Remapping all the way!
So, this is another trick I learned at TechEd 🙂
Basically, a registry key can be created in “image file execution options” , that changes Windows behaviour, and instead of starting any executable, launching a debugger of choice and attaching the executable to that debugger…
This means, you can also set any executable to be run whenever a certain executable is started. I noticed when running cmd this way, the original executable will be the argument passed to the “debugger”-executable.
Simply open the registry, browse to following location, set a key with the EXACT name (case sensitive) of the executable you want to replace, create a new string value named “debugger” and as value the executable of the debugger (or exe you want to run)
To prevent the argument of reaching debugger-exe, add “/z” to the end of the value.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VAIOCare.exe]
“debugger”=”\”C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\” /z”
So, now for my VAIO’s assist button…
The laptop originally comes with bunch of bloatware installed, and when I reinstalled the OS the button became useless… It can only start Sony software…
So you’re going to need some of the original Sony tools for this as well…
Anyway, after installing Sony Care and the Shared Drivers pack, things got working, and on a press of the button the process “VAIOCare.exe” was launched.
Threw some sysinternals tools in the game to get some details and find the exact executable that starts.
Also found some other regkeys, but that was a dead end.
Applied the trick above on VAIOCare.exe, and replaced it with firefox /z =)
(don’t exactly know what the “/z” stands for, but it kills the argument it seems…)
Security note on all this: you can create a replacement of every file executable on your system by design. This also means you can let every executable start on boot. This registry-key can contain traces of malware, “Autoruns” from Sysinternals also checks for this as “Image hijacks”.
This way, you can also add “sethc.exe” with debugger options. sethc is the thing that will run when you hit shift 5 times in a row 🙂
So now, when I hit shift 5 times, a powershell window pops up 🙂
Bigger Security note: this also works before you login (localmachine regkeys), so when you hit 5 times shift at the logonscreen, a powershell window pops up running as .\system 🙂
After that, the only limit, is your own imagination…