进程隐藏与进程保护(SSDT HOOK 实现)
http://www.cnblogs.com/BoyXiao/archive/2011/09/04/2166596.html
代码注入之远程线程篇
http://www.cnblogs.com/BoyXiao/archive/2011/08/11/2134367.html#2786089
SSDT Hook实现内核级的进程保护
http://www.cnblogs.com/hongfei/p/3162546.html
SSDT HOOK ZwOpenProcess(SSTD HOOK扫盲代码)
http://bbs.pediy.com/archive/index.php?t-93984.html
过 DNF TP 驱动保护(一)
http://www.cnblogs.com/BoyXiao/archive/2012/06/09/2542831.html
过 DNF TP 驱动保护(二)
http://www.cnblogs.com/BoyXiao/archive/2012/06/12/2545816.html
SSTD查看工具:
xuetr(xp,win7都可以)或icesword(仅限XP)
SSTD HOOK Monitor
Windbg