If we wish to cover cases in which tainted values are used as address operators we have to extend the policy and implement address tainting The NavigateTarget taint source is used to mark the URL that is entered into the Internet Explorers address bar as tainted plasmatronThere are two possibilities to perform this check Since this function is called whenever the memory access takes place, what can happen anywhere in a translation block, this was the reason why we had to change Qemu to update the instruction pointer correctly even inside translation blocks For cirtain entities that exist in the system we have to keep some key information to produce reasonable output gerridaetechn entry holds the size of the current handle table encounters data that has associated taint information, this incident is logged together with information that is usefull to investigate the issue Only code that runs in kernel mode has access to all system memory and all CPU instructions whereas applications running in user mode only have access to a limited set of interfaces and system data and are not allowed to access hardware directly It is regarded valuable information to know the name of the executable file that caused the actions that are detected and so we keep this information too bug2 subsystems fell almost completely into oblivion