{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T04:47:45Z","timestamp":1780634865694,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":95,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T00:00:00Z","timestamp":1667779200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,11,7]]},"DOI":"10.1145\/3548606.3560649","type":"proceedings-article","created":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T11:41:28Z","timestamp":1667821288000},"page":"1709-1723","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":14,"title":["HyperDbg: Reinventing Hardware-Assisted Debugging"],"prefix":"10.1145","author":[{"given":"Mohammad Sina","family":"Karvandi","sequence":"first","affiliation":[{"name":"Institute For Research In Fundamental Sciences, Tehran, Iran"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"MohammadHosein","family":"Gholamrezaei","sequence":"additional","affiliation":[{"name":"Chosun University, Gwangju, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Saleh","family":"Khalaj Monfared","sequence":"additional","affiliation":[{"name":"Worcester Polytechnic Institute, Worcester, MA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Soroush","family":"Meghdadizanjani","sequence":"additional","affiliation":[{"name":"Stony Brook University, Stony Brook, NY, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Behrooz","family":"Abbassi","sequence":"additional","affiliation":[{"name":"HyperDbg Organization, Gwangju, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ali","family":"Amini","sequence":"additional","affiliation":[{"name":"HyperDbg Organization, Gwangju, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Reza","family":"Mortazavi","sequence":"additional","affiliation":[{"name":"Damghan University, Damghan, Iran"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Saeid","family":"Gorgin","sequence":"additional","affiliation":[{"name":"Chosun University, Gwangju, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Dara","family":"Rahmati","sequence":"additional","affiliation":[{"name":"Shahid Beheshti University, Tehran, Iran"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Michael","family":"Schwarz","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarland, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2022,11,7]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/3365001"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"crossref","unstructured":"Sanjeev Kumar Aggarwal and M Sarath Kumar. 2002. Debuggers for Programming Languages.  Sanjeev Kumar Aggarwal and M Sarath Kumar. 2002. Debuggers for Programming Languages.","DOI":"10.1201\/9781420040579.ch9"},{"key":"e_1_3_2_1_3_1","unstructured":"Ortega Alberto. 2022a. pafish. https:\/\/github.com\/a0rtega\/pafish. Accessed: 2022-02--15.  Ortega Alberto. 2022a. pafish. https:\/\/github.com\/a0rtega\/pafish. Accessed: 2022-02--15."},{"key":"e_1_3_2_1_4_1","unstructured":"Ortega Alberto. 2022b. Windows SDK. https:\/\/developer.microsoft.com\/en-us\/windows\/downloads\/windows-sdk. Accessed: 2022-08--11.  Ortega Alberto. 2022b. Windows SDK. https:\/\/developer.microsoft.com\/en-us\/windows\/downloads\/windows-sdk. Accessed: 2022-08--11."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2020.11.004"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-021-00088-4"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1088149.1088163"},{"key":"e_1_3_2_1_8_1","volume-title":"7th USENIX Workshop on Offensive Technologies (WOOT 13)","author":"Bangert Julian","year":"2013","unstructured":"Julian Bangert , Sergey Bratus , Rebecca Shapiro , and Sean W Smith . 