol handler:

notepad /TESTING:ZmlsZTovLy4uXC4uXC4uXHRlc3RcZm9vYmFyLnR4dCAgICA=
ms-notepad:// /TESTING:ZmlsZTovLy4uXC4uXC4uXHRlc3RcZm9vYmFyLnR4dCAgICA=

In both cases the Notepad will try to open:

C:\test\foobar.txt

And while nothing substantial comes out of this quick ‘research’, I find it pretty interesting that so many new URL-like protocols are still being introduced in new Windows builds.