From acef2bb493bd3775b028321d5631e66a152c247f Mon Sep 17 00:00:00 2001
From: _xeroxz <xerox@back.engineering>
Date: Tue, 20 Oct 2020 08:03:38 +0000
Subject: [PATCH] Update README.md

---
 README.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index a2fab09..f6215fc 100644
--- a/README.md
+++ b/README.md
@@ -26,11 +26,12 @@ nasa-mapper is like every other driver mapper except the driver is not mapped in
 
 memory that is going to be executed in ring-0 in usermode?? SMEP??, well just because the memory is mapped into usermode does not mean it is usermode accessable. nasa-mapper allocates
 the driver in a runtimebroker.exe and then makes all the memory in runtimebroker.exe kernel memory & makes it executable. nasa-mapper then inserts a pml4e at index 70 into a desired
-processes thus mapping the usermode unaccessable memory into the process.
+processes pointing at the allocated driver in the runtimebroker, thus mapping the "drivers" memory into the process.
 
 ### Why?
 
-Keeping your driver out of the kernels paging tables. 
+Keeping your driver out of the kernels paging tables. Most driver mappers map a driver into a kernel pool (ExAllocatePool). Physmeme, Kdmapper, Drvmapper, all do this, its easily
+detected and easy to dump. This keeps your driver inside of your context :)
 
 # Spectre