A headache problem, it is well known x64 in patch under the protection of the guard, not broken eprocess Activeprocesslink, because pg to monitor the global variables, in more than ten minutes to several hours after break between random blue screen, but recently a new software called YDARK monitoring software implementation of similar Pchunter end chain hidden process, the effect of simple windbg analysis found that he handled kprocess processlistentry rather than eprocess in the link, and there is no deal with pg, don't use the infinity hook, hidden end chain effect, and the author found simple communication can make use of the pg monitoring blind Angle, have bosses can you help me answer my confusion since many days???????