What is the function of question marks in file system paths in Windows registry?

windows-registry windows-7

This is about the registry on a 64-bit Windows 7 Home Premium (my friend's computer). I was going to set the system to clear the pagefile at shutdown by setting the REG_DWORD value ClearPageFileAtShutdown in HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management to "1".

My question is however about the questions marks in the values ExistingPageFiles and PagingFiles in this registry location.

The question marks are shown in below image.

question marks used in registry values

The questions I wanted to ask are:

  1. Are the paths used in these values supposed to have questions marks in the beginning?
  2. What function do these question marks serve?

Double-question mark paths are NT Object Manager paths that can look up DOS-style devices like drive letters. The Object Manager is a system that organizes lots of different kinds of system resources (e.g. devices, memory sections, window stations, events) into one tree-like structure. You can explore that tree with the WinObj tool.

The \?? pseudo-directory first looks in the requesting process's DosDevices table, but if the process doesn't have a specific definition for the device (as the component responsible for the page file probably won't), lookup proceeds to the \GLOBAL?? Object Manager directory. Its contents can be seen in the GLOBAL?? section of WinObj. There are other subtrees, like Device. In fact, every single item in GLOBAL?? is a symbolic link - a shortcut or alias - to an object somewhere else. \GLOBAL??\C: is (on my system) a link to \Device\HarddiskVolume4, and the rest of the path shown in your screenshot is a path under the root of that volume. Each drive letter shows up there as a symbolic link to the volume it's on. You might find other kinds of devices that are familiar, like CON and NUL.

Note: You can't use this kind of path to access files or directories in most applications. Only certain low-level system components are designed to work with Object Manager paths.

That explains your screenshot's ExistingPageFiles, but not PagingFiles. PagingFiles contains your virtual memory settings with paths to paging files expressed as normal paths. If your system is set to manage all virtual memory settings by itself, that entry doesn't specify a drive letter (only a file name and path), so the ? is just a placeholder for whatever drive the page file does end up on.

In summary, yes, those question marks are supposed to be there.

Further reading: Inside NT's Object Manager, Object Manager (Windows), The Definitive Guide on Win32 to NT Path Conversion, Windows Internals Sixth Edition Part 1 page 174

Video: NT Object Manager at Microsoft's Channel 9

Related

How to get the Vista taskbar to span multiple monitors?
Upgrading laptop processor
Remove / hide the "All Apps" shortcut from the Start Menu --- or uninstall them totally
Can FFMPEG extract images from a video with timestamps?
Install Windows 7 without a DVD drive
Can I legally downgrade from Win 7 64 bits to Win 7 32 bits? [duplicate]
Change Windows 8 login from Live id to local account
Software to monitor a CPU usage and RAM usage of a process? [closed]
Change memory size units in Windows 10
How does precise GeoLocation in HTML5 work?
Change directory in batch file with PowerShell
Best method of transferring files over internet? [closed]