diff --git a/README.md b/README.md
new file mode 100644
index 0000000..04f6be8
--- /dev/null
+++ b/README.md
@@ -0,0 +1,8 @@
+# Etw-Syscall
+
+捕获syscall调用就如同用windows defender的接口一样
+
+具体流程
+https://key08.com/index.php/2021/10/19/1375.html
+
+代码不好看 因为是临时试验