Fig. 3From: Using IM-Visor to stop untrusted IME apps from stealing sensitive keystrokesThe work flow of a post-IME defense namely I-BOX. It always checks if a rollback is needed after the IME has already processed keystrokes. And the salient feature of the post-IME nature is that sensitive keystrokes appear in the dynamically allocated memory of an IME app at least onceBack to article page