Binary program analysis represents a fundamental pillar of modern system security. Fine-grained methodologies like dynamic taint analysis still suffer from deployment complexity and performance overhead despite significant progress. Traditional in-process analysis tools trigger severe \textbf{address-space conflicts} that inevitably disrupt the native memory layout of the target. These conflicts frequently cause layout-sensitive exploits and evasive malware to deviate from their intended execution paths or fail entirely. This paper introduces \textbf{HALF} as a novel framework that resolves this fundamental tension while ensuring both analysis fidelity and practical performance. HALF achieves high-fidelity address-space transparency by leveraging a kernel-assisted process hollowing mechanism. This design effectively eliminates the observation artifacts that characterize traditional instrumentation tools. We further mitigate the synchronization latency of decoupled execution by implementing an exception-driven strategy via a lightweight kernel monitor. Extensive evaluation of a Windows-based prototype demonstrates that HALF maintains superior performance compared to conventional in-process baselines. HALF also provides unique capabilities for deconstructing complex, stealthy threats where existing frameworks fail to maintain execution integrity.

翻译：二进制程序分析是现代系统安全的基石。尽管取得了显著进展，但动态污点分析等细粒度方法仍面临部署复杂性和性能开销的挑战。传统进程内分析工具会引发严重的**地址空间冲突**，这种冲突不可避免地破坏目标程序的原始内存布局。此类冲突常导致布局敏感型漏洞利用和规避性恶意软件偏离其预期执行路径或完全失效。本文提出**HALF**这一创新框架，在确保分析保真度与实际性能的同时，从根本上解决了这一核心矛盾。HALF通过内核辅助的进程空洞化机制实现高保真地址空间透明性，该设计有效消除了传统插桩工具固有的观测伪影。我们进一步通过轻量级内核监视器实现异常驱动策略，从而缓解解耦执行的同步延迟。基于Windows原型的广泛评估表明，相较于传统进程内基线方法，HALF保持了卓越的性能。在现有框架无法维持执行完整性的复杂隐蔽威胁解构场景中，HALF亦展现出独特的技术优势。