From 4d1cc94bcceff4e3421346972cf760055ada577d Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Sun, 1 Nov 2020 23:50:07 +0000 Subject: [PATCH] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index b393529..fa586d9 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,8 @@ A library to manipulate drivers exposing a physical memory read/write primitive memory read/write, a bunch are listed in this repo. Currently the project is using gdrv.sys, and is inline hooking NtShutdownSystem. The inline hook is not patchguard friendly, but is removed after every syscall into NtShutdownSystem to prevent possible detection. +Although this is not patchguard friendly, using this to call a few kernel functions will most likely not cause any issues. This will not work on HVCI systems. + # Example In this example VDM syscalls into an inline hook placed on NtShutdownSystem to call memcpy exported from ntoskrnl.exe.