2013 . The $$Page-Fault$$ Weird Machine: Lessons in Instruction-less Computation . In 7th USENIX Workshop on Offensive Technologies (WOOT 13) . Julian Bangert, Sergey Bratus, Rebecca Shapiro, and Sean W Smith. 2013. The $$Page-Fault$$ Weird Machine: Lessons in Instruction-less Computation. In 7th USENIX Workshop on Offensive Technologies (WOOT 13)."},{"key":"e_1_3_2_1_9_1","first-page":"1","article-title":"Scientific but not academical overview of malware anti-debugging, anti-disassembly and anti-vm technologies","volume":"1","author":"Branco Rodrigo Rubira","year":"2012","unstructured":"Rodrigo Rubira Branco , Gabriel Negreira Barbosa , and Pedro Drimel Neto . 2012 . Scientific but not academical overview of malware anti-debugging, anti-disassembly and anti-vm technologies . Black Hat , Vol. 1 (2012), 1 -- 27 . Rodrigo Rubira Branco, Gabriel Negreira Barbosa, and Pedro Drimel Neto. 2012. Scientific but not academical overview of malware anti-debugging, anti-disassembly and anti-vm technologies. Black Hat , Vol. 1 (2012), 1--27.","journal-title":"Black Hat"},{"key":"e_1_3_2_1_10_1","volume-title":"Windows NT 3rd Symposium (Windows NT 3rd Symposium).","author":"Brubacher Doug","year":"1999","unstructured":"Doug Brubacher . 1999 . Detours: Binary interception of Win32 functions . In Windows NT 3rd Symposium (Windows NT 3rd Symposium). Doug Brubacher. 1999. Detours: Binary interception of Win32 functions. In Windows NT 3rd Symposium (Windows NT 3rd Symposium)."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-33630-5_22"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2008.4630086"},{"key":"e_1_3_2_1_13_1","volume-title":"International Conference on High-Performance Embedded Architectures and Compilers. Springer, 99--113","year":"2008","unstructured":"Tzi-cker Chiueh. 2008 . Fast bounds checking using debug register . In International Conference on High-Performance Embedded Architectures and Compilers. Springer, 99--113 . Tzi-cker Chiueh. 2008. Fast bounds checking using debug register. In International Conference on High-Performance Embedded Architectures and Compilers. Springer, 99--113."},{"key":"e_1_3_2_1_14_1","volume-title":"PITOU : Kernel Payload and DGA.","year":"2019","unstructured":"Citeseer. 2019 . PITOU : Kernel Payload and DGA. (2019). Citeseer. 2019. PITOU : Kernel Payload and DGA. (2019)."},{"key":"e_1_3_2_1_15_1","unstructured":"IBM Co. 2019. Hypervisors. https:\/\/www.ibm.com\/cloud\/learn\/hypervisors. Accessed: 2022-02--15.  IBM Co. 2019. Hypervisors. https:\/\/www.ibm.com\/cloud\/learn\/hypervisors. Accessed: 2022-02--15."},{"key":"e_1_3_2_1_16_1","unstructured":"IBM Co. 2021. Asynchronous Procedure Calls. https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/sync\/asynchronous-procedure-calls . Accessed: 2022-08-06.  IBM Co. 2021. Asynchronous Procedure Calls. https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/sync\/asynchronous-procedure-calls . Accessed: 2022-08-06."},{"key":"e_1_3_2_1_17_1","unstructured":"Mitre Co. 2022a. Access Token Manipulation. https:\/\/attack.mitre.org\/techniques\/T1134. Accessed: 2022-02--15.  Mitre Co. 2022a. Access Token Manipulation. https:\/\/attack.mitre.org\/techniques\/T1134. Accessed: 2022-02--15."},{"key":"e_1_3_2_1_18_1","unstructured":"Microsoft Co. 2022b. What is IRQL and why is it important? https:\/\/techcommunity.microsoft.com\/t5\/ask-the-performance-team\/what-is-irql-and-why-is-it-important\/ba-p\/372666. Accessed: 2022-02--15.  