diff --git a/DuckMemoryScan/main.cpp b/DuckMemoryScan/main.cpp
index c07a5ff..37eaa1c 100644
--- a/DuckMemoryScan/main.cpp
+++ b/DuckMemoryScan/main.cpp
@@ -232,7 +232,7 @@ void ThreadStackWalk() {
 		CloseHandle(hThreadSnap);
 	}
 }
-void WalkProcessMoudle(DWORD pID,HANDLE pHandle,WCHAR* pMoudleName) {
+void WalkProcessMoudle(DWORD pID,HANDLE pHandle,WCHAR* pMoudleName,BOOL pCheckMoudle) {
 
 	MODULEENTRY32 moduleEntry;
 	HANDLE handle = NULL;
@@ -246,6 +246,13 @@ void WalkProcessMoudle(DWORD pID,HANDLE pHandle,WCHAR* pMoudleName) {
 			return;
 		}
 		do {
+			if (pCheckMoudle) {
+				CdigitalSig DigitalSig(moduleEntry.szExePath);
+				DWORD dDigitalState = DigitalSig.GetDigitalState();
+				if (dDigitalState != DIGITAL_SIGSTATE_VALID) {
+					printf("\t => [Ä£¿éÉ¨Ãè] ¼ì²âµ½¿ÉÒÉÄ£¿é(Ò²ÐíÊÇÎó±¨) Â·¾¶ %ws ½ø³ÌÃû×Ö %ws pid %d \n", moduleEntry.szExePath, pMoudleName, pID);
+				}
+			}
 			DWORD64 ReadNum = 0;
 			if (ReadProcessMemory(pHandle, moduleEntry.modBaseAddr, AllocBuff, 0x200, &ReadNum)) {
 				if (AllocBuff[0] == 'M' && AllocBuff[1] == 'Z') {
@@ -286,7 +293,6 @@ void ProcessStackWalk() {
 		//´òÓ¡½ø³ÌÃûºÍ½ø³ÌID
 		HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, pe32.th32ProcessID);
 		if (hProcess) {
-			WalkProcessMoudle(pe32.th32ProcessID, hProcess, pe32.szExeFile);
 			WCHAR szImagePath[MAX_PATH];
 			WCHAR pszFullPath[MAX_PATH];
 			if (GetProcessImageFileName(hProcess, szImagePath, MAX_PATH))
@@ -298,6 +304,8 @@ void ProcessStackWalk() {
 					if (dDigitalState == DIGITAL_SIGSTATE_REVOKED || dDigitalState == DIGITAL_SIGSTATE_EXPIRE) {
 						printf("\t => [½ø³ÌÉ¨Ãè] ¼ì²âµ½¿ÉÒÉÇ©Ãû½ø³Ì Â·¾¶ %ws static %d \n", pszFullPath, dDigitalState);
 					}
+					WalkProcessMoudle(pe32.th32ProcessID, hProcess, pe32.szExeFile, dDigitalState == DIGITAL_SIGSTATE_VALID);
+
 				}
 			}
 			CloseHandle(hProcess);
diff --git a/README.md b/README.md
index 6e12558..1fa544b 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,6 @@
 # DuckMemoryScan
 ä¸€ä¸ªç®€å•å¯»æ‰¾æ— æ–‡ä»¶è½åœ°åŽé—¨çš„å·¥å…·,ç”±huojièŠ±äº†1å¤©ç¼–å†™,ç¼–å†™æ—¶é—´2021-02-24
+!!!æœ¬ç¨‹åºéœ€è¦64ä½ç¼–è¯‘æ‰èƒ½å›žæº¯x64çš„ç¨‹åºå †æ ˆ,è¯·å‹¿æ‰§è¡Œ32ä½ç¼–è¯‘!!!
 
 # è¿è¡Œæˆªå›¾
 ![image](https://raw.githubusercontent.com/huoji120/DuckMemoryScan/master/%E6%BC%94%E7%A4%BA%E5%9B%BE%E7%89%87.png)
@@ -10,7 +11,7 @@
 3. å¯ç–‘è¿›ç¨‹æ£€æµ‹(ä¸»è¦é’ˆå¯¹æœ‰é€ƒé¿æ€§è´¨çš„è¿›ç¨‹[å¦‚è¿‡æœŸç­¾åä¸Žå¤šå„å¯æ‰§è¡ŒåŒºæ®µ])
 4. æ— æ–‡ä»¶è½åœ°æœ¨é©¬æ£€æµ‹(æ£€æµ‹æ‰€æœ‰å·²çŸ¥å†…å­˜åŠ è½½æœ¨é©¬)
 5. ç®€æ˜“rootkitæ£€æµ‹(æ£€æµ‹è¯ä¹¦è¿‡æœŸ/æ‹¦æˆªè¯»å–/è¯ä¹¦æ— æ•ˆçš„é©±åŠ¨)
-
+6. æ£€æµ‹å¼‚å¸¸æ¨¡å—,æ£€æµ‹ç»å¤§éƒ¨åˆ†å¦‚"iisåŠ«æŒ"çš„åŽé—¨(2021å¹´2æœˆ26æ—¥æ–°å¢ž)
 # å…æ€æœ¨é©¬æ£€æµ‹åŽŸç†:
 æ‰€æœ‰æ‰€è°“çš„å†…å­˜å…æ€åŽé—¨å¤§éƒ¨åˆ†åŸºäºŽ"VirtualAlloc"å‡½æ•°ç”³è¯·å†…å­˜ ä¹‹åŽé€šè¿‡å„ç§èŽ«åå…¶å¦™çš„xorç”šè‡³æ˜¯aesåŠ å¯†åŽ»æ··æ·†shellcodeè¾¾åˆ°"å…æ€"æ•ˆæžœ.
 æœ¬å·¥å…·é€šè¿‡çº¿ç¨‹å †æ ˆå›žæº¯æ–¹æ³•(StackWalkExå‡½æ•°)éåŽ†çº¿ç¨‹,å¯»æ‰¾ç³»ç»Ÿä¸­åœ¨VirtualAllocåŒºåŸŸæ‰§è¡Œä»£ç çš„åŒºåŸŸ,ä»Žè€Œæªå‡º"å…æ€æœ¨é©¬"
@@ -23,6 +24,9 @@
 2. çº¿ç¨‹æŒ‡å‘ä¸€ä¸ªNOIMAGEå†…å­˜
 æœ¬å·¥å…·å°†ä¼šé€šè¿‡ç¬¬ä¸€ç§ç‰¹å¾æ£€æµ‹å‡ºæ‰€æœ‰"æ— æ–‡ä»¶è½åœ°æœ¨é©¬"
 
+# å¼‚å¸¸æ¨¡å—æ£€æµ‹åŽŸç†
+æœ¬å·¥å…·å°†ä¼šæ‰«ææ‰€æœ‰å¸¦ç­¾åç¨‹åºçš„æ¨¡å—åˆ—è¡¨å¹¶ä¸”æ£€æµ‹å…¶ä¸­æ¨¡å—æ˜¯å¦å­˜åœ¨ç­¾å,å¦‚æžœä¸å­˜åœ¨åˆ™å‘å‡ºæç¤º.æœ¬æ£€æµ‹å­˜åœ¨è¾ƒå¤šè¯¯æŠ¥,ä½†å°†ä¼šæ£€æµ‹åˆ°ç±»ä¼¼IISåŠ«æŒçš„ç‰¹æ®Šæ¨¡å—
+
 # ä½¿ç”¨æ–¹å¼
 ç¼–è¯‘ è¿è¡Œ å¾—åˆ°ä¿¡æ¯åˆ—è¡¨