PspCidTable preserves all pointer of processes and threads, Ergodicing PspCidTable can enumerate all processes include hidden processes. The paper analyses the structure of windows 7's PspCidTable, expounds the methed to obtain memory address of windows 7's PspCidTable. The algorithm of Ergodicing PspCidTable, finally brings up the step and methed to automatically detect processes. Experiments on windows 7 operation system showed that the algorithm can enumerate all processes with high efficiency, include processes that hooked functions that enumerated processes or directly entered into kernel space changed kernel data to hide self.