监控注册表，采用驱动Cm函数，能拦截API，冰剑修改注册表-Monitoring the registry, the use of drive Cm function can intercept API, modify the registry Bingjian

一个简单的驱动例子，对几个和进程有关的API在内核下进行拦截，可以使进程不被结束，程序不被创建。-Example of a simple drive, and processes related to the number of the API in the kernel to intercept the process can not be the end of the program is not created.