Today I will be talking about spawning CMD.exe or any other programs when you launch a particular program using Image File Execution Options (IFEO)’s Debugger key. Click here to read more about IFEO. So for today’s example, we will be trying to launch CMD.exe during the startup of the sticky key program when spamming your shift key multiple times on Windows. Usually, when you spam your shift key, a sticky key window appears (see Figure 1a).
Figure 1a: Screenshot of Sticky Keys window
Let’s dive into it!
1. Firstly, you will have to press the start button and search for the Registry Editor (see Figure 2a).
Figure 2a: Search for registry editor
2. Go into it and press “Yes” when being prompted by the User Account Control (UAC).
3. Go to the IFEO location which is at:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
4. Click on the IFEO key and right-click it to display a list of options. Select create a new key (see Figure 2b). Create a new key with the name sethc.exe. This is the actual name of the sticky key program located in C:\Windows\System32\sethc.exe.
Figure 2b: To create a new key
5. Click on the blank page on the right side of the window. Make sure the sethc.exe key is selected first.
6. Create a new key called Debugger.
7. Right-click on the Debugger key, select the Modify option and set the value to the path of the shell, CMD.exe (see Figure 2c). The path should be:
Figure 2c: Add the path of cmd.exe to the Debugger key’s value
8. After setting the value, you may close the Registry Editor and spam your SHIFT key on your desktop. A sticky key window along with cmd.exe shall appear together (see Figure 2d).
Figure 2d: Spawning cmd.exe with the sticky key demonstration
9. Lastly, you can also do this in the login window (see Figure 2e). From there, you can access directories normally. This will be helpful for cases such as changing passwords if you have forgotten your password.
Figure 2e: Spawning cmd.exe from login window
As long as you create a key in IFEO with a legitimate program name, it will work. Whenever you launch a program, Windows OS will look at the IFEO for any keys with the same name as the program you are launching. Therefore, we can create a key for setch.exe despite it was not originally in the IFEO key and it still works.
I hope today’s post will be helpful to you. Do leave any comments below if there is any content you would like to see. You may also send me some tips if you like my work and want to see more of such content. Funds will mostly be used for my boba milk tea addiction. The link is here. 🙂