［1］Mark E Russinovich,David A.Solomon.Microsoft Windows Internals:Microsoft Windows Server 2003,Windows XP,and Windows 2000［M］.USA:Microsoft Press,2004.

［2］Wang Yimin,Doug Beck,Binh Vo,et al.Detecting Stealth Software with Strider GhostBuster［C］.Proc of International Conference on Dependable Systems and Networks,2005.

［3］徐广斌,张尧学,周悦芝.基于虚拟机的透明计算系统设计及实现［J］.清华大学学报:自然科学版,2008,48(10):1675-1678.

［4］Artem Dinaburg,Paul Royal,Monirul Sharif,et al.Ether:Malware Analysis via Hardware Virtualization Extensions［C］.In Proceedings of the 15th ACM conference on Computer and Communications Security,2008.

［5］Intel.Intel 64 and IA-32 Architectures Software Developers Manual,Volume 3B:System Programming Guide,Part 2［Z］.Hoaland:Intel,2006.

［6］Jones S T,Arpaci-Dusseau A C,Arpaci-Dusseau R H.Antfarm:Tracking Processs in a Virtual Machine Environment［C］.Boston,Massachusetts:In Proceedings of the USENIX Annual Technical Conference(USENIX'06),2006.