摘要： 随着计算机技术的不断发展，近期出现了利用Windows(2000/XP)内核设计上的漏洞隐藏自身进程的入侵技术。针对这种隐藏技术提出了利用内核进程环境控制块(KPEB)、内核线程环境控制块(KTEB)以及Windows操作系统的调度机制来检测这些隐藏进程的新方法，并给出了代码示例。

关键词: 进程, 隐藏, 内核进程环境控制块, 内核线程环境控制块, 检测

Abstract: With the development of computer technology, lately some malicious code use the leak of Windows(2000/XP) kernel design to hide their processes. In order to detect the hidden processes created by malicious code, a new technology has been described with the example of program. The technology involved includes: the kernel process environment block(KPEB), the kernel thread environment block(KTEB), the mechanism of traditional processes detection and dispatcher.

Key words: Process, Hidden, Kernel process environment block(KPEB), Kernel thread environment block(KTEB), Detection