Introduction - If you have any usage issues, please Google them yourself
Procedures with the way the kernel driver into the ring0, then visit EPROCESS structure, the structure found in EPROCESS process chain, which can realize the process of enumeration, but because the system process PID to 0 in the Idle and no chain. So by this method naturally can not find it to. process output can softice or DebugView tool to view. This program only under XP through debugging.