How to remap exe to another exe file??? (Image Hijack)
Do you ever wonder how can you map one exe file to another exe file ?? For example, if you try to open calc.exe then it will open cmd.exe automatically.
You can easily do it by executing a simple batch program and can read the inline comments in the code to understand the code.
Image Hijack Code
@echo off Rem For any doubts please visit www.secsavvy.com. Rem Purpose: to remap a exe to another exe file. Rem It is used for commenting in Program. Rem Echo off means you dont want to display prompt like "C:". Rem to insert blank line Echo. Rem It displays the text on cmd. Echo Image Hijack Program Echo -------------------- Echo. Rem It will set the title of window. Title Image Hijack v 1.0 by Ayush (www.secsavvy.com) Echo. Echo 1. Remap a exe Echo 2. Delete previous entries Echo. Echo Enter your choice(1/2): Rem This command it set the variable "exename" to the value entered by user. Rem For more info type set /? in cmd SET /P option= Rem goto transfer the control of program to the spedifiled Label name if %option%==1 goto first Echo Enter full name of exe file(e.g calc.exe): SET /P exeName= Echo. Echo Deleting a registry entry.. Rem Deletes the registry key exename its all subkeys and values reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%exeName%" goto end :first Echo Enter full name of exe file(e.g calc.exe): SET /P exeName= Echo Enter full path of exe file which you want to replace with the previous exe (e.g "C:\Windows\System32\cmd.exe") Echo. Echo Enter the path with double quotes: SET /P newExeName= Rem So now we have stored the name and path of new exe file in the variable Rem Next step is to add the entry in registry Rem This is the command to add any entry in registry Rem In this case I have created new key with name of variable "exeName" Rem %variable-name% is used to access variable data reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%exeName%" Rem /v is used to add new value Debugger Rem /d is used to add data ot the value Rem For more info type Reg Add /? in cmd reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%exeName%" /v Debugger /d %newExeName% /f :end Echo You need to re-login for changes to take effect Echo. Echo Do you want to Log-off now? Echo Enter y for yes or n for no??? set /P choice= Rem %variable-name% is used to access variable data if %choice%==y ( Rem -l is switch to logoff your PC shutdown -l )else ( Rem It will exit from the program exit )
Demo for Image Hijack Code
I have shown you only one of the use of Image Hijack , you can use this Batch Program in many other ways. If you want to learn more about Batch programming then you can visit this link Learn batch programming … Hacker style. Free eBook
If you have any doubts feel free to comment.