From 7761896f85e589f2028d822673ee383edf1d6a91 Mon Sep 17 00:00:00 2001
From: xerox <xerox@back.engineering>
Date: Mon, 17 Aug 2020 22:47:55 +0000
Subject: [PATCH] Update README.md

---
 README.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/README.md b/README.md
index c0fd9d5..c79a105 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,15 @@ this to read/write any other process you can open a simple handle too. `Rust`, `
 this works is two fold, firstly BattlEye assumes that the handle already has this access, secondly BattlEye only uses the handle to get the `EPROCESS` so they can call `MmCopyVirtualMemory`. You can see
 this in my runtime logs of `BEDaisy`.
 
+```
+01330160	120.06138611	[GoodEye]MmCopyVirtualMemory called from: 0xFFFFF804DEFE2D64	
+01330161	120.06138611	[GoodEye]     - SourceProcess: csrss.exe	
+01330162	120.06140137	[GoodEye]     - SourceAddress: 0x0000005A7B55E730	
+01330163	120.06140137	[GoodEye]     - TargetProcess: Discord.exe	
+01330164	120.06140137	[GoodEye]     - TargetAddress: 0x0000000009B311F8	
+01330165	120.06140137	[GoodEye]     - BufferSize: 0x0000000000000004
+```
+
 # lsass.exe/csrss.exe
 
 ```