From fd961838beb09169ecc6cf02cff7f31cf1c4fa1c Mon Sep 17 00:00:00 2001
From: Charlie <64643051+Chuccle@users.noreply.github.com>
Date: Wed, 18 Mar 2026 23:22:04 +0000
Subject: [PATCH] Update README with new function details

Replaced 'KeStackAttachProcess' with 'ObOpenObjectByPointer' in the documentation.
---
 README.MD | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.MD b/README.MD
index c1f2c17..d934d01 100644
--- a/README.MD
+++ b/README.MD
@@ -125,7 +125,7 @@ constexpr ULONG BASE_ALTITUDE = 375133;
 - `ObRegisterCallbacks` - Object Manager handle interception
 - `ZwQuerySystemInformation(SystemExtendedHandleInformation)` - Handle enumeration
 - `ZwQueryVirtualMemory` - Memory region inspection
-- `KeStackAttachProcess` - Cross-process context switching
+- `ObOpenObjectByPointer` - Kernel handle from object pointer
 - `SeLocateProcessImageName` - Process name retrieval
 
 **Supported Platforms**: Windows 10+ (x64)  
@@ -133,4 +133,4 @@ constexpr ULONG BASE_ALTITUDE = 375133;
 **IRQL Requirements**: PASSIVE_LEVEL
 
 ## Special requirements
-It was required to add the /INTEGRITYCHECK option for the linker, this is because of a restriction of ObRegisterCallbacks. It will return a 0xC0000022 (STATUS_ACCESS_DENIED) if not detected as a signed image
\ No newline at end of file
+It was required to add the /INTEGRITYCHECK option for the linker, this is because of a restriction of ObRegisterCallbacks. It will return a 0xC0000022 (STATUS_ACCESS_DENIED) if not detected as a signed image