简单的Rootkit检测程序，不改变sysenter地址,而是通过直接在原来sysenter地址里面写跳转代码来实现的,这实际上跟一般的函数头inline  hook一样.这样rootkit检测工具就不会认为sysenter已经改变(实际上也是没变).-Rootkit detection program, not change sysenter address, but through direct jump inside original sysenter address write code to achieve, which is actually the general function header inlinehook of the same so that the rootkit detection tools would not think sysenter has changed (in fact, is not changed).