Modify the registry:
HKLM / Software / Microsoft / Windows NT / CURRENTVERSION / Image File Execution Options Create a child name named to disable, such as: hudan.exe creates a button named debugger under the subkey, the value can be An alternative EXE file name, such as: cmd.exe
Then the system will first determine when running the program, it is not hudan.exe when it is, if it is, it does not run it, but runs cmd.exe.
I always want to use a hook, run my hook program when the system is started, and then monitor it, I didn't expect the way to modify the registry so simple, but if the file name can be changed, you can run it. Disadvantages that the monitoring process KILL can also be run.
