diff --git a/analysis/fault-aes.json b/analysis/fault-aes.json
index db3957d..c1196ec 100644
--- a/analysis/fault-aes.json
+++ b/analysis/fault-aes.json
@@ -2,11 +2,11 @@
 	"max_instruction_count": 100 ,
 	"start" : {
 		"address" : 134220182,
-		"counter" : 0
+		"counter" : 1
 	},
 	"end" : {
 		"address" : 134220188,
-		"counter" : 2
+		"counter" : 3
 	},
 	"faults" :[	
 			[
diff --git a/controller.py b/controller.py
index da22ec3..0056f64 100644
--- a/controller.py
+++ b/controller.py
@@ -547,10 +547,19 @@ def process_arguments(args):
 
     faultlist = json.load(args.faults)
     if "start" in faultlist:
+        if faultlist["start"]["counter"] == 0:
+            print("A start counter of 0 in the fault configuration is invalid")
+            exit(1)
+
         qemu_conf["start"] = faultlist["start"]
     if "end" in faultlist:
         if type(faultlist["end"]) == dict:
             faultlist["end"] = [faultlist["end"]]
+        for endpoint in faultlist["end"]:
+            if endpoint["counter"] == 0:
+                print("An end counter of 0 in the fault configuration is invalid")
+                exit(1)
+
         qemu_conf["end"] = faultlist["end"]
 
     if "memorydump" in faultlist:
diff --git a/fault-readme.md b/fault-readme.md
index 56bf970..155fc33 100644
--- a/fault-readme.md
+++ b/fault-readme.md
@@ -46,12 +46,12 @@ To remove the start or end point, delete the respective block in fault.json (e.g
 
 ### start
 The start point is also a dictionary containing two variables. Its address and counter.
-Address defines an instruction in the kernel whose execution determines when the tracking of the plugin should start. The counter is the amount of executions of the start instruction until the plugin tracking is enabled. So if it is set to 0 it will start the execution of plugin when the instruction is reached. If it is set to 1 it will start the plugin at the second execution of start. Keep in mind that the start point is inside a translation block and is only accurate to the translation block level. Only after the translation block that contains the start address is finished, an analysis of faults is possible. Hence, it has to be taken care of that the faults are defined in subsequent translation blocks. 
+Address defines an instruction in the kernel whose execution determines when the tracking of the plugin should start. The counter is the amount of executions of the start instruction until the plugin tracking is enabled. So if it is set to 1 it will start the execution of the plugin when the instruction is first reached. If it is set to 2 it will start the plugin at the second execution of start. Keep in mind that the start point is inside a translation block and is only accurate to the translation block level. Only after the translation block that contains the start address is finished, an analysis of faults is possible. Hence, it has to be taken care of that the faults are defined in subsequent translation blocks.
 
 ### end
 End is similar to start. It defines the end point of execution. It has two variables.
 Address is the address of the end instruction. It needs to be a valid instruction address!
-Counter is the amount of executions of the end point. 0 means at the first encounter of the "end" instruction, the program is terminated. If it is 1 it is terminated at the second execution etc. The behaviour is n-1, with n being the number of executions.
+Counter is the amount of executions of the end point. 1 means at the first encounter of the "end" instruction, the program is terminated. If it is 2 it is terminated at the second execution etc.
 
 Multiple end points can be specified by defining "end" as an array.
 
diff --git a/fault.json b/fault.json
index 1e44b63..dfc745a 100644
--- a/fault.json
+++ b/fault.json
@@ -2,11 +2,11 @@
 	"max_instruction_count": 100 ,
 	"start" : {
 		"address" : 134218138,
-		"counter" : 0
+		"counter" : 1
 	},
 	"end" : {
 		"address" : 134217964,
-		"counter" : 2
+		"counter" : 3
 	},
 	"faults" :[	
 			[
diff --git a/faultplugin/faultplugin.c b/faultplugin/faultplugin.c
index f381d1c..c6ab5f5 100644
--- a/faultplugin/faultplugin.c
+++ b/faultplugin/faultplugin.c
@@ -868,7 +868,7 @@ void tb_exec_end_cb(unsigned int vcpu_index, void *vcurrent)
 	if(start_point.trignum != 3)
 	{
 		qemu_plugin_outs("[End]: CB called\n");
-		if(end_point->location.hitcounter == 0)
+		if(end_point->location.hitcounter == 1)
 		{
 			qemu_plugin_outs("[End]: Reached end point\n");
 			end_point->location.trignum = 4;
@@ -886,7 +886,7 @@ void tb_exec_end_cb(unsigned int vcpu_index, void *vcurrent)
 
 void tb_exec_start_cb(unsigned int vcpu_index, void *vcurrent)
 {
-	if(start_point.hitcounter == 0)
+	if(start_point.hitcounter == 1)
 	{
 		qemu_plugin_outs("[Start]: Start point reached");
 		start_point.trignum = 0;