Programs - Replace System Program without Modifying System Files or Permissions

How to Replace a System Program without Modifying System Files or Permissions

information   Information
If you like to use replacements for system programs like notepad.exe or calc.exe then this is for you. This will show you how to use a popular replacement for notepad.exe or any other exe by using "Image File Execution Options" key in your registry.

You must have Administrator privileges to edit the registry key and these settings affect all users but this is very simple, does NOT involve taking over file permissions, does NOT involve replacement of any files, and is VERY easily reversible.

This works for Windows NT/2K/XP/Server 2K3/Vista/Server 2K8/Win7
warning   Warning
IMPORTANT NOTES:
1)
If you use this to replace example.exe, ANY program named example.exe located anywhere will execute the replacement instead of itself.
2) If you used 'App Paths' to point to a different executable, then it bypasses this method since windows doesn't try to run the original exe
3) On x64 systems, the key for 32-bit apps is
Code:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options


DESCRIPTION:
The 'Image File Execution Options' registry key is used by the NT family originally for debugging applications. Conveniently, we can use this method to run another command and pass the name of the executable to it instead. The problem is that you need some way to execute a command but skip one argument since most applications are not aware that one parameter is meaningless.
Here I show several examples of how to accomplish this.

DETAILS:
Under the registry key
Code:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
create a subkey with the name of the exe you want replaced.
Add a string value called Debugger.
Modify Debugger with the command you want run.

When any user tries to run any executable with the name of the subkey, Windows executes the Debugger command with path\name of the original exe and all command line parameters appended. (Did that make sense?)

TEST:
Create a subkey named 'notepad.exe'
Add the string value Debugger
Double click Debugger and enter
Code:
cmd /k echo
when you double click on c:\some.txt the command that is executed is
Code:
cmd /k echo "C:\windows\system32\notepad.exe" c:\some.txt

EXAMPLE PROGRAMS TO REPLACE:
1) notepad.exe
This may be the most widely replaced system file for 3rd party apps.
2) calc.exe
3) mspaint.exe
4) telnet.exe
5) regedit.exe
6) cmd.exe
The list just goes on and on...

HOW TO:
There are countless methods to accomplish this.
1) You could have a custom app which launches the replacement program and is designed to skip a certain command line argument (This requires programming by someone)
2) You could use a batch file to skip one argument. This is an ugly option since it opens a console window to run the batch file and depending on the program it runs, may not close until the replacement program finishes. (This requires you to put the arguments in a certain order and also limits you to 8 arguments)
3) You could modify the source of a program to skip the first argument passed
4) My preferred method is a vbscript because it runs hidden, can be edited easily, and is versatile. Below are two scripts that I wrote to demonstrate how to replace as many programs as you desire.

To use either one save the appropriate attachment or save the code below. (Open notepad, copy code below, paste into notepad, save with a .vbs extension. Make sure you change type to 'All Files' or notepad will save it with .vbs.txt)

UNINSTALL:
To revert to the original system program, simply delete the named key under 'Image File Execution Options' key


EXAMPLE 1: IFEO.vbs
Features:
Open source :p
Single script to handle all replacement commands
No extra windows
Option to have wscript.exe wait to terminate until the replacement program ends
Optionally specify folder to run command from
All relevant configuration is saved inside the script so this is more easily ported to another system.
Code:
'// DISCLAIMER
'// THIS COMES WITH NO WARRANTY, IMPLIED OR OTHERWISE. USE AT YOUR OWN RISK
'// IF YOU ARE NOT COMFORTABLE EDITING THE REGISTRY THEN DO NOT USE THIS SCRIPT
'//
'// NOTES:
'// This affects all users, the same key under HKCU did not work for me
'// This vbscript was written by selyb on 08-28-09
'// This txt looks no good with word wrap on :-P
'//
'// Save this text to your hdd as a text file named *.vbs e.g. "C:\IFEO.vbs" (some AV don't like vbs, get a different AV :-P  )
'//
'// USAGE
'// 1)
'// Navigate to registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
'//
'// 2)
'// Add new subkey with the name of the executable you want replaced (no path) e.g. notepad.exe
'//     This step is what tells windows to use the replacement exe, to undo simply delete the key you created
'//
'// 3)
'// Create new Sting Value called Debugger
'//
'// 4)
'// Modify value and enter wscript.exe "path to this vbs" e.g. wscript.exe "C:\IFEO.vbs"
'//
'// 5)
'// Under DEFINITIONS section below, create a new definition using an example as a template
'// If you add the registry entry and then try to execute it without creating a definition,
'//     this file will open automatically in notepad
'// The definitions below will do NOTHING without the corresponding subkey created in step 2