Microsoft Co. 2022b. What is IRQL and why is it important? https:\/\/techcommunity.microsoft.com\/t5\/ask-the-performance-team\/what-is-irql-and-why-is-it-important\/ba-p\/372666. Accessed: 2022-02--15."},{"key":"e_1_3_2_1_19_1","unstructured":"Microsoft Co. 2022c. Windows Debugger (WinDbg). https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/debugger\/debugger-download-tools. Accessed: 2022-02--15.  Microsoft Co. 2022c. Windows Debugger (WinDbg). https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/debugger\/debugger-download-tools. Accessed: 2022-02--15."},{"key":"e_1_3_2_1_20_1","unstructured":"NuMega Co. 2022. SoftIce. https:\/\/www.angelfire.com\/bug\/ass_1\/Readme.htm. Accessed: 2022-02--15.  NuMega Co. 2022. SoftIce. https:\/\/www.angelfire.com\/bug\/ass_1\/Readme.htm. Accessed: 2022-02--15."},{"key":"e_1_3_2_1_21_1","unstructured":"VMWare Co. 2022. What is a hypervisor? https:\/\/www.vmware.com\/topics\/glossary\/content\/hypervisor. Accessed: 2022-02--15.  VMWare Co. 2022. What is a hypervisor? https:\/\/www.vmware.com\/topics\/glossary\/content\/hypervisor. Accessed: 2022-02--15."},{"key":"e_1_3_2_1_22_1","unstructured":"GNU Community. 2022. GDB. https:\/\/www.gnu.org\/software\/gdb\/. Accessed: 2022-02--15.  GNU Community. 2022. GDB. https:\/\/www.gnu.org\/software\/gdb\/. Accessed: 2022-02--15."},{"key":"e_1_3_2_1_23_1","unstructured":"Intel Corporporation. 2018. Intel 64 and ia-32 architectures software developer manuals.  Intel Corporporation. 2018. Intel 64 and ia-32 architectures software developer manuals."},{"key":"e_1_3_2_1_24_1","unstructured":"Cyberbit. 2022. Anti-VM and Anti-Sandbox Explained. https:\/\/www.cyberbit.com\/blog\/endpoint-security\/anti-vm-and-anti-sandbox-explained\/.  Cyberbit. 2022. Anti-VM and Anti-Sandbox Explained. https:\/\/www.cyberbit.com\/blog\/endpoint-security\/anti-vm-and-anti-sandbox-explained\/."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523675"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58951-6_16"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2020.2976559"},{"key":"e_1_3_2_1_29_1","volume-title":"Intel VISA: Through the Rabbit Hole. Black Hat Asia","author":"Ermolov Mark","year":"2019","unstructured":"Mark Ermolov and Maxim Goryachy . 2019. Intel VISA: Through the Rabbit Hole. Black Hat Asia ( 2019 ). Mark Ermolov and Maxim Goryachy. 2019. Intel VISA: Through the Rabbit Hole. Black Hat Asia (2019)."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1858996.1859085"},{"key":"e_1_3_2_1_31_1","volume-title":"Workshop on Computer Education Architecture","author":"Ferreira Manuela K","year":"2008","unstructured":"Manuela K Ferreira , Henrique C Freitas , and Philippe OA Navaux . 2008 . From Intel VT-x to MIPS: An ArchC-based Model to Understanding the Hardware Virtualization Support . In Workshop on Computer Education Architecture , Beijing, China. 9--15. Manuela K Ferreira, Henrique C Freitas, and Philippe OA Navaux. 2008. From Intel VT-x to MIPS: An ArchC-based Model to Understanding the Hardware Virtualization Support. In Workshop on Computer Education Architecture, Beijing, China. 9--15."},{"key":"e_1_3_2_1_32_1","unstructured":"Cuckoo Foundation. 2022. Cuckoosandbox. https:\/\/cuckoosandbox.org\/. Accessed: 2022-02--15.  Cuckoo Foundation. 2022. Cuckoosandbox. https:\/\/cuckoosandbox.org\/. Accessed: 2022-02--15."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102550"},{"key":"e_1_3_2_1_34_1","volume-title":"Fourth International Conference on Machine Vision (ICMV 2011)","volume":"8350","author":"Gao Shang","year":"2012","unstructured":"Shang Gao and Qian Lin . 