From ab6188aece5e280887a1296a26f82f2794a1bfec Mon Sep 17 00:00:00 2001 From: Maxime Meignan Date: Wed, 8 Dec 2021 10:54:51 +0100 Subject: [PATCH] Removed a typo in README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0c39bec..eec0044 100644 --- a/README.md +++ b/README.md @@ -262,7 +262,7 @@ assembly) in order to call the corresponding OS features without actually touchi code in `ntdll.dll`, which might be monitored by the EDR. This completely bypasses any userland hooking done on syscall functions in `ntdll.dll`. -This nevertheless has some drawbacks. First, this implies been able to know the list of +This nevertheless has some drawbacks. First, this implies being able to know the list of syscall numbers of functions the program needs, which changes for each version of Windows. Also, functions that are not technically syscalls (e.g. `LoadLibraryX`/`LdrLoadDLL`) could be monitored as well, and cannot simply be