Today I will be sharing with you how to prevent the application from running using IFEO’s debugger. For this tutorial, the application is still on the computer, however, users will not be able to execute it with the use of double click or execute via CMD.exe. For this article, we will be trying it out on the Firefox browser.
** Do note to only try this out in your own computer or virtual machine. Do not try it elsewhere unless you have permission to do so. **
Let’s dive into it!
1. Firstly, you will have to press the start button and search for the Registry Editor (see Figure 1a).
Figure 1a: Search for the registry editor
2. Go into it and press “Yes” when being prompted by the User Account Control (UAC).
3. Go to the IFEO location which is at:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
4. Click on the IFEO key and right-click it to display a list of options. Select create a new key (see Figure 1b). Create a new key with the name firefox.exe. This is the executable file for the Firefox browser.
Figure 1b: To create a new key
5. Click on the blank page on the right side of the window. Make sure the firefox.exe key is selected first.
6. Create a new key called Debugger.
7. Right-click on the Debugger key, select the Modify option and set the value to 0 (see Figure 1c).
Figure 1c: Add value 0 the Debugger key’s value
8. Alternatively, you can set the value data as the path to the same executable file you attempt to disable. This result will still be the same. Since we are using Firefox, the value should be the path to firefox.exe. The path should be:
C:\Program Files\Mozilla Firefox\firefox.exe
Figure 1d: Add the path of the application to disable the Debugger key’s value
9. After setting the value, you may close the Registry Editor and tries to run Firefox directly from your start menu (see Figure 1d). Despite spamming click it, nothing should happen. This means our demo is working.
Figure 1e: Attempt to run the Firefox browser from the start menu
10. We shall also attempt to run the Firefox browser directly from CMD.exe. We should be able to see unable to file Firefox feedback despite firefox.exe is in that folder (see Figure 1e).
Figure 1f: Unable to find file feedback
Since it would like to launch that application in a debugger specific by the value we set in the registry, having the value of 0 or the path to itself will prevent the application from working since there is no debugger to debug it (value 0) or it is unable to debug itself (value set to the path of itself).
I hope today’s post will be helpful to you. Do leave any comments below if there is any content you would like to see. You may also send me some tips if you like my work and want to see more of such content. Funds will mostly be used for my boba milk tea addiction. The link is here. 🙂