Quote:
|
Originally Posted by trickyboy
But you can try change Title Window of filemon and its name file. Some programs detect that by view list process which running in memory.
|
Not in this case. What is being detected is the driver, not the FileMon app. The driver remains even after the app is terminated, and the target still won't start.
You need at least to change the driver's name, that's the most straightforward way of detection. Rename the driver file - I believe it's a binary resource inside the app's exe. Also, the name of the device it creates should be changed, both in the .sys file, and in the app when it connects to the driver.
I don't know if they (still) work, but check the patches in this thread: http://forum.exetools.com/showthread.php?t=6645