From ef9b42aca91b92f8b6e473103cf01c2ee1fdac5a Mon Sep 17 00:00:00 2001
From: Thomas M <44269971+thomasxm@users.noreply.github.com>
Date: Sun, 14 Jul 2024 19:47:04 +0100
Subject: [PATCH] Update README.md

---
 README.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/README.md b/README.md
index 6b61d7e..81ea275 100644
--- a/README.md
+++ b/README.md
@@ -300,6 +300,15 @@ I intend to name this memory guard “Sifu memory guard” to pay tribute to the
 5. `ntdll!RtlUserThreadStart`
 6. `kernel32!BaseThreadInitThunk`
 
+### Resume Thread API Call Sequence
+1. `kernel32!ResumeThread`
+2. `kernelbase!ResumeThread`
+3. `ntdll!NtResumeThread`
+4. `ntdll!NtContinue`
+5. `ntdll!RtlUserThreadStart`
+6. `kernel32!BaseThreadInitThunk`
+
+
 ### AV Inspection Points
 
 - Some AVs inspect `NtSetContextThread`,  `NtCreateThreadEx`, `CreateThread` and `RtlUserThreadStart`.