+ Reply to Thread
Results 1 to 1 of 1

Thread: A better way to replace notepad or other system programs

  1. selyb
    selyb is offline MDL Novice selyb looks for the roller blind when shutting down windows
    Join Date
    Aug 2009
    Posts
    1
    Rep Power
    8

    uses registry key Image File Execution Options

    How to Replace a System Program without Modifying System Files or Permissions

    If you like to use replacements for system programs like notepad.exe or calc.exe then this is for you. This will show you how to use a popular replacement for notepad.exe or any other exe by using "Image File Execution Options" key in your registry.

    You must have Administrator privileges to edit the registry key and these settings affect all users but this is very simple, does NOT involve taking over file permissions, does NOT involve replacement of any files, and is VERY easily reversible.

    This works for Windows NT/2K/XP/Server 2K3/Vista/Server 2K8/Win7

    KNOWN ISSUES:
    1) If you use this to replace example.exe, ANY program named example.exe located anywhere will execute the replacement instead of itself.
    2) If you used 'App Paths' to point to a different executable, then it bypasses this method since windows doesn't try to run the original exe
    3) On x64 systems, the key for 32-bit apps is
    Code:
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

    DESCRIPTION:
    The 'Image File Execution Options' registry key is used by the NT family originally for debugging applications. Conveniently, we can use this method to run another command and pass the name of the executable to it instead. The problem is that you need some way to execute a command but skip one argument since most applications are not aware that one parameter is meaningless.
    Here I show several examples of how to accomplish this

    DETAILS:
    Under the registry key
    Code:
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
    create a subkey with the name of the exe you want replaced.
    Add a string value called Debugger.
    Modify Debugger with the command you want run.

    When any user tries to run any executable with the name of the subkey, Windows executes the Debugger command with path\name of the original exe and all command line parameters appended. (Did that make sense?)

    TEST:
    Create a subkey named 'notepad.exe'
    Add the string value Debugger
    Double click Debugger and enter
    Code:
    cmd /k echo
    when you double click on c:\some.txt the command that is executed is
    Code:
    cmd /k echo "C:\windows\system32\notepad.exe" c:\some.txt

    Full Tutorial and example scripts Here: http://www.vistax64.com/tutorials/24...rmissions.html
    Last edited by selyb; 08-31-2009 at 12:47 AM. Reason: Replace a System Program without Modifying System Files or Permissions
    Reply With Quote Reply With Quote  
+ Reply to Thread
« Previous Thread | Next Thread »

Similar Threads

  1. New AMI BIOS tool for performing SSV2/3 and Dynamic SLIC Modification
    By andyp in forum Bios Mods
    Replies: 1354
    Last Post: Today, 02:34 PM
  2. LENOVO (IBM) Bioses, especially Thinkpad. Previous requests
    By simkard in forum Bios Mods
    Replies: 675
    Last Post: 08-01-2009, 12:30 AM
  3. HELP! Flashed wrong bios?!
    By bokkoman in forum Windows Vista
    Replies: 8
    Last Post: 03-15-2008, 01:29 PM
  4. MUST READ !!! A Cost Analysis of Windows Vista Content Protection
    By WeAreNotAlone in forum Windows Vista
    Replies: 3
    Last Post: 09-05-2007, 05:02 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules