This is another quickie. Only noticed this one after posting the previous post (hint: look for .exe files that include ‘StartApplication’ in their strings).
\WINDOWS\ImmersiveControlPanel\SystemSettings.exe uses LoadLibrary to load SystemSettings.dll, so if you copy it to a different folder and drop your own SystemSettings.dll there you will be able to load it via a signed .exe once you execute SystemSettings.exe.
Opening System Settings is a very common operation – one that allows users manage their computer and its settings, troubleshoot and fix stuff, and update the windows as well.
So… it turns out that the program itself (C:\Windows\ImmersiveControlPanel\SystemSettings.exe) has a built-in support for debugging; when launched, it checks if the following value in Registry is set:
If the value is present, the program will enter a never-ending loop waiting for a debugger to be attached to the program.
For an average user the program will basically freeze:
For the more advanced users, this is an opportunity to attach the debugger 🙂