Skip to main content
Fig. 6 | Cybersecurity

Fig. 6

From: Hypervisor-assisted dynamic malware analysis

Fig. 6

Hypervisor memory modifications transparency. First, the guest attempts to read from the modified page. Because this page is configured to have only execute permissions, and an EPT violation occurs. Next, the hypervisor emulates the read instruction as if it had been done on the original memory page. Finally, the hypervisor resumes the execution of the guest

Back to article page