中文摘要：

从功能上来看，Rootkit是指隐藏进程、网络端口、文件痕迹等的恶意软件，现已被广泛应用在黑客入侵和攻击他人的计算机系统上。许多计算机病毒、间谍软件也都常常使用Rootkit潜伏在操作系统上伺机而动。如何有效地对Rootkit进行检测和防范成为应对木马入侵和僵尸网络的首要解决的关键问题。文章在以往的研究基础上，通过深入探讨Windows底层原理，开发了一个基于WindowsAPI调用机制的Rootkit检测系统。在该系统的帮助下，用户不但可以深入查看操作系统的各类底层信息，还可以很方便地找出隐藏在计算机之中的病毒、木马并进行清理，从而更好地保护操作系统。该系统丰富了现今针对Rootkit检测的研究成果，对后续的研究具有一定的参考价值。

英文摘要：

Rootkit is referred to the malicious software that hides the traces of processes, network ports, files, etc. It is now widely used for the hacker intruding and attacking other peoples’ computer systems. Many computer viruses and spywares also use Rootkit to lurk in the operation system and watch for the proper moment for action. How to detect Rootkit efficiently becomes the key problem to counter these kinds of attacks. On the basis of previous works,this paper discusses the underlying principles of Windows, and developes a Rootkit detection system based on the WINDOWS API. With its help, the user can not only discover different kinds of hidden information of the operation system, but also easily find out the virus and Trojan which are running in the computer and clean them up. To a certain extent, this system enriches the research productions on Rootkit detection, and can offer reference for the follow-up studies.