2012 . Debugging classification and anti-debugging strategies . In Fourth International Conference on Machine Vision (ICMV 2011) : Computer Vision and Image Analysis; Pattern Recognition and Basic Technologies , Vol. 8350 . International Society for Optics and Photonics, 83503C. Shang Gao and Qian Lin. 2012. Debugging classification and anti-debugging strategies. In Fourth International Conference on Machine Vision (ICMV 2011): Computer Vision and Image Analysis; Pattern Recognition and Basic Technologies, Vol. 8350. International Society for Optics and Photonics, 83503C."},{"key":"e_1_3_2_1_35_1","unstructured":"Tal Garfinkel Keith Adams Andrew Warfield and Jason Franklin. 2007. Compatibility Is Not Transparency: VMM Detection Myths and Realities.. In HotOS.  Tal Garfinkel Keith Adams Andrew Warfield and Jason Franklin. 2007. Compatibility Is Not Transparency: VMM Detection Myths and Realities.. In HotOS."},{"key":"e_1_3_2_1_36_1","volume-title":"2020 USENIX Annual Technical Conference (USENIX ATC 20)","author":"Ge Xinyang","year":"2020","unstructured":"Xinyang Ge , Ben Niu , and Weidong Cui . 2020 . Reverse debugging of kernel failures in deployed systems . In 2020 USENIX Annual Technical Conference (USENIX ATC 20) . 281--292. Xinyang Ge, Ben Niu, and Weidong Cui. 2020. Reverse debugging of kernel failures in deployed systems. In 2020 USENIX Annual Technical Conference (USENIX ATC 20). 281--292."},{"key":"e_1_3_2_1_37_1","first-page":"73","article-title":"Self-paging in the Nemesis operating system","volume":"99","author":"Hand Steven M","year":"1999","unstructured":"Steven M Hand . 1999 . Self-paging in the Nemesis operating system . In OSDI , Vol. 99. 73 -- 86 . Steven M Hand. 1999. Self-paging in the Nemesis operating system. In OSDI, Vol. 99. 73--86.","journal-title":"OSDI"},{"key":"e_1_3_2_1_38_1","volume-title":"Post-copy live migration of virtual machines. ACM SIGOPS operating systems review","author":"Hines Michael R","year":"2009","unstructured":"Michael R Hines , Umesh Deshpande , and Kartik Gopalan . 2009. Post-copy live migration of virtual machines. ACM SIGOPS operating systems review , Vol. 43 , 3 ( 2009 ), 14--26. Michael R Hines, Umesh Deshpande, and Kartik Gopalan. 2009. Post-copy live migration of virtual machines. ACM SIGOPS operating systems review , Vol. 43, 3 (2009), 14--26."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2020.2969514"},{"key":"e_1_3_2_1_40_1","unstructured":"Immunity Inc. 2022. immunitydbg. https:\/\/www.immunityinc.com\/products\/debugger\/index.html . Accessed: 2022-02--15.  Immunity Inc. 2022. immunitydbg. https:\/\/www.immunityinc.com\/products\/debugger\/index.html . Accessed: 2022-02--15."},{"key":"e_1_3_2_1_41_1","volume-title":"Efficient hardware malware detectors that are resilient to adversarial evasion","author":"Islam Md Shohidul","year":"2021","unstructured":"Md Shohidul Islam , Khaled N Khasawneh , Nael Abu-Ghazaleh , Dmitry Ponomarev , and Lei Yu. 2021. Efficient hardware malware detectors that are resilient to adversarial evasion . IEEE Trans. Comput . ( 2021 ). Md Shohidul Islam, Khaled N Khasawneh, Nael Abu-Ghazaleh, Dmitry Ponomarev, and Lei Yu. 2021. Efficient hardware malware detectors that are resilient to adversarial evasion. IEEE Trans. Comput. (2021)."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-02067-4_3"},{"key":"e_1_3_2_1_43_1","unstructured":"Sina Karvandi. 2019. Hypervisor From Scratch -- Part 7: Using EPT & Page-Level Monitoring Features. (2019). https:\/\/rayanfam.com\/topics\/hypervisor-from-scratch-part-7\/  Sina Karvandi. 