diff --git a/README.md b/README.md
index a11daeb..f98339d 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,9 @@ ultimately achieving arbitrary kernel-mode code execution (KMCE) via controlled
 
 ### 0x3 Usage
 
-Deploying the NeacSafe64 driver via NeacSafe64.inf and executing NeacController.exe, and it will spawn a privileged cmd process. 
+Deploying the NeacSafe64 driver via NeacSafe64.inf and executing NeacController.exe, and it will spawn a privileged cmd process. **The EPROCESS structure varies across Windows versions. Developers must  manually update hardcoded offsets in source code to match their target  environment.**
+
+![image-20250402204233318](img/image-20250402204233318.png)
 
 The demonstration payload currently uses a single `ret` instruction as shellcode, resulting in no observable system behavior. For effective vulnerability validation:
 
diff --git a/img/image-20250402204233318.png b/img/image-20250402204233318.png
new file mode 100644
index 0000000..f93ef7d
Binary files /dev/null and b/img/image-20250402204233318.png differ