Remapping the Assist button on Sony Vaio Pro

Remapping all the way!

So, this is another trick I learned at TechEd ๐Ÿ™‚
Basically, a registry key can be created in “image file execution options” , that changes Windows behaviour, and instead of starting any executable, launching a debugger of choice and attaching the executable to that debugger…

This means, you can also set any executable to be run whenever a certain executable is started. I noticed when running cmd this way, the original executable will be the argument passed to the “debugger”-executable.

Simply open the registry, browse to following location, set a key with the EXACT name (case sensitive) of the executable you want to replace, create a new string value named “debugger” and as value the executable of the debugger (or exe you want to run)
To prevent the argument of reaching debugger-exe, add “/z” to the end of the value.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VAIOCare.exe]
“debugger”=”\”C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\” /z”

WP_20141115_12_32_42_Pro

So, now for my VAIO’s assist button…
The laptop originally comes withย  bunch of bloatware installed, and when I reinstalled the OS the button became useless… It can only start Sony software…
So you’re going to need some of the original Sony tools for this as well…

Anyway, after installing Sony Care and the Shared Drivers pack, things got working, and on a press of the button the process “VAIOCare.exe” was launched.
Threw some sysinternals tools in the game to get some details and find the exact executable that starts.
Also found some other regkeys, but that was a dead end.
Applied the trick above on VAIOCare.exe, and replaced it with firefox /z =)
(don’t exactly know what the “/z” stands for, but it kills the argument it seems…)

Capturea

CapturlkjeCapture

Security note on all this: you can create a replacement of every file executable on your system by design. This also means you can let every executable start on boot. This registry-key can contain traces of malware, “Autoruns”ย  from Sysinternals also checks for this as “Image hijacks”.
This way, you can also add “sethc.exe” with debugger options. sethc is the thing that will run when you hit shift 5 times in a row ๐Ÿ™‚
So now, when I hit shift 5 times, a powershell window pops up ๐Ÿ™‚

Bigger Security note: this also works before you login (localmachine regkeys), so when you hit 5 times shift at the logonscreen, a powershell window pops up running as .\system ๐Ÿ™‚
After that, the only limit, is your own imagination…

Advertenties

Geef een reactie

Vul je gegevens in of klik op een icoon om in te loggen.

WordPress.com logo

Je reageert onder je WordPress.com account. Log uit / Bijwerken )

Twitter-afbeelding

Je reageert onder je Twitter account. Log uit / Bijwerken )

Facebook foto

Je reageert onder je Facebook account. Log uit / Bijwerken )

Google+ photo

Je reageert onder je Google+ account. Log uit / Bijwerken )

Verbinden met %s

%d bloggers liken dit: