From 51bb36da70293965ce5908f95c19ad8e06b3ad50 Mon Sep 17 00:00:00 2001
From: xerox <xerox@back.engineering>
Date: Mon, 17 Aug 2020 22:15:02 +0000
Subject: [PATCH] Update README.md

---
 README.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index c0e0326..7205a6f 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,5 @@
+# i am writing this atm so come back later
+
 # badeye
 
 Its well known that battleye proxies calls to `NtReadVirtualMemory/NtWriteVirtualMemory` to their driver via DeviceIoControl in both `lsass.exe` and `csrss.exe`. Although csrss.exe
@@ -9,4 +11,8 @@ rather they use the handle to get the EPROCESS of the process that the handle is
 
 <img src="https://imgur.com/5MjFoHg.png"/>
 
-As you can see you can open any handle with any access and then pass it along to bedaisy and it will read/write for you...
\ No newline at end of file
+As you can see you can open any handle with any access and then pass it along to bedaisy and it will read/write for you...
+
+# lsass.exe/csrss.exe
+
+This section will go into detail about what exactly is going on here. csrss.exe/lsass.exe have handles to all processes 
\ No newline at end of file