This article is about how you can redirect the applications calls in Windows, and this can be really useful if you want to debug the start up of an app that us launched by another processes .
Not only that, this is also a method how “malware” writers are trying to trick the end users. Let’s say you did download a “Cracked” Game from the “underground” web site, which has a little malware hidden which can be activated later, when a specific key process has been pressed. Like usually when we press the “Shift” key 5 times, Windows will launch the Sticky Key Options, your cracked game may replace the sticky key with the virus, and after pressing 5 times the shift key in your keyboard , instead of sticky key the virus can be activated.
This is a common method which is still used, believe or not !. In this article I am going to redirect NOTEPAD to CALCULATER ;)
1) Open Regedit and go to: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options"
2) Create a key with the name of the executable you want to redirect. ex: notepad.exe
- 3) Create a String value in the newly created key with any name and the value specifying the pathname of the executable (debugger) you want to launch instead.
- ex: String name: Calc String value: C:\Windows\System32\calc.exe
Now launch Notepad, ups I mean Calculator ;)