diff --git a/README.md b/README.md
index d61db3e..9bbde1e 100644
--- a/README.md
+++ b/README.md
@@ -29,9 +29,9 @@ Thus a hook is placed on this SHA1 hash function and spoofed results are compute
 
 ### Solution, Possible Alternatives
 
-If EasyAntiCheat were to patch their own driver using `MmMapIoSpaceEx` - `PAGE_READWRITE` (for HVCI support), they could compute a SHA1 hash, then revert the changes, compute a second SHA1 hash...
+* 1.) If EasyAntiCheat were to patch their own driver using `MmMapIoSpaceEx` - `PAGE_READWRITE` (for HVCI support), they could compute a SHA1 hash, then revert the changes, compute a second SHA1 hash... If the hashes are the same, then you know someone is hooking SHA1, or hooking `READQ/DW/B` virtual instructions...
 
-If the hashes are the same, then you know someone is hooking SHA1, or hooking `READQ/DW/B` virtual instructions...
+* 2.) Map the driver into the usermode service as READONLY, this way the usermode service can just read the mapping and compute a hash... This has its own attack vectors considering it would require calling out to ntoskrnl/external code, however the idea is what matters, having multiple sources of integrity checking is ideal.
 
 ### How To Update