Abstract: In this paper, the virtualization of Harvard memory architecture is implemented as a patch to the current operation system to separate the code fetch and the data operation of the rootkit code, and avoid being detecting by memory scanners to hide the attack code. The implementation of our virtualization is described in detail and its effectiveness to resist attacks and impact on the current operating system are fully analyzed. The experiment results show our approach is effective, has no side effect on the normal functions of the operation system.