<p>The complexity of modern applications makes binary auditing a long slow march without a significant investment in tools and techniques. BaSO4 is a new IDA plug-in that highlights the instructions responsible for processing and propagating the information stored at a given input range. Using dynamic data flow analysis based on a captured execution trace, BaSO4 can compute, for example, the instructions, memory locations, and registers used to process the string table in a Flash SWFfile. This information can be used to target manual audits and assist in reverse engineering. The analysis is computed for each byte of the tainted input and is linked to the abstract syntax of the input files.The IDA plug-in switches between various levels of abstract syntax and dynamically updates the highlighted code regions. The Tamarin VM (Adobe's open source AVM2 byte code engine) is used as a case study to illustrate the strengths and weaknesses of BaSO4.