Update README.md

README.md

@@ -307,6 +307,56 @@ lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
 lpValueName: DisableRealtimeMonitoring
 ```
 
+### Dumping VTable Calls
+```
+[Control Table] 0x495b78
+[Control Table] 0x493658
+[Control Table] 0x4932f8
+[Control Table] 0x494e1c
+[Control Table] 0x4949e4
+[Control Table] 0x4965e0
+[Control Table] 0x496088
+[Control Table] 0x4951c4
+[Control Table] 0x4960d0
+[Control Table] 0x49463c
+[Control Table] 0x493808
+[Control Table] 0x493850
+[Control Table] 0x494ed0
+[Control Table] 0x49382c
+[Control Table] 0x49532c
+[Control Table] 0x493874
+[Control Table] 0x493898
+[Control Table] 0x4931fc
+[Control Table] 0x4931b4
+[Control Table] 0x495500
+[Control Table] 0x495cbc
+[Control Table] 0x495ce0
+[Control Table] 0x4958cc
+[Control Table] 0x494a74
+[Control Table] 0x495c08
+[Control Table] 0x494cfc
+[Control Table] 0x493c40
+[Control Table] 0x493e5c
+[Control Table] 0x493ea4
+[Control Table] 0x493b8c
+[Control Table] 0x495b0c
+[Control Table] 0x495c2c
+[Control Table] 0x493f7c
+[Control Table] 0x4930dc
+[Control Table] 0x493fe8
+[Control Table] 0x494c00
+[Control Table] 0x495644
+[Control Table] 0x495428
+[Control Table] 0x496430
+[Control Table] 0x4963e8
+[Control Table] 0x4954b8
+[Control Table] 0x4945d0
+[Control Table] 0x496040
+[Control Table] 0x4960ac
+[Control Table] 0x494a50
+[Control Table] 0x495be4
+```
+
 To enable the AV, we just do the opposite of what we needed to disable the AV.
 
 ## Windows Tamper Protection