Update README.md

README.md

@@ -296,6 +296,35 @@ theo::resolve_symbol_t resolve_symbol =
 };
 ```
 
+Another example of this lambda can be viewed in the usermode examples. This routine simply loops over every single module mapped into the specific process you want to map/link with.
+
+```cpp
+theo::resolve_symbol_t _resolver =
+    [&, &extern_symbols = extern_symbols](const char* symbol_name) -> std::uintptr_t
+{
+	auto loaded_modules = std::make_unique<HMODULE[]>(64);
+	std::uintptr_t result = 0u, loaded_module_sz = 0u;
+
+	if (!EnumProcessModules(phandle,
+		loaded_modules.get(), 512, (PDWORD)&loaded_module_sz))
+		return {};
+
+	for (auto i = 0u; i < loaded_module_sz / 8u; i++)
+	{
+		wchar_t file_name[MAX_PATH] = L"";
+		if (!GetModuleFileNameExW(phandle,
+			loaded_modules.get()[i], file_name, _countof(file_name)))
+			continue;
+
+		if ((result = reinterpret_cast<std::uintptr_t>(
+			GetProcAddress(LoadLibrary(file_name), symbol_name))))
+			break;
+	}
+	
+	return result;
+};
+```
+
 # Obfuscation
 
 The usage of the word obfuscation in this project is use to define any changes made to code, this includes code flow. `obfuscation::obfuscate`, a base class, which is inherited and expanded upon by `obfuscation::mutation`, obfuscates code flow by inserting `JMP [RIP+0x0]` instructions after every single instruction. This allows for a routine to be broken up into unique allocations of memory and thus provides more canvas room for creative ideas.