Abstract: Malware may use Windows services to achieve auto-starting and partial concealing.In order to improve the detecting ability to such kind of malware,it is necessary to research the services concealing technology.The boot process of Windows services and the inner data structure of service object are researched,and then a multi-point concealing method combining memory hidden and registry hidden is proposed.Design and realize a service concealing program based on the method,test the hidden effect of the method in experimental conditions,analyze the detecting strategy dealing with this kinds of service concealing technology.The experiment proves that this method can hide service effectively with no influence on the service function,and evade kinds of detecting tools.