Using Image File Execution Options (IEFO) to invoke a debugger automatically

A handy tip for invoking a debugger (or anything else) in place of a normal executable at image load time is to set the following registry key:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\<image name>\Debugger = <other image name> (REG_SZ)

For example, to invoke WinDBG when the OS loads notepad.exe:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe\Debugger = "C:\Program Files\Debugging Tools for Windows (x86)\windbg.exe"

Very handy for short lived processes that are causing trouble, but you have no other means of attaching to them / etc!