Option Explicit
Dim sCmd, sFol, x, bWait, W
Set W = CreateObject("WScript.Shell")
sCmd = Split(WScript.Arguments(0), "\")
x = LCase(sCmd(UBound(sCmd)))
bWait = False
Select Case x




'// DEFINITIONS

'// Map

'// This must be lower case and must be the exact same name of the subkey you created in the registry
' Case "notepad.exe"

'// This is the command to be executed, you can put command line parameters here too
'    sCmd = "replacement.exe"

'// This is the path you want the command executed from (may be omitted)
'    sFol = "C:\Program Files\Replacement"

'// If true, wscript.exe will not terminate until the replacement is closed (False if omitted)
'// I needed this true with notepad.exe because 7-zip would delete the file before the replacement would open it >:-/
'    bWait = True

'// example 1 (remove the single quot marks after you paste)
'Case "notepad.exe"
'sCmd = "replacement.exe /y /z"
'sFol = "C:\Program Files\Replacement"
'bWait = True

'// example 2 (If sCmd has a space in the name, you need triple quotes)
'Case "calc.exe"
'sCmd = """C:\Users\My Name\Downloads\newcalc.exe"""

'// example 3 (If sCmd has a space and you need additional command line params, it gets complicated)
'Case "taskmgr.exe"
'sCmd """C:\one folder\two folder\new app.exe"" /x /y /z"
'sFol """C:\windows\system32"

'// END OF DEFINITIONS




Case else
    W.Run "notepad.exe """ & WScript.ScriptFullName & """", 8, False
    WScript.Sleep(2000)
    WScript.Echo x & " not defined yet." & vbNewLine & "Please add definition for it."
    WScript.Quit
End Select

If LenB(sFol) Then W.CurrentDirectory = sFol
For x = 1 To WScript.Arguments.Count - 1
    sCmd = sCmd & " """ & WScript.Arguments(x) & """"
Next
W.Run sCmd, 1, bWait
WScript.Quit


EXAMPLE 2: Skip.vbs
Features:
Open source :p
Single script to handle all replacement commands
No extra windows
Option to have wscript.exe wait to terminate until the replacement program ends
Optionally specify folder to run command from
All configuration is saved in the registry so no script editing is not necessary.

Usage:
Create a key under 'Image File Execution Options' for the exe you want to replace.
Create a String Value called Debugger
The Debugger Value must contain each of these things in this exact order for this script.

wscript.exe must be called to run the script
Path to where this script is saved including the name of the script
Path to folder to run the program from (this is required, even if its only ".")
Path to replacement program including the name of the exe
True|False (should wscript.exe wait for the replacement program to finish before it exits

wscript.exe "Path to script" "Folder to run from" "replacement program" True|False

e.g.

wscript.exe "C:\some folder\skip.vbs" ".\" "myprogram.exe /arg1 /arg2 -arg3 arg4" False

or

wscript.exe "C:\skip.vbs" . replaced.exe True
Code:
'// DISCLAIMER
'// THIS COMES WITH NO WARRANTY, IMPLIED OR OTHERWISE. USE AT YOUR OWN RISK
'// IF YOU ARE NOT COMFORTABLE EDITING THE REGISTRY THEN DO NOT USE THIS SCRIPT
'//
'// NOTES:
'// This affects all users, the same key under HKCU did not work for me
'// This vbscript was written by selyb on 08-28-09
'// This txt looks no good with word wrap on :-P
'//
'// Save this text to your hdd as a text file named *.vbs e.g. "C:\IFEO.vbs" (some AV don't like vbs, get a different AV :-P  )

Option Explicit
Dim x, sFol, W, sCmd, bWait, sArg
Set W = CreateObject("WScript.Shell")
sFol = WScript.Arguments(0)
sCmd = Quot(WScript.Arguments(1))
bWait = CBool(WScript.Arguments(2))
If WScript.Arguments.Count > 4 Then
    For x = 4 To WScript.Arguments.Count - 1
        sCmd = sCmd & " " & Quot(WScript.Arguments(x))
    Next
End If
W.CurrentDirectory = sFol
W.Run sCmd, 1, bWait
WScript.Quit

Function Quot(str)
    If InStrB(str, " ") Then Quot = """" & str & """" Else Quot = str
End Function

EXAMPLE 3:
custom.vbs
Suppose you installed a program called "Example" to "C:\Program Files\Example\" and you want to replace notepad.exe with it.

