From dfe22d54f8b34bc2c2518a724d753a6fdd22c4ae Mon Sep 17 00:00:00 2001
From: _xeroxz <xerox@back.engineering>
Date: Mon, 8 Mar 2021 20:08:24 +0000
Subject: [PATCH] Update README.md

---
 README.md | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

diff --git a/README.md b/README.md
index f057310..100aa6d 100644
--- a/README.md
+++ b/README.md
@@ -639,6 +639,60 @@ ffff998b`c5369e74 ff2500000000    jmp     qword ptr [ffff998b`c5369e7a]
 
 As you can see above, this is what Theo generates for JCC's. Also note that this clang compiler does not generate RIP relative LEA's or CALL's. The only RIP relative stuff Theo deals with are JCC's.
 
+The instructions for `LoopDemo` now look like this in memory:
+
+```
+ffff998b`c5369da0 4883ec28        sub     rsp,28h
+ffff998b`c5369da4 ff2500000000    jmp     qword ptr [ffff998b`c5369daa]
+
+...
+
+ffff998b`c5369de0 c74424......    mov     dword ptr [rsp+24h],0
+ffff998b`c5369de8 ff2500000000    jmp     qword ptr [ffff998b`c5369dee]
+
+...
+
+ffff998b`c5369e20 837c24240a      cmp     dword ptr [rsp+24h],0Ah
+ffff998b`c5369e25 ff2500000000    jmp     qword ptr [ffff998b`c5369e2b]
+
+...
+
+ffff998b`c5369e60 0f830e000000    jae     ffff998b`c5369e74
+ffff998b`c5369e66 ff2500000000    jmp     qword ptr [ffff998b`c5369e6c]
+ffff998b`c5369e74 ff2500000000    jmp     qword ptr [ffff998b`c5369e7a]
+
+...
+
+ffff998b`c5369eb0 8b542424        mov     edx,dword ptr [rsp+24h]
+ffff998b`c5369eb4 ff2500000000    jmp     qword ptr [ffff998b`c5369eba]
+
+...
+
+ffff998b`c5369ef0 48b9........    mov rcx,0FFFF998BC5364FA0h ; "> Loop Demo: %d\n"
+ffff998b`c5369efa ff2500000000    jmp     qword ptr [ffff998b`c5369f00]
+
+...
+
+ffff998b`c5369f30 48b8........    mov rax,offset nt!DbgPrint (fffff803`6a750f60)
+ffff998b`c5369f3a ff2500000000    jmp     qword ptr [ffff998b`c5369f40]
+
+...
+
+ffff998b`c5369f70 ffd0            call    rax
+ffff998b`c5369f72 ff2500000000    jmp     qword ptr [ffff998b`c5369f78]
+
+...
+
+ffff998b`c5369fa0 8b442424        mov     eax,dword ptr [rsp+24h]
+ffff998b`c5369fa4 ff2500000000    jmp     qword ptr [ffff998b`c5369faa]
+
+...
+
+
+ffff998b`c5368ba0 83c001          add     eax,1
+ffff998b`c5368ba3 ff2500000000    jmp     qword ptr [ffff998b`c5368ba9]
+```
+
 ### Usermode Example
 
 # License - BSD 3-Clause