Hidden process detection technique based on memory search
基于内存搜索的隐藏进程检测技术

To research the existing hidden process detection techniques and its anti-detection techniques in Windows, a new detect method based on the memory search was brought forth and its performance was improved. This technique made use of the inherent characteristics of process to traverse the system address space for establishing integrated process list, and then detected hidden process. Experiments show that this detection method is of higher reliability, efficiency and integrity.