From 9f3fcf38db5379e35e003403ec480c29f656b83a Mon Sep 17 00:00:00 2001
From: xerox <xerox@back.engineering>
Date: Mon, 17 Aug 2020 22:50:49 +0000
Subject: [PATCH] Update README.md

---
 README.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/README.md b/README.md
index 9305d2a..4e025d1 100644
--- a/README.md
+++ b/README.md
@@ -27,6 +27,16 @@ this in my runtime logs of `BEDaisy`.
 01450804	126.99663544	[GoodEye]     - SystemBuffer: 0xFFFFB78765A0ECC0
 ```
 
+# limitations
+
+- you cannot read/write kernel addresses 
+- you cannot write to readonly memory with this
+- the `PULONG NumberOfBytesRead` pointer cannot be a kernel address (sorry tried lol)
+- you cannot read/write to the process being protected by battleye
+- bedaisy has to be loaded for this to work
+- you must be inside of lsass.exe
+- lsass.exe cannot be a protected process. (some systems protect lsass.exe)
+
 # lsass.exe/csrss.exe
 
 This section will go into detail about what exactly is going on here. csrss.exe/lsass.exe have handles to all processes and since battleye strips the R/W access of the handle that these processes have