2019. Hypervisor From Scratch -- Part 7: Using EPT & Page-Level Monitoring Features. (2019). https:\/\/rayanfam.com\/topics\/hypervisor-from-scratch-part-7\/"},{"key":"e_1_3_2_1_44_1","unstructured":"Jong-Wouk Kim Jiwon Bang and Mi-Jung Choi. 2020. Defeating Anti-Debugging Techniques for Malware Analysis Using a Debugger.  Jong-Wouk Kim Jiwon Bang and Mi-Jung Choi. 2020. Defeating Anti-Debugging Techniques for Malware Analysis Using a Debugger."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICTC46691.2019.8939719"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076790"},{"key":"e_1_3_2_1_47_1","volume-title":"23rd $$USENIX$$ Security Symposium ($$USENIX$$ Security 14). 287--301.","author":"Kirat Dhilung","unstructured":"Dhilung Kirat , Giovanni Vigna , and Christopher Kruegel . 2014. Barecloud: bare-metal analysis-based evasive malware detection . In 23rd $$USENIX$$ Security Symposium ($$USENIX$$ Security 14). 287--301. Dhilung Kirat, Giovanni Vigna, and Christopher Kruegel. 2014. Barecloud: bare-metal analysis-based evasive malware detection. In 23rd $$USENIX$$ Security Symposium ($$USENIX$$ Security 14). 287--301."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/1368088.1368130"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664252"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-021-00083-9"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-017-0291-9"},{"key":"e_1_3_2_1_52_1","unstructured":"Check Point Software Technologies LTD. 2022a. Anti-Debug: Assembly instructions. https:\/\/anti-debug.checkpoint.com\/techniques\/assembly.html.  Check Point Software Technologies LTD. 2022a. Anti-Debug: Assembly instructions. https:\/\/anti-debug.checkpoint.com\/techniques\/assembly.html."},{"key":"e_1_3_2_1_53_1","unstructured":"Check Point Software Technologies LTD. 2022b. Anti-Debug: Debug Flags. https:\/\/anti-debug.checkpoint.com\/techniques\/debug-flags.html.  Check Point Software Technologies LTD. 2022b. Anti-Debug: Debug Flags. https:\/\/anti-debug.checkpoint.com\/techniques\/debug-flags.html."},{"key":"e_1_3_2_1_54_1","unstructured":"Check Point Software Technologies LTD. 2022c. Anti-Debug: Direct debugger interaction. https:\/\/anti-debug.checkpoint.com\/techniques\/interactive.html.  Check Point Software Technologies LTD. 2022c. Anti-Debug: Direct debugger interaction. https:\/\/anti-debug.checkpoint.com\/techniques\/interactive.html."},{"key":"e_1_3_2_1_55_1","unstructured":"Check Point Software Technologies LTD. 2022d. Anti-Debug: Exceptions. https:\/\/anti-debug.checkpoint.com\/techniques\/exceptions.html.  Check Point Software Technologies LTD. 2022d. Anti-Debug: Exceptions. https:\/\/anti-debug.checkpoint.com\/techniques\/exceptions.html."},{"key":"e_1_3_2_1_56_1","unstructured":"Check Point Software Technologies LTD. 2022 e. Anti-Debug: Misc. https:\/\/anti-debug.checkpoint.com\/techniques\/misc.html.  Check Point Software Technologies LTD. 2022 e. Anti-Debug: Misc. https:\/\/anti-debug.checkpoint.com\/techniques\/misc.html."},{"key":"e_1_3_2_1_57_1","unstructured":"Check Point Software Technologies LTD. 2022 f. Anti-Debug: Process Memory. https:\/\/anti-debug.checkpoint.com\/techniques\/process-memory.html#software-breakpoints.  Check Point Software Technologies LTD. 2022 f. Anti-Debug: Process Memory. https:\/\/anti-debug.checkpoint.com\/techniques\/process-memory.html#software-breakpoints."},{"key":"e_1_3_2_1_58_1","unstructured":"Check Point Software Technologies LTD. 2022 g. Anti-Debug: Timing. https:\/\/anti-debug.checkpoint.com\/techniques\/timing.html.  