Check out the Image File Execution Options hive. Junfeng writes a bit more about how normal people might use this - I'm going to tell you how to have fun with it.

Connect to a coworker's machine and add a few keys.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe]
"Debugger"="calc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe]
"Debugger"="word.exe"

Next time they try to open up notepad, they will be presented with the calculator. Want to browse the web? Write some documents instead.

Eventually, they may figure out how this works and try to fix it themselves. You can make this a bit harder for them by changing regedit as well.

[KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe]
"Debugger"="cmd.exe"

Another personal favorite is locking their machine...

C:\WINNT\system32\rundll32.exe user32.dll LockWorkStation

If they're a particularly bad programmer, simply put the above command in a .cmd file and set it to run every time they run VS.NET.

[KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\devenv.exe]
"Debugger"="c:\lock.cmd"

Yes, we're trying to tell you something.


blog comments powered by Disqus