From 38823921bcc4ea7b03bdbbdcc1dd689cb2f7e724 Mon Sep 17 00:00:00 2001
From: offhub <6871698+offhub@users.noreply.github.com>
Date: Mon, 4 Dec 2023 18:31:53 +0300
Subject: [PATCH] Update CodeInjection.md

Co-Authored-By: Soccerfan <108690435+wilders-soccerfan@users.noreply.github.com>
---
 Content/CodeInjection.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Content/CodeInjection.md b/Content/CodeInjection.md
index a3f4bbb50..928591cbc 100644
--- a/Content/CodeInjection.md
+++ b/Content/CodeInjection.md
@@ -54,7 +54,7 @@ At this point the top portion of the `data->syscall_data` before the `SBIELOW_EX
 
 The function than finds the addresses of `LdrLoadDll`, `LdrGetProcedureAddress`, `NtRaiseHardError` and `RtlFindActivationContextSectionString` using a custom `FindDllExport` lookup function by parsing through the previously selected ntdll image, these addresses are stored into the `INJECT_DATA` region, then a couple values from the `SBIELOW_EXTRA_DATA` are also copied into that region, containing paths to the SbieDll.dll (both 32 and 64 bit paths), as well as the name of kernel32.dll.
 
-On 64-bit systems the function distinguishes between the native and the wow64 execution, in the latter case branching of to `InitInjectWow64`.
+On 64-bit systems the function distinguishes between the native and the wow64 execution, in the latter case branching off to `InitInjectWow64`.
 In the native case it continues with hooking the `RtlFindActivationContextSectionString` function in the ntdll.dll. 
 * An original copy of the functions begin is first saved to the `INJECT_DATA` structure 
 * The address of the structure is written into the detour function which is implemented in assembler.