There are many ways an adversary may hijack the flow of execution, including by manipulating how the operating system locates programs to be executed. How the operating locates libraries to be used by a program can also be intercepted. Locations where the operating system looks for programs/resources, such as file directories and in the case of Windows the Registry, could also be poisoned to include malicious payloads.