With the development of hardware and virtualization technologies, modern computing architecture gradually becomes more centralized. With virtualization technology, cloud service providers can make use of hardware resources more efficiently. The hypervisor can manage the shared resource pool and ensure that the guest virtual machines (VMs) are isolated from each other while using the shared resources (so that none of them can affect each other). Therefore, more and more companies have migrated their services from physical servers to virtual machines provided by cloud service providers in order to reduce the management effort. However, service providers still need a management mechanism in the hypervisor to protect the VMs. Because of existing of the virtualization layer, a guest machine is just like a black box and the purpose of the hypervisor merely manages the resources and does not know what happened in the guest machine. Recently, more and more threats emerge on virtual machine and one of the latest threat is cross-VM side channel attack which results in side channel data leakage, such as cryptographic keys. Malicious users can make use of this attack to gain access to other guest virtual machines or hosts in an infrastructure. In this paper, we develop a management mechanism to redirect the in-guest memory to a controlled, self-defined memory space in the hypervisor by modifying the extended page table, EPT. Based on this mechanism, we propose a prototype system, ANTS to prove the feasibility of the proposed mechanism. ANTS is an efficient and effective VMI based profiling system for Windows guest machine. To develop such an efficient and effective profiling system, we have to reach the following goals: high performance (average performance degradation is about 2.32%), high transparency (hiding existence of our system) and high-level semantic information observation (human readable). In addition to the profiling system, we also provide some new ideas to make use of the proposed mechanism to implement variety of applications. For example, IT managers can use this concept to perform system hot-patching for the important services that can’t suspended. Furthermore, we also remind that such mechanism can also be used to perform malicious behaviors, such as information theft.