New explanation for the injection technique (alternative scanning process) and added flow diagram with full process.

docs/chapters/annex.tex

@@ -2,12 +2,10 @@
 %	ANEX
 %----------	
 
-%M-> Mentioned putting some demos and PoCs here...
 %
 
 %Including bpftool commands here to be referenced. Is it a good idea?
 
-
 \chapter* {Appendix A - Bpftool commands} \label{annex:bpftool_flags_kernel}
 \pagenumbering{gobble} % Las páginas de los anexos no se numeran
 \section*{eBPF-related kernel compilation flags} 
@@ -195,6 +193,15 @@ pop rbp  # 5D
 jmp qword ptr [rip+0x0]  # FF2500000000
 <address original syscall glibc 64bit>
 
+\end{lstlisting}
 
 
-\end{lstlisting}
+\chapter* {Appendix D - Rootkit flow diagrams} \label{annex:flow_diagrams}
+\pagenumbering{gobble} % Las páginas de los anexos no se numeran
+\section*{Library injection via GOT hijacking} \label{annexsec:lib_injection}
+\begin{figure}[htbp]
+	\centering
+	\includegraphics[width=15cm]{flow_lib_injection_compact.png}
+	\caption{Flow diagram of execution of a successful library injection.}
+	\label{fig:flow_lib_injection_compact}
+\end{figure}