[1]Jeffrey J, Christophe N. Windows via CC++[M]. 5th ed. Beijing: Tsinghua University Press, 2008: 517534[2]Guo Yucheng, Wu Peng, Lin Juwei, et al. A way to detect computer trojan based on DLL preemptive injection[C] Proc of the 10th Int Symp on Distribute Computing and Applications to Business, Engineering and Science (DCABES 2011). New York: ACM, 2011: 255258[3]赵北庚, 孙楠. 远程线程DLL注入的实现与逆向分析侦查[J]. 网络安全技术与应用, 2015 (5): 9494[4]斯鲁杰. DLL木马隐藏技术研究[D]. 西安: 西安电子科技大学, 2011[5]戚利. Windows PE权威指南[M]. 北京: 机械工业出版社, 2011: 112120[6]韩芳, 栾国森. 远程线程注入木马的攻防研究[J]. 计算机与数字工程, 2008 (3): 9697+166[7]王佩红, 赵尔敦, 张瑜. 远程线程注入DLL的检测与卸载方法研究[J]. 计算机与数字工程, 2010 (3): 106108+142[8]王艳平. Windows程序设计[M]. 北京: 人民邮电出版社, 2005[9]谭文, 邵坚磊. 从汇编语言到Windows内核编程[M]. 北京: 电子工业出版社, 2008: 4550[10]Butler J, Jeffrey L, Pinkson J. Hidden processes: The implication for intrusion detection[C] Proc of IEEE Workshop on Assurance United States. Piscataway, NJ: IEEE, 2003: 116121