diff --git a/src/analyzer/main.cpp b/src/analyzer/main.cpp
index 5739b501..5f8814b8 100644
--- a/src/analyzer/main.cpp
+++ b/src/analyzer/main.cpp
@@ -317,7 +317,7 @@ namespace
         {
             for (const auto& section : exe.sections)
             {
-                if ((section.region.permissions & memory_permission::exec) != memory_permission::exec)
+                if ((section.region.permissions.common & memory_permission::exec) != memory_permission::exec)
                 {
                     continue;
                 }
diff --git a/src/emulator/memory_region.hpp b/src/emulator/memory_region.hpp
index cdf25ce9..51324467 100644
--- a/src/emulator/memory_region.hpp
+++ b/src/emulator/memory_region.hpp
@@ -1,12 +1,12 @@
 #pragma once
-#include "memory_permission.hpp"
+#include "windows-emulator/memory_permission_ext.hpp"
 #include <cstddef>
 
 struct basic_memory_region
 {
     uint64_t start{};
     size_t length{}; // uint64_t?
-    memory_permission permissions{};
+    nt_memory_permission permissions{};
 };
 
 struct memory_region : basic_memory_region
diff --git a/src/windows-emulator/windows_emulator.cpp b/src/windows-emulator/windows_emulator.cpp
index 44175c43..8ee4b066 100644
--- a/src/windows-emulator/windows_emulator.cpp
+++ b/src/windows-emulator/windows_emulator.cpp
@@ -11,6 +11,7 @@
 #include "apiset/apiset.hpp"
 
 #include "network/static_socket_factory.hpp"
+#include "windows-emulator/memory_permission_ext.hpp"
 
 constexpr auto MAX_INSTRUCTIONS_PER_TIME_SLICE = 0x20000;
 
@@ -499,8 +500,19 @@ void windows_emulator::setup_hooks()
 
     this->emu().hook_memory_violation([&](const uint64_t address, const size_t size, const memory_operation operation,
                                           const memory_violation_type type) {
-        this->callbacks.on_memory_violate(address, size, operation, type);
-        dispatch_access_violation(this->emu(), this->process, address, operation);
+        auto region = this->memory.get_region_info(address);
+        if (region.permissions.is_guarded())
+        {
+            // Unset the GUARD_PAGE flag and dispatch a STATUS_GUARD_PAGE_VIOLATION  
+            this->memory.protect_memory(region.allocation_base, region.length, region.permissions & ~memory_permission_ext::guard);
+            dispatch_guard_page_violation(this->emu(), this->process, address, operation);
+        }
+        else
+        {
+            this->callbacks.on_memory_violate(address, size, operation, type);
+            dispatch_access_violation(this->emu(), this->process, address, operation);
+        }
+        
         return memory_violation_continuation::resume;
     });