Noninvasive global software mocking with registry

RegEditI recently had to do something unusual for me.

The issue

In production-like environment, I had to “mock” a third party application called by mine. My application call the third party app just like as we do when we run something from command prompt with some arguments. The problem was a little bug in theses arguments, but I can’t update directly my application and had to find a workaround until I can. Also I would like at the same time to debug a bit what’s done by logging the passed arguments. So here’s the initial situation :

exereplace1

The solution

Here’s what I want to do to solve the problem :

exereplace2

Adding an intermediate application that my application will call and then forward the call to the third party app. A kind of software man-in-the-middle. But as I can’t modify my app I just can’t ask her to point to another place and the call target is not soft coded. I finally, after a day of search, found a solution, this good ol’ registry !

If you go to :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

You can create a registry key with the name of your app, in my case it’s ThirdPartyApplication.exe and then create a string value called Debugger with the name of the application to run instead. Each time we’ll call ThirdPartyApplication.exe, the mentioned application will be executed with the normal target as arguments. I can then call my third party app and patch the transmitted values until I can patch my application and remove the registry key.

Also it can be a good joke to do to some colleague you (don’t) like… Let’s say, replacing explorer.exe by mspaint… or making iexplore to call iexplore, resulting in a beautiful call loop… I’m sure you have enough imagination to do something a bit fun for 2 minutes the monday morning with that 😉 But never forget, the shorter jokes are the better…

Catch you next time and keep it bug free !

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s