You would take this code and save it to "C:\Program Files\Example\example.vbs"
Code:
Option Explicit

'// Declare variables
Dim x        ' old bad habit, I use this for general temporary variables
Dim W        ' This will be the WSHShell object
Dim sCmd    ' This will be the command to run

'// Create WSHShell object
Set W = CreateObject("WScript.Shell")

'// Set the working directory to the one this script resides in
'// If the target program doesn't care where it is run from then you don't need the following line
W.CurrentDirectory = LeftB(WScript.ScriptFullName, LenB(WScript.ScriptFullName) - LenB(WScript.ScriptName))

'// Set the target executable
sCmd = "example.exe"

'// Skip the first argument but grab all the rest
If WScript.Arguments.Count > 1 Then
    For x = 1 To WScript.Arguments.Count - 1
        '// If the argument contains a space then enclose it with ""
        If InStrB(WScript.Arguments(x), " ") Then
            sCmd = sCmd & " """ & WScript.Arguments(x) & """"
        Else
            sCmd = sCmd & " " & WScript.Arguments(x)
        End If
    Next
End If

'// Run the command
'// The number after the command determines how the window should be initially (google WSHShell.Run)
'// The boolean at the end determines whether this script should run the target then exit or wait until the target exits
W.Run sCmd, 1, False
You would then create a key under "HKLM\Software\Microsoft\Windows NT\Image File Execution Options\" called "notepad.exe"

Under this key you would create a String value called "Debugger" with this data
Code:
wscript.exe "C:\Program Files\Example\example.vbs"
As long as this string contains this data, any program called "notepad.exe" that is run on this computer by any user will execute "example.exe" instead.

CLOSING:
If anyone has any suggestions about any aspect of this tutorial, please don't hesitate to comment.

Thanks to the mod who made my tut prettier and fixed the main icon
 

Attachments

  • IFEO.vbs
    3.1 KB · Views: 226
  • skip.vbs
    1,004 bytes · Views: 232
  • thumb_File_System.png
    thumb_File_System.png
    12.4 KB · Views: 638
Last edited by a moderator:
Great tutorial!

The third script works so well, I reckon you should start your article with just that and the explicit steps for setting up the registry key (even a screen shot!). You can leave the explanations and alternatives for people who are happy they got it to work :)

One thing though - there is a tiny bug in the script. The line that ends
WScript.Arguments(x) & """"
has one too many quotes in that run of four :)
 

My Computer

Just switched to Win 7 upgrade. I sure liked Windows Mail in previous Vista 64 I had. I don't like Incredimail - way too much garbage to suit me and I don't like Windos Live Mail either. I still have my Vista Mail in another drive -- What do I have to do to copy that program and put it in Win 7 64?? Is this possible. I am a self-taught computer person and can follow directions to do this. I am sure there are otheres out there who'd like to do the same. Thanks for your help.
 

My Computer

System One

  • Keyboard
    MS Laser/Wireless 6000v3
Great tutorial!

The third script works so well, I reckon you should start your article with just that and the explicit steps for setting up the registry key (even a screen shot!). You can leave the explanations and alternatives for people who are happy they got it to work :)

One thing though - there is a tiny bug in the script. The line that ends
WScript.Arguments(x) & """"
has one too many quotes in that run of four :)
Thx for the feedback. It did contain a bug but it needed one more " before WScript.Arguments (fixed now). The third script is geared more toward someone who can understand some code, the first two scripts 'should' do everything for you, so for now I'll leave them as is, but thank you for the suggestion.

Just switched to Win 7 upgrade. I sure liked Windows Mail in previous Vista 64 I had. I don't like Incredimail - way too much garbage to suit me and I don't like Windos Live Mail either. I still have my Vista Mail in another drive -- What do I have to do to copy that program and put it in Win 7 64?? Is this possible. I am a self-taught computer person and can follow directions to do this. I am sure there are otheres out there who'd like to do the same. Thanks for your help.

What you want to do has nothing to do with this tut. This tutorial refers to running a alternate executable. You want to replace a new program (including folders, subfolders, registry entries, config files from user directories, etc) with an older one. I don't know how easy this would be but I would start by looking for an unofficial installer for the mail program you used to use. Good luck.
 

My Computer

Regards friends,

that solution work very well for files with simple names :D, but, don't work for files whith compounds name :cry:. This fail is because file name is sendding without quotation mark ("") , the script .vbs interprets the file name argument like many parameters for the script and not a unique argument (the filename File Compound Name.txt is interpreted like:mad:: arg(0)="File", arg(1)="Compound", arg(2)="Name" and arg(3)="txt". The correct way should be:party:: arg(0)="File Compound Name.txt" )

My questions is: There is some way to correct this fail in Windows Registry:confused:?

thanks for some answer.
 

My Computer

Back
Top