With the development of computer technology widely applied in every walk of life, all kinds of important information are stored in computer and transported through Internet. So the system security has become a popular research target. As there are so many vulnerabilities exist in modern computer operating system and internet, the operating system is vulnerable to many types of attacks. One of the most popular attack techniques is Rootkit. Rootkit has a lot of technical tricks, so nowadays no one can claim their antivirus that have ability to understand it and caught Rootkit precisely. Furthermore, it is helpless for unknown Rootkit and complex-type Rootkit. The goal of this thesis is propose a defense and detection scheme on Rootkit. Analysis the attack techniques of Rootkit firstly, and do in-depth research on DKOM technology. In this thesis, a detailed description on detection technologies and defense techniques is being discussed, and then analysis the advantages and disadvantages. Finally, extract techniques from above mentioned which enhance designed to oppose Rootkit invasion. In order to improve the capability and hit rate, a new defense and detection method is proposed which is based on Windows DKOM-Rootkit. It’s not only achieve intercept but also point out the hidden address accurately by purpose mechanism. Ensure the security of computer systems.