Using LBR (Last Branch Record) Feature to Detect IDT-Shadowing-Based Malicious IDT Hooking

Thanks to Yushi who shared a presentation (ELI: Bare-Metal Performance for I/O Virtualization) with me. In that hypervisor (ELI), it innovates an idea of gust IDT shadow (or IDT virtualization) design for some specific usage models. I'm going to talk a little bit about this idea.