Anti-Hypervisor Configuration
The anti-hypervisor configuration is used to specify the anti-hypervisor options for Avaritia stub.
Mode
Disabled
(default): Avaritia stub will not perform any anti-hypervisor checks.Standard
: Avaritia stub will perform the standard anti-hypervisor checks.Aggressive
: Avaritia stub will perform the aggressive anti-hypervisor checks.
config.json
{
"anti_hypervisor": {
"mode": "Standard"
}
}
EPT Detection
This feature is currently under development.
This option allows you to specify whether or not to detect the Extended Page Table (EPT) under the hypervisor environment.
EPT is a feature of the Intel VT-x virtualization technology that extends the traditional page table hierarchy with a second set of page tables used by the virtual machine monitor (VMM) and sometimes used for malicious purposes such as shadow hooks.
This feature will take no effect if the application is not running under the hypervisor environment.
- Default:
false
config.json
{
"anti_hypervisor": {
"detect_ept": false
}
}