Check Point Software Technologies LTD. 2022 g. Anti-Debug: Timing. https:\/\/anti-debug.checkpoint.com\/techniques\/timing.html."},{"key":"e_1_3_2_1_59_1","volume-title":"Sandbox Detection Using Hardware Side Channels. In 2021 22nd International Symposium on Quality Electronic Design (ISQED). IEEE, 192--197","author":"Lusky Yehonatan","year":"2021","unstructured":"Yehonatan Lusky and Avi Mendelson . 2021 . Sandbox Detection Using Hardware Side Channels. In 2021 22nd International Symposium on Quality Electronic Design (ISQED). IEEE, 192--197 . Yehonatan Lusky and Avi Mendelson. 2021. Sandbox Detection Using Hardware Side Channels. In 2021 22nd International Symposium on Quality Electronic Design (ISQED). IEEE, 192--197."},{"key":"e_1_3_2_1_60_1","volume-title":"Attacking malicious code: A report to the infosec research council","author":"McGraw Gary","year":"2000","unstructured":"Gary McGraw and Greg Morrisett . 2000. Attacking malicious code: A report to the infosec research council . IEEE software, Vol. 17 , 5 ( 2000 ), 33--41. Gary McGraw and Greg Morrisett. 2000. Attacking malicious code: A report to the infosec research council. IEEE software, Vol. 17, 5 (2000), 33--41."},{"key":"e_1_3_2_1_61_1","unstructured":"Christian Rossow Michael Brengel Michael Backes. 2010. Detecting Hardware -Assisted Virtualization. (2010).  Christian Rossow Michael Brengel Michael Backes. 2010. Detecting Hardware -Assisted Virtualization. (2010)."},{"key":"e_1_3_2_1_62_1","unstructured":"Microsoft. 2022a. GetExitCodeProcess function. https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/api\/processthreadsapi\/nf-processthreadsapi-getexitcodeprocess. Accessed: 2022-02--15.  Microsoft. 2022a. GetExitCodeProcess function. https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/api\/processthreadsapi\/nf-processthreadsapi-getexitcodeprocess. Accessed: 2022-02--15."},{"key":"e_1_3_2_1_63_1","unstructured":"Microsoft. 2022b. KDNet. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/debugger\/setting-up-a-network-debugging-connection-automatically. Accessed: 2022-02--15.  Microsoft. 2022b. KDNet. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/debugger\/setting-up-a-network-debugging-connection-automatically. Accessed: 2022-02--15."},{"key":"e_1_3_2_1_64_1","unstructured":"Microsoft. 2022c. Volume Shadow Copy Service. https:\/\/docs.microsoft.com\/en-us\/windows-server\/storage\/file-server\/volume-shadow-copy-service. Accessed: 2022-02--15.  Microsoft. 2022c. Volume Shadow Copy Service. https:\/\/docs.microsoft.com\/en-us\/windows-server\/storage\/file-server\/volume-shadow-copy-service. Accessed: 2022-02--15."},{"key":"e_1_3_2_1_65_1","unstructured":"mrexodia. 2022. al-khaser. https:\/\/github.com\/LordNoteworthy\/al-khaser. Accessed: 2022-02--15.  mrexodia. 2022. al-khaser. https:\/\/github.com\/LordNoteworthy\/al-khaser. Accessed: 2022-02--15."},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1535\/itj.1003.01"},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3139840"},{"key":"e_1_3_2_1_68_1","volume-title":"Ninja: Towards Transparent Tracing and Debugging on $$ARM$$. In 26th $$USENIX$$ Security Symposium ($$USENIX$$ Security 17). 33--49.","author":"Ning Zhenyu","year":"2017","unstructured":"Zhenyu Ning and Fengwei Zhang . 2017 . Ninja: Towards Transparent Tracing and Debugging on $$ARM$$. In 26th $$USENIX$$ Security Symposium ($$USENIX$$ Security 17). 33--49. Zhenyu Ning and Fengwei Zhang. 