本文著重在描述如何實作一個即時啟動監視器，來達到即時阻擋惡意程式入侵的目標。任何程式一更動登錄執行鍵值企圖將自己設定爲開機啟動程式，啟動監視器便立即察覺發出警訊通知。如果警訊視窗出現時，使用者並未在安裝該程式，就可判斷是被惡意程式入侵；此時使用者點選「否」按鈕，讓啟動監視器取消這項異動，即可避免被惡意程式盤據電腦系統。實作上，主要運用WMI來達成對登錄執行鍵值做即時異動監控的目標。

This manuscript mainly describes how to implement a real-time startup monitor and make it as a real-time malware blocker. The startup monitor will issue a warning dialog to user immediately when a registry run key is changed by some program to make itself auto-start. If the concerned auto-start program is not what the user is currently installing, then the user can intuitively click the "No" button to let startup monitor cancel registry variation and protect computer from being occupied by malware. WMI (Windows Management Instrumentation) is mainly used to achieve the goal of real-time monitoring on changes of registry run keys.