diff --git a/README.md b/README.md
new file mode 100644
index 0000000..c18a4eb
--- /dev/null
+++ b/README.md
@@ -0,0 +1,15 @@
+simple method.
+
+__int64 NtCompareSigningLevels()
+{
+  int v0; // eax
+
+  v0 = 0;
+  if ( function_pointer )
+    v0 = ((__int64 (*)(void))function_pointer)();
+  return v0 == 0 ? 0xC0000428 : 0;
+}
+
+this loads a qword into r9 from a var.
+
+we use pdfwkrnl's memcpy vulnerable function to swap this pointer to our kernel function.