add usage guide

carved4 · carved4 · commit 84856ea219a8 · 2025-06-12T03:28:50.000-04:00
diff --git a/README.md b/README.md
@@ -111,6 +111,23 @@ go build -o crypt.exe ./crypt
 go build -o stub.exe ./stub
 ```
 
+## Running
+```bash
+# after running the crypter tool and building the stub, you can pass some flags to specify how you want to run
+
+./stub.exe -sleepy # self inject with page no access delay to trip EDRs
+
+./stub.exe -ghost # self inject standard
+
+./stub.exe -phantom # inject with queueapc + page no access delay 
+
+# or 
+
+./stub.exe # with no flags to run an embedded EXE or shellcode with the default methods
+
+```
+
+
 ## Security Considerations
 
 This tool is designed for security research, penetration testing, and red team exercises. Users are responsible for ensuring compliance with applicable laws and regulations in their jurisdiction. 
diff --git a/pkg/runshellalt/runshellalt.go b/pkg/runshellalt/runshellalt.go
@@ -302,7 +302,7 @@ func GhostStack(shellcode []byte) error {
 }
 
 // PhantomAPC executes shellcode using APC injection via NtQueueApcThreadEx
-// This is absolutely MENTAL - uses Asynchronous Procedure Call injection with direct syscalls
+
 func PhantomAPC(shellcode []byte) error {
 	if len(shellcode) == 0 {
 		return fmt.Errorf("shellcode cannot be empty")

Original file line number	Diff line number	Diff line change
`@@ -302,7 +302,7 @@ func GhostStack(shellcode []byte) error {`
`302`	`302`	`}`
`303`	`303`
`304`	`304`	`// PhantomAPC executes shellcode using APC injection via NtQueueApcThreadEx`
`305`		`-// This is absolutely MENTAL - uses Asynchronous Procedure Call injection with direct syscalls`
	`305`	`+`
`306`	`306`	`func PhantomAPC(shellcode []byte) error {`
`307`	`307`	`if len(shellcode) == 0 {`
`308`	`308`	`return fmt.Errorf("shellcode cannot be empty")`