The main difference between hooking calls to system services and functions in COM components lies in the fact that the function pointers of a COM interface cannot be determined a-priori We already stated that threads reside in the address space of processes and this provides all of the magic that is needed to glue threads and processes together interface as a server gerridaeIn the previous paragraph we saw that the operating system manages all relevant information about currently used objects for every process via the Object Table entry of the corresponding EPROCESS structure gerridaeSince this function is called whenever the memory access takes place, what can happen anywhere in a translation block, this was the reason why we had to change Qemu to update the instruction pointer correctly even inside translation blocks gerridaeCOM does not say anything about the implementation of the interfaces but focuses on the interfaces themselfs