I had an idea a while back and have been surprised not to find anyone else having the same. The quick summary:
Run a program in a "sandbox", similar to the Linux fakeroot tool, intercepting all accesses and changes to files, registry, etc., redirecting them to a different location.
It should be clear how this approach could make almost any application portable: simply run its installer in the sandbox, redirecting to your USB key.
There are bunches of other uses for this too, though: keep an easy archive of a clean, already set-up copy of an app; prevent two apps from possibly conflicting with each other; quickly sharing complex setups (e.g. to show the existance of a certain bug); easily moving infrequently-used apps off of the main disk... and finally, if locked down enough... run a questionable app (or web browser) in a sandbox where it couldn't mess with anything else. (chroot for Windows.)
So-- does this interest anybody? I have very little low-level programming experience on Windows, so I can't lead this project. (I may do it on Linux, since it's much easier there, though.) But if someone else does have the interest and know-how to make this possible, I could possibly help out; just let me know.
I've collected a few technical thoughts on how to do this below:
This is quite straightforward to implement on Linux, where we have LD_PRELOAD to be able to inject a dynamic library into almost any program. On Windows it's significantly more difficult. We have DLL_PRELOAD (http://fy.chalmers.se/~appro/nt/DLL_PRELOAD/), but that clearly requires admin privs and a reboot. The best alternative I can come up with is using the debugger interfaces to inject a library load right after the CreateProcess.
Then the question is: intercepting the Win32 API or the NT Native API? Patching the Native API allows more things to be caught, and might be easier because there are much fewer native API calls to worry about. But some things would be much more complex that way, like intercepting DDE or other stuff like that. Either way, one needs to be careful of infinite intercept loops and of intercepting all child processes.
Regards,
-Ken