values that for COM an interface is a specific memory structure containing an array of function pointers, where each array element contains the address of a function implemented by the component If the name of the file that is to be created contains tainted data this is logged aswell gerridae that are pushed onto the stack in consequence of function calls The main idea behind our tainting analysis is to have a shadow memory for every byte in the system that we deem useful for analysis So far we have covered a good part of the actions that can take place in a computer system and presented an effective taint analysis system s behavior, and via events be notified of any user interactions The common way to load a DLL is via the Win32 APIs LoadLibrary set of functions plasmatronFirst we describe the information that our analysis captures during execution of the emulated system While the lower half changes to match the different processes that are executed, the upper half always consists of the operating systems virtual memory exe process resolves the hostname to an IP address gerridaeWhile many people helped me in achieving the objectives, I would like to thank three of them specifically