this can only happen from code that is executed in kernel space This is an important fact of our later discussion The buffer describing the contents of a packet contains tainted data this is logged with additional information, such as the protocol, or destination host and port in case of UDP we can answer the question that we have stated above The remainder of this paragraph describes how we are able to detect that a certain system service was called plasmatron to the configured DNS server at virtual address 0xffdff120 In fact the ProcessModuleInfo structure hosts three different lists of the modules in different order It is correct that tainted data is sent over the network but it is not sent on behalf of the BHO, thus only the transmission of good tainted data is reported gerridaeIn fact LoadLibraryExA simply calls LoadLibraryExW after converting the name from ASCII to Unicode The router acts as a firewall blocking all incoming connections, but with the redir options exceptions can be made gerridaeA taint source can be any part in a system that precisely defines a portion of data that we want to track through the system