2017. Ninja: Towards Transparent Tracing and Debugging on $$ARM$$. In 26th $$USENIX$$ Security Symposium ($$USENIX$$ Security 17). 33--49."},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2883027"},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00061"},{"key":"e_1_3_2_1_71_1","unstructured":"Yuschuk Oleh. 2022. OllyDbg. https:\/\/www.ollydbg.de\/. Accessed: 2022-02--15.  Yuschuk Oleh. 2022. OllyDbg. https:\/\/www.ollydbg.de\/. Accessed: 2022-02--15."},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-22038-9_10"},{"key":"e_1_3_2_1_73_1","unstructured":"phoenixNAP. 2022. What is a Hypervisor? Types of Hypervisors 1 & 2. https:\/\/phoenixnap.com\/kb\/what-is-hypervisor-type-1--2. Accessed: 2022-02--15.  phoenixNAP. 2022. What is a Hypervisor? Types of Hypervisors 1 & 2. https:\/\/phoenixnap.com\/kb\/what-is-hypervisor-type-1--2. Accessed: 2022-02--15."},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-020-00371-x"},{"key":"e_1_3_2_1_75_1","volume-title":"Virt-ICE: Next-generation debugger for malware analysis. Black Hat USA","author":"Quynh Nguyen Anh","year":"2010","unstructured":"Nguyen Anh Quynh and Kuniyasu Suzaki . 2010. Virt-ICE: Next-generation debugger for malware analysis. Black Hat USA ( 2010 ). Nguyen Anh Quynh and Kuniyasu Suzaki. 2010. Virt-ICE: Next-generation debugger for malware analysis. Black Hat USA (2010)."},{"key":"e_1_3_2_1_76_1","unstructured":"Rayanfam.Com. 2021. Hypervisor From Scratch -- Part 8: How To Do Magic With Hypervisor! https:\/\/rayanfam.com\/topics\/hypervisor-from-scratch-part-8\/. Accessed: 2022-02--15.  Rayanfam.Com. 2021. Hypervisor From Scratch -- Part 8: How To Do Magic With Hypervisor! https:\/\/rayanfam.com\/topics\/hypervisor-from-scratch-part-8\/. Accessed: 2022-02--15."},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"crossref","unstructured":"Sergej Schumilo Cornelius Aschermann Ali Abbasi Simon W\u00f6rner and Thorsten Holz. 2020. HYPER-CUBE: High-Dimensional Hypervisor Fuzzing.. In NDSS.  Sergej Schumilo Cornelius Aschermann Ali Abbasi Simon W\u00f6rner and Thorsten Holz. 2020. HYPER-CUBE: High-Dimensional Hypervisor Fuzzing.. In NDSS.","DOI":"10.14722\/ndss.2020.23096"},{"key":"e_1_3_2_1_78_1","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Schumilo Sergej","year":"2021","unstructured":"Sergej Schumilo , Cornelius Aschermann , Ali Abbasi , Simon W\u00f6rner , and Thorsten Holz . 2021 . Nyx: Greybox hypervisor fuzzing using fast snapshots and affine types . In 30th USENIX Security Symposium (USENIX Security 21) . 2597--2614. Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon W\u00f6rner, and Thorsten Holz. 2021. Nyx: Greybox hypervisor fuzzing using fast snapshots and affine types. In 30th USENIX Security Symposium (USENIX Security 21). 2597--2614."},{"key":"e_1_3_2_1_79_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-22038-9_9"},{"key":"e_1_3_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.1145\/3019612.3019791"},{"key":"e_1_3_2_1_81_1","volume-title":"Lazyfp: Leaking fpu register state using microarchitectural side-channels. arXiv preprint arXiv:1806.07480","author":"Stecklina Julian","year":"2018","unstructured":"Julian Stecklina and Thomas Prescher . 2018 . Lazyfp: Leaking fpu register state using microarchitectural side-channels. arXiv preprint arXiv:1806.07480 (2018). Julian Stecklina and Thomas Prescher. 2018. Lazyfp: Leaking fpu register state using microarchitectural side-channels. arXiv preprint arXiv:1806.07480 (2018)."},{"key":"e_1_3_2_1_82_1","unstructured":"LLDB Team. 2022. LLDB. https:\/\/lldb.llvm.org\/. Accessed: 2022-02--15.  