%0 Journal Article
%T Hidden process detection technique based on memory search<br>基于内存搜索的隐藏进程检测技术
%A HU He-jun
%A FAN Ming-yu
%A <br>胡和君
%A 范明钰
%J 计算机应用
%D 2009
%I 
%X To research the existing hidden process detection techniques and its anti-detection techniques in Windows, a new detect method based on the memory search was brought forth and its performance was improved. This technique made use of the inherent characteristics of process to traverse the system address space for establishing integrated process list, and then detected hidden process. Experiments show that this detection method is of higher reliability, efficiency and integrity.
%K Rootkit<br>内存搜索
%K 进程隐藏
%U http://www.alljournals.cn/get_abstract_url.aspx?pcid=5B3AB970F71A803DEACDC0559115BFCF0A068CD97DD29835&cid=8240383F08CE46C8B05036380D75B607&jid=831E194C147C78FAAFCC50BC7ADD1732&aid=DB3755BE50322FA271B43D0534B7B34E&yid=DE12191FBD62783C&vid=771469D9D58C34FF&iid=CA4FD0336C81A37A&sid=A58CF3BAE79427D0&eid=5A194ABCF186A3EF&journal_id=1001-9081&journal_name=计算机应用&referenced_num=0&reference_num=16