Configuration and control data make up the best part of the registry The scheme is simplified to consist of only two indirection layers instead of three, if 4mb pages are used First the arguments are pushed onto the user mode stack of the process and by convention the EDX register must be setup to contain a pointer to the parameters on the user mode stack gerridaedll are simple wrappers that might perform some kind of sanity check on the arguments and then call the corresponding system service plasmatron status is tainted the output will be tainted as well gerridaeHere the benefit of our multi stage tainting approach is clearly visible