Windows – I want to intercept a given program before it runs and run my own program first

I’m going to work with Python 3, mainly interested in Windows for a start. If it makes a difference, then Windows 10 specifically.

Example of what I want to happen:

  1. User starts my script.
  2. User decides to blacklist the game Dota 2.
  3. User tries to open Dota 2.
  4. Because Dota 2 is on the blacklist, my script runs instead of Dota 2.
  5. After my script is done, Dota 2 either runs or doesn’t run, depending on what my script chooses. This will ultimately be controlled by User.
  6. User closes my script.
  7. User tries to open Dota 2.
  8. Dota 2 opens right away without interruptions.

The last three lines is to signify that there needs to be a way of turning it on and off, so not a permanent solution. My base assumption is that once I know how to do the first part, the second part will be easy. I still put it in there for clarification.

I really just want to know how to gain access to intercepting the programs.

Solution:

 

     

  1. User tries to open Dota 2.
  2.  

  3. Because Dota 2 is on the blacklist, my script runs instead of Dota 2.
  4.  

Windows’ Image File Execution Options lets you cause your program to be run whenever an executable of your choice is started.

Suppose we want to run C:My Foldernew app.exe whenever the user tries to start C:Windowsold app.exe.  To accomplish this, run the following command:

reg add "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsold app.exe" /v Debugger /d "C:My Foldernew app.exe" /f

Note: If a key named old app.exe doesn’t exist (likely), this command will create it.

This creates a new Registry key with the name of the program to be “hijacked” and creates a new string value named Debugger that has its data set to the path of the replacement executable.  This can be any executable file, including .CMD batch scripts.

The change takes effect immediately.  Now whenever an executable named old app.exe is run, Windows will start C:My Foldernew app.exe instead.

To return everything to normal, delete the old app.exe key:

reg delete "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsold app.exe" /f

Simply incorporate these commands into your script to accomplish your desired outcome.