How to remap exe to another exe file??? (Image Hijack)

Do you ever wonder how can you map one exe file to another exe  file ??  For example, if you try to open calc.exe then it will open cmd.exe automatically.
You can easily do it by executing a simple batch program and  can read the inline comments in the code to understand the code.



Image Hijack Code
?Download ImageHijack.bat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
@echo off
Rem For any doubts please visit www.secsavvy.com.
Rem Purpose: to remap a exe to another exe file.
Rem It is used for commenting in Program.
Rem Echo off means you dont want to display prompt like "C:".
 
Rem to insert blank line
Echo.
Rem It displays the text on cmd.
Echo Image Hijack Program
Echo --------------------
Echo.
 
Rem It will set the title of window.
Title Image Hijack v 1.0 by Ayush (www.secsavvy.com)
Echo.
 
Echo 1. Remap a exe
Echo 2. Delete previous entries
Echo.
 
Echo Enter your choice(1/2):
Rem This command it set the variable "exename" to the value entered by user.
Rem For more info type set /? in cmd
SET /P option=
 
Rem goto transfer the control of program to the spedifiled Label name
if %option%==1 goto first
 
Echo Enter full name of exe file(e.g calc.exe):
SET /P exeName=
Echo.
 
Echo Deleting a registry entry..
 
Rem  Deletes the registry key exename its all subkeys and values
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%exeName%"
goto end
 
:first
Echo Enter full name of exe file(e.g calc.exe):
SET /P exeName=
Echo Enter full path of exe file which you want to replace with the previous exe (e.g "C:\Windows\System32\cmd.exe")
Echo.
Echo Enter the path with double quotes:
SET /P newExeName=
 
Rem So now we have stored the name and path of new exe file in the variable
Rem Next step is to add the entry in registry
 
Rem This is the command to add any entry in registry
Rem In this case I have created new key with name of variable "exeName"
Rem %variable-name% is used to access variable data
reg add  "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%exeName%"
 
Rem  /v is used to add new value Debugger
Rem  /d is used to add data ot the value
Rem For more info type Reg Add /? in cmd
reg add  "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%exeName%" /v Debugger /d %newExeName% /f
 
:end
Echo You need to re-login for changes to take effect
Echo.
Echo Do you want to Log-off now?
Echo Enter y for yes or n for no???
set /P choice=
 
Rem %variable-name% is used to access variable data
if %choice%==y (
Rem -l is switch to logoff your PC
shutdown -l
)else (
Rem It will exit from the program
exit
)

Demo for Image Hijack Code


I have shown you only one of the use of Image Hijack , you can use this Batch Program in many other ways. If you want to learn more about Batch programming then you can visit this link  Learn batch programming … Hacker style. Free eBook
If you have any doubts feel free to comment.
Happy Hacking!!!

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)