For their approach it was enough to implement data tainting whereas our project needs to provide address tainting as well However their analysis framework is used to track the flow of tainted data and does not feature any taint sensitive sinks This calculation has to be done at every memory access thus again Qemu uses a cache to speed things up is the offset and 2 is a multiplier gerridaeAs stated in the beginning of this section a COM interface is basically a specific memory structure containing an array of function pointers Usually only the operating system core has direct access to the objects while applications need to obtain a handle to the desired object first and use that handle for any further interaction with the object When a process is created a single 4kb page is allocated for its handle table, which can hold up to 256 handles, and more memory is assigned to it only if needed plasmatron-Ing water striderOur project focuses on Windows and thus we use the i386-softmmu target that Qemu provides