Update README.md

README.md

@@ -14,26 +14,40 @@ but is removed after every syscall into NtShutdownSystem to prevent possible det
 
 In this example VDM syscalls into an inline hook placed on NtShutdownSystem to call memcpy exported from ntoskrnl.exe.
 
+#### Demo Code
 ```cpp
-	vdm::vdm_ctx vdm;	
-	const auto ntoskrnl_base = 
-		reinterpret_cast<void*>(
-			util::get_module_base("ntoskrnl.exe"));
-
-	const auto ntoskrnl_memcpy = 
-		util::get_kernel_export("ntoskrnl.exe", "memcpy");
-
-	std::printf("[+] drv_handle -> 0x%x, drv_key -> %s\n", drv_handle, drv_key.c_str());
-	std::printf("[+] %s physical address -> 0x%p\n", vdm::syscall_hook.first, vdm::syscall_address.load());
-	std::printf("[+] ntoskrnl base address -> 0x%p\n", ntoskrnl_base);
-	std::printf("[+] ntoskrnl memcpy address -> 0x%p\n", ntoskrnl_memcpy);
-
-	short mz_bytes = 0;
-	vdm.syscall<decltype(&memcpy)>(ntoskrnl_memcpy, &mz_bytes, ntoskrnl_base, sizeof mz_bytes);
-	std::printf("[+] kernel MZ -> 0x%x\n", mz_bytes);
+vdm::vdm_ctx vdm;
+const auto ntoskrnl_base =
+reinterpret_cast<void*>(
+	util::get_module_base("ntoskrnl.exe"));
+
+const auto ntoskrnl_memcpy =
+util::get_kernel_export("ntoskrnl.exe", "memcpy");
+
+std::printf("[+] drv_handle -> 0x%x, drv_key -> %s\n", drv_handle, drv_key.c_str());
+std::printf("[+] %s physical address -> 0x%p\n", vdm::syscall_hook.first, vdm::syscall_address.load());
+std::printf("[+] ntoskrnl base address -> 0x%p\n", ntoskrnl_base);
+std::printf("[+] ntoskrnl memcpy address -> 0x%p\n", ntoskrnl_memcpy);
+
+short mz_bytes = 0;
+vdm.syscall<decltype(&memcpy)>(
+	ntoskrnl_memcpy,
+	&mz_bytes,
+	ntoskrnl_base,
+	sizeof mz_bytes
+);
+std::printf("[+] kernel MZ -> 0x%x\n", mz_bytes);
 ```
 
-
+#### Demo Code Result
+```
+[+] drv_handle -> 0x70, drv_key -> frAQBc8Wsa1xVPfv
+[+] NtShutdownSystem physical address -> 0x00000000109BB3A0
+[+] ntoskrnl base address -> 0xFFFFF80075200000
+[+] ntoskrnl memcpy address -> 0xFFFFF800755F0980
+[+] kernel MZ -> 0x5a4d
+[+] press any key to close...
+```
 
 # Usage