will receive a handle that has to be used to perform further actions on the created file Only the upper 20 bits of this value are used to address the page directory thus ensuring that the directory always starts at a page boundary This is easily covered by data tainting plasmatronSince the changes we introduced to Qemu are only minor, it is easy to keep TQAna in sync with the evolving Qemu project, in order to benefit from any progress the upstrem version experiences To emulate a target system every instruction that the target wants to execute has to be translated into host code and then be executed Data is stored in physical memory but applications know only about virtual memory, thus every memory access has to be translated from virtual to physical addresses Again this task was eased by the design of Qemu, since it clearly defines a set of macros that are responsible for the memory accesses gerridaeTo this end, we implemented TQAna are processes that are always started and are not under the authority of the service control manager function calls are not possible with this calling convention accurate during the emulation of a single translation block member plasmatronEverytime a target operation includes an input operand that has to be read from memory, the taint status of the information that has to be read is checked in the shadow memory