From e900a3026924cb867dc0ab0d520a19ab732ac317 Mon Sep 17 00:00:00 2001
From: _xeroxz <xerox@back.engineering>
Date: Mon, 8 Mar 2021 20:01:57 +0000
Subject: [PATCH] Update README.md

---
 README.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/README.md b/README.md
index 6d6f41f..f057310 100644
--- a/README.md
+++ b/README.md
@@ -631,6 +631,14 @@ As you can see, Theo uses Zydis to go over all routines marked for obfuscation a
 
 Note that in DemoDrv there is a function called "LoopDemo" which is obfuscated. Instead of the JCC instruction branching to the conditional code, it instead branches to an inline jmp. If it doesnt branch, then it simply jumps to the next instruction like normal.
 
+```
+ffff998b`c5369e60 0f830e000000    jae     ffff998b`c5369e74
+ffff998b`c5369e66 ff2500000000    jmp     qword ptr [ffff998b`c5369e6c]
+ffff998b`c5369e74 ff2500000000    jmp     qword ptr [ffff998b`c5369e7a]
+```
+
+As you can see above, this is what Theo generates for JCC's. Also note that this clang compiler does not generate RIP relative LEA's or CALL's. The only RIP relative stuff Theo deals with are JCC's.
+
 ### Usermode Example
 
 # License - BSD 3-Clause