The emergence of virtualization technology not only saves the cost of building servers in cloud computing but also provides a good instrumentation point for security experts to implement the profiling system. They use the virtual machine to build the secure and isolate environment for analyzing malwares. Many existing VMI systems only provide instruction or system call level execution sequence logging. But it is difficult for security experts to learn and grasp the high-level semantics of the runtime execution state of an application in guest VM. Moreover, most of the VMI systems incur huge overhead during profiling that results in low system performance. In this thesis, we proposed a novel VMI-based malware profiling system that profiles a target process running in VM with Windows API call parameters and return value to bridge the semantic gap. Our system leverages the VMI technique to implement the profiling mechanism in guest mode to avoid additional virtualization overhead (i.e., VMExit) whiling profiling. Our system also provides a clean VM with no modification and no additional driver installed to guest OS. In addition, we design a in-memory logging mechanism to reduce the overhead incurred from IO operations. The experiment results show that our system has the minimum system overhead while profiling a process in guest VM. Overall, our system achieves the properties of transparency and low performance and leverages VMI-based techniques to log the Windows API call.