%0 Journal Article
%T Windows 7 Ergodice PspCidTable to detect hidden Processes<br>Windows 7 遍历PspCidTable 表检测隐藏进程
%A ZHOU Li-Rong
%A MA Wen-Long
%A <br>周利荣
%A 马文龙
%J 计算机系统应用
%D 2011
%I 
%X PspCidTable preserves all pointer of processes and threads,Ergodicing PspCidTable can enumerate all processes include hidden processes.The paper analyses the structure of windows 7's PspCidTable,expounds the methed to obtain memory address of windows 7's PspCidTable.The algorithm of Ergodicing PspCidTable,finally brings up the step and methed to automatically detect processes.Experiments on windows 7 operation system showed that the algorithm can enumerate all processes with high efficiency,include processe...
%K process
%K PspCidTable
%K pointer
%K Kernel<br>进程
%K PspCidTable~指针
%K 内核
%U http://www.alljournals.cn/get_abstract_url.aspx?pcid=5B3AB970F71A803DEACDC0559115BFCF0A068CD97DD29835&cid=8240383F08CE46C8B05036380D75B607&jid=D4F6864C950C88FFCE5B6C948A639E39&aid=48687FEEF97E5861CF408912153F5954&yid=9377ED8094509821&vid=A04140E723CB732E&iid=9CF7A0430CBB2DFD&sid=8B59EA573021D671&eid=4966445AEEBA9556&journal_id=1003-3254&journal_name=计算机系统应用&referenced_num=0&reference_num=4