tandasat
commented
4 years ago If you can reproduce the issue on VMware, try gdb debugging and see where the processors are stuck. If you have IDA Pro, I'd recommend using that for this as it can interpret PDB.
thanks for your excellent work, I learned a lot from it. And I try to use this project to monitor windows kernel memory access. And I set corresponding ept entry's r/w to false. Every time windows kernel access memory, I set corresponding ept entry's r/w to ture ,and mtf flag. However, the windows always get stuck somewhere. Can you give some suggestion.