Or in short anything that changes the existing interface in a way that any existing client might cease to work correctly with the new interface gerridaeWhile in the previous section we described how our tainting algorithm is implemented field set can be seen as a reference to a given object and objects are usually accessed via handles pointing to them, instead of accessing them directly Thus whenever the buffer that is written to a file contains tainted data this is logged too gerridaeThe parameter structure is used to pass information from callbacks that are invoked before a system service is executed to callbacks that are executed when the system service returns Worms, viruses and Trojan horses are just examples of the class of malicious software that make up a good part of these threats A detailed log file is created during the analysis that contains the monitored actions performed throughout the system, paying special attention to parameters that contain tainted data Thus whenever the buffer that is written to a file contains tainted data this is logged too To accomplish thisa disassembly routine was implemented that is invoked for every instruction that reads bad tainted data from memory gerridae illustrates this with an example