Virtual machine introspection (VMI) has received much attention from both academic and industrial community, and plays an important role in intrusion detection, kernel integrity protection and many other areas. However, the semantic gap has greatly limited the development of this technology. In this respect, this paper divides existing VMI technologies into four categories based on the methods of semantic reconstruction, followed by the problems and their corresponding researches. Analysis results reveal the difficulties in meeting all the requirements. The paper therefore details the relevant applied research in security based on VMI. Finally, it presents the future research directions that need in-depth study, such as VMI's security, availability and transparency.