LLDB Team. 2022. LLDB. https:\/\/lldb.llvm.org\/. Accessed: 2022-02--15."},{"key":"e_1_3_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2021.108394"},{"key":"e_1_3_2_1_84_1","unstructured":"VMware Inc. 2019. Performance Evaluation of Intel EPT Hardware Assist. https:\/\/www.vmware.com\/pdf\/Perf_ESX_Intel-EPT-eval.pdf. Accessed: 2022-02--15.  VMware Inc. 2019. Performance Evaluation of Intel EPT Hardware Assist. https:\/\/www.vmware.com\/pdf\/Perf_ESX_Intel-EPT-eval.pdf. Accessed: 2022-02--15."},{"key":"e_1_3_2_1_85_1","volume-title":"vx-underground malware collection. https:\/\/www.vx-underground.org\/","year":"2021","unstructured":"vx underground. 2021. vx-underground malware collection. https:\/\/www.vx-underground.org\/ , Vol. 1 ( 2021 ). vx underground. 2021. vx-underground malware collection. https:\/\/www.vx-underground.org\/ , Vol. 1 (2021)."},{"key":"e_1_3_2_1_86_1","volume-title":"Hypervisor Introspection: A Technique for Evading Passive Virtual Machine Monitoring. In 9th USENIX Workshop on Offensive Technologies (WOOT 15)","author":"Wang Gary","unstructured":"Gary Wang , Zachary J. Estrada , Cuong Pham , Zbigniew Kalbarczyk , and Ravishankar K. Iyer . 2015 . Hypervisor Introspection: A Technique for Evading Passive Virtual Machine Monitoring. In 9th USENIX Workshop on Offensive Technologies (WOOT 15) . USENIX Association. Gary Wang, Zachary J. Estrada, Cuong Pham, Zbigniew Kalbarczyk, and Ravishankar K. Iyer. 2015. Hypervisor Introspection: A Technique for Evading Passive Virtual Machine Monitoring. In 9th USENIX Workshop on Offensive Technologies (WOOT 15). USENIX Association."},{"key":"e_1_3_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.45"},{"key":"e_1_3_2_1_88_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420980"},{"key":"e_1_3_2_1_89_1","volume-title":"Virus Bulletin Conference.","author":"Willems Carsten","year":"2013","unstructured":"Carsten Willems , Ralf Hund , and Thorsten Holz . 2013 . Hypervisor-based, hardware-assisted system monitoring . In Virus Bulletin Conference. Carsten Willems, Ralf Hund, and Thorsten Holz. 2013. Hypervisor-based, hardware-assisted system monitoring. In Virus Bulletin Conference."},{"key":"e_1_3_2_1_90_1","unstructured":"x64 Debugger. 2022. X64. https:\/\/x64dbg.com\/  x64 Debugger. 2022. X64. https:\/\/x64dbg.com\/"},{"key":"e_1_3_2_1_91_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00105"},{"key":"e_1_3_2_1_92_1","doi-asserted-by":"publisher","DOI":"10.1145\/2151024.2151053"},{"key":"e_1_3_2_1_93_1","doi-asserted-by":"publisher","DOI":"10.1109\/BWCCA.2010.85"},{"key":"e_1_3_2_1_94_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2016.2545671"},{"key":"e_1_3_2_1_95_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.11"}],"event":{"name":"CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security","location":"Los Angeles CA USA","acronym":"CCS '22","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3560649","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3548606.3560649","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:48:59Z","timestamp":1750182539000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3560649"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,11,7]]},"references-count":95,"alternative-id":["10.1145\/3548606.3560649","10.1145\/3548606"],"URL":"https:\/\/doi.org\/10.1145\/3548606.3560649","relation":{},"subject":[],"published":{"date-parts":[[2022,11,7]]},"assertion":[{"value":"2022-11-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}