Memory areas whose taint information is changed and overlap page boundries in virtual memory need to be handled with care Allthough it seems counter intuitive at a first sight that the data is not received in the OutputBuffer after closer analysis we determined the explanation that refers to a name that describes this object While much work has been done in the field of dynamic analysis, two projects have attracted our interest specifically Our focus is set on the observation of the interference that the program performs on the underlying operating system gerridaeWhile LoadLibraryA and LoadLibraryExA expect the name of the DLL to be loaded encoded as an ASCII string, the LoadLibraryW and LoadLibrayExW expect it to be a Unicode string This is an important fact of our later discussion gerridae entry holds the size of the current handle table This address resolution happens in the CPU and is, due to the two lookup tables quite expensive For instance, the ThreadId member is accessed by task managers, and the included context information is needed by the image loader The x86 paging scheme allows the address space to be divided into 4kb or 4Mb sized pages plasmatrone