Security tools are rapidly developed as network security threat is becoming more and more serious. To overcome the fundamental limitation of traditional host-based anti-malware system which is likely to be deceived and attacked by malicious codes, VMM-based anti-malware systems have re-cently become a hot research field. In this article, the existing malware hiding technique is analyzed, and a detecting model for hidden process based on “In-VM” idea is also proposed. Based on this detecting model, a hidden process detection tech-nology which is based on HOOK SwapContext on the VMM platform is also implemented successful-ly. This technology can guarantee the detecting method not to be attacked by malwares and also resist all the current process hiding technologies. In order to detect the malwares which use remote injection method to hide themselves, a method by hijacking sysenter instruction is also proposed. Ex-periments show that the proposed methods guar-antee the isolation of virtual machines, can detect all malware samples, and just bring little perform-ance loss.