Another approach to detect malicious software is used by specification-based systems Whenever a website is accessed or email is being sent to a server via its name, one of the first actions the application performs is looking up the IP address of that server plasmatron For example if a page is accessed that has been swapped out to the page file, it is the memory manager fault handler that allocates physical memory and loads the page into it dll Static analysis gathers information about the program by investigating its source code or its binary representation To this end we extended the set of micro operations that Qemu uses to provide this functionality plasmatron before and now it is time to describe what they really are gerridaeThis allows for the reuse of a base image for multiple analysis runs