It is obvious why this behavior is very hard to predict by just analyzing the binary program data How these interfaces are defined and used is the topic of this section In doing so new problems arise and the authors are not aware of any working implementation that performs control flow tainting correctly plasmatronWhen the analysis found out that tainted data should be sent to the network the emulator was stopped and the state of the virtual system was inspected gerridae These are only the trivial possibilities of constant functions and about all one can cover by hardware level tainting The main focus of the analysis lies on Browser Helper Objects that are plug-ins that extend the functionality of the Microsoft Internet Explorer If the PTE that is calculated during the address resolution has the valid bit set it denotes that the page it refers to is actually in memory As soon as everything is in place the system service can start execution and perform whatever action it is designed to do Usually only the operating system core has direct access to the objects while applications need to obtain a handle to the desired object first and use that handle for any further interaction with the object bugBy concatenating these generic operations to build the target instructions it is possible to cover all combinations of instructions and operands with only a few hundred micro operations