From 5a71895e8a4f3f9a07d0cf1dd5f00d0f0f06079c Mon Sep 17 00:00:00 2001 From: xerox Date: Fri, 15 May 2020 23:19:26 +0000 Subject: [PATCH] Update README.md --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 3c14186..15066c2 100644 --- a/README.md +++ b/README.md @@ -35,8 +35,7 @@ auto syscall_page_offet = rva % 0x1000; ``` Now that we know that the syscalls bytes are going to be that far into the physical page we can map each physical page into our process 512 at a time (2mb) and then -check the page + page_offset and compare with the syscalls bytes. After we have the syscalls page mapped into our process we can pretty much call any function inside -of the kernel simply by installing an inline hook into that mapped page and then calling into the syscall. +check the page + page_offset and compare with the syscalls bytes. After we have the syscalls page we can install inline hooks and then call into the function.