hypervisor
-
[Hypervisor Part 3] Making Your Kernel Hook Invisible with EPT Shadow Pages
EPT shadow page hooks split a physical page into two views — one seen by reads (original bytes), one executed (hooked bytes). Integrity scanners see clean code. The CPU …
-
[Hypervisor Part 2] Hijacking Hyper-V's VM-Exit Handler from Inside the Guest
How EPTraitor detours Hyper-V’s VM-exit handler, the CPUID-based hypercall ABI including the bitfield bug that burned me, and how we resolve arbitrary process CR3 …
-
[Hypervisor Part 1] What a Hypervisor Actually Does (And Why Your Ring-0 Code Should Care)
A ground-up explanation of what hypervisors do at the CPU level, how Windows runs under Hyper-V by default, what a VM-exit is and when it happens, and why this matters …