From ab4458ca343813d752f098401bad0943fe5cbbc7 Mon Sep 17 00:00:00 2001
From: _xeroxz <xerox@back.engineering>
Date: Mon, 8 Mar 2021 08:26:01 +0000
Subject: [PATCH] Update README.md

---
 README.md | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/README.md b/README.md
index d94db55..ed32c15 100644
--- a/README.md
+++ b/README.md
@@ -172,7 +172,49 @@ theo::memcpy_t _memcpy =
 
 ### theo::malloc_t - allocate executable memory
 
+This lambda is used to allocate executable memory. Any method will do as long as the memcpy lambda can write to the allocated memory. An MSREXEC example for this lambda is defined below.
 
+```cpp
+theo::malloc_t _kalloc = [&](std::size_t size) -> void*
+{
+	void* alloc_base;
+	msrexec.exec
+	(
+		[&](void* krnl_base, get_system_routine_t get_kroutine) -> void
+		{
+			using ex_alloc_pool_t =
+				void* (*)(std::uint32_t, std::size_t);
+
+			const auto ex_alloc_pool =
+				reinterpret_cast<ex_alloc_pool_t>(
+					get_kroutine(krnl_base, "ExAllocatePool"));
+
+			alloc_base = ex_alloc_pool(NULL, size);
+		}
+	);
+	return alloc_base;
+};
+```
+
+This lambda uses MSREXEC to allocate kernel memory via ExAllocatePool. However this is completely open ended on how you want to do it, you can allocate your memory into discarded
+sections, you can allocate your memory in another address space, etc... Its extremely modular.
+
+
+Another, yet simple, usermode example for this lambda is defined below.
+
+```cpp
+theo::malloc_t _alloc = [&](std::size_t size) -> void*
+{
+	return VirtualAllocEx
+	(
+		phandle,
+		nullptr,
+		size,
+		MEM_COMMIT | MEM_RESERVE,
+		PAGE_EXECUTE_READWRITE
+	);
+};
+```
 
 # Obfuscation