Closed m0rethan3 closed 4 years ago
is it possible to hide kernel memory modifications with kaspersky hypervisor? if its possible can you give me hints where to dig in their driver?
Unfortunately Kaspersky doesn't make use of SLAT for that. All their hypervisor does is swapping IA32_LSTAR for system call hooks.
is it possible to hide kernel memory modifications with kaspersky hypervisor? if its possible can you give me hints where to dig in their driver?