Tamas,On 13 Apr 2016, at 14:25, Tamas K Lengyel <tamas.k.lengyel@gmail.com> wrote:In the DRAKVUF system that's exactly what I do, I mark the page execute only so that the guest is unable to locate/overwrite injected breakpoints without notice. If it were to overwrite injected breakpoints with its own, then we would be able to tell that the trap is both for external and internal use. So there isn't much of an issue there. The main issue is with the racecondition in multi-vCPU guests when the purely external-use breakpoint has to be removed to allow the guest to continue. It can be solved nicely though with altp2m. I did a write-up for the Xen blog about it a couple months ago and sent it to publicity but has not appeared yet. Lars?