Update README.md

README.md

@@ -7,12 +7,15 @@
 </figure>
 
 
-Shinigami is an experimental tool designed to detect and unpack malware implants that are injected via process hollowing or generic packer routines. The tool operates by hooking NT functions related to Process Hollowing and marking newly executable memory pages with the page guard bit. This technique allows Shinigami to detect indirect flow changes, typically caused by shellcode or unpacked code, which are often indicative of malware.
+Shinigami is an experimental tool designed to detect and unpack malware implants that are injected via process hollowing or generic packer routines. 
+
+# How this works
+The tool operates by hooking NT functions related to Process Hollowing and marking newly executable memory pages with the page guard bit. This technique allows Shinigami to detect indirect flow changes, typically caused by shellcode or unpacked code, which are often indicative of malware.
 Shinigami creates the target executable in a suspended state and injects a DLL library called "Ichigo". This library automatically hooks every necessary function to detect and extract the implant. Once the artefact is fully extracted, the tool will kill the process.
 
 Shinigami effectiveness may vary depending on the specific malware it is targeting. However, it is a valuable addition to any malware analysis toolkit and may prove useful in detecting and analyzing malware that uses process hollowing or generic packer routines.
 
-***Important: Shinigami is a dynamic unpacking tool and should not be run on your personal machine or in a static analysis lab***
+***Important: This is a dynamic unpacking tool and should not be run on your personal machine or in a static analysis lab***