Update README.md

Sentient111 · web-flow · commit 1b6d0a61d8ce · 2022-07-18T19:06:55.000+02:00
diff --git a/README.md b/README.md
@@ -2,4 +2,11 @@
  
 If you are using vulnerable drivers this might be useful.   
 
-Basically does as the name says. You get kernel exports in this example "NtQueryInformationFile" from usermode.
+## DESCRIPTION
+Basically does as the name says. You get kernel exports in this example "NtQueryInformationFile" from usermode without reading from kernel memory.
+
+
+## HOW IT WORKS
+You can get the base addresses from kernel modules from usermode by calling NtQuerySystemInformation with the SystemModuleInformation class.
+Then you get the export address from the image on disk and translate the address.
+
