Notepad2 is a small, fast and elegant replacement for notepad. Besides from small functional improvements you could say that Microsoft has practically abandoned the built-in editor for Windows. Even though notepad2 is not actively updated any more it is already very good and completely free. In fact many would like to completely replace notepad with notepad2 so that whenever and wherever you type notepad.exe you'd get notepad2.exe.

The naive approach is to try to replace the file under the Windows installation directory, but this approach has flaws (what if new Service Pack comes?). On the other hand, you probably know of at least one cool application that is able to completely replace another built-in Windows counterpart - Process Explorer does that to taskmgr.exe.

Why not do the same to notepad? Let's see first what Process Explorer does - it pretends to be a debugger for taskmgr.exe. How do I know? By using another excellent SysInternals freeware that everyone should have on their machine called Autoruns. One of the categories of, well, intrusive behaviors that Autoruns detects is Image Hijacking. This is how this category looks on my machine at the moment:

This is no hack. Matt Pietrek has referenced the MSDN docs that go in more detail in this post. Things boil down to this - you can tell Windows (by a few simple registry entries) that whenever you start abc.exe you actually want your xzy.exe to start and debug abc.exe. This is nothing more than an interesting way to reroute execution of any EXE on the system, exactly what we need! There is only one thing - you can't point to notepad2.exe as a debugger for notepad - if you do that, notepad2 will be executed each time with notepad.exe as a parameter.

As almost any other problem this one is also solved by another level of indirection. What we give to Windows as debugger is a small app that will accept real path to notepad2 as it's first parameter, will ignore second parameter (that will be notepad.exe that we are supposed to “debug”, Windows passes it to us) and will pass third parameter (if found) to notepad2. The complete source code for this utility I called ImageHijack follows (note that you must compile it as /t:winexe to avoid console window showing up)

using System;
using System.Diagnostics;
namespace ImageHijack
{
  class Program
  {
    [STAThread]
    static void Main(string[] args)
    {
      bool hasDoc = args.GetLength(0) > 2;
      String procToStart = args[0];
      Process p = hasDoc ? 
        Process.Start(procToStart, String.Format("\"{0}\"", args[2]))
        : Process.Start(procToStart);
      p.WaitForExit();
    }
  }
}

Build this and put the exe somewhere in your path and then add the following to the registry (change notepad2 path to where you keep it, of course):

That's it! The ImageHijack.exe can be used to hijack even more apps if you want. If you ever forget which app is hijacked and which one is not, just run Autoruns and it'll tell you.

P.S. Yes, I am aware that this is also potentially attack vector for viruses and such.Like any other tool it can be used for good and evil.