How to make the "Replace Task Manager" function in Process Explorer?

Question

How to make the "Replace Task Manager" function in Process Explorer?

Process Explorer has a nice feature Replace Task Manager

enter image description here

I just thought how Mark Russinovich does it.
What trick is used to implement it?

+7

windows winapi sysinternals process-explorer

Benjamin Sep 14 '11 at 12:50

source share

1 answer

eran · Accepted Answer · 2011-09-14T12:59:13+0000

You can use ProcMon to find out how this is done ...

To save you trouble, ProcExp is defined as the taskmgr.exe debugger in the Image File Execution Options in the registry. This means that ProcExp starts before taskmgr starts, regardless of how taskmgr was started. ProcExp can then easily close the task manager and show itself.

How to make the "Replace Task Manager" function in Process Explorer?

More articles: