From 77e0a7f23ead45ad144323f6eca7b7e5f0fd3061 Mon Sep 17 00:00:00 2001
From: Dobin Rutishauser <dobin.rutishauser@gmail.com>
Date: Sun, 22 Jun 2025 23:24:01 +0200
Subject: [PATCH] doc: reorder

---
 README.md | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 9137f01..6aad441 100644
--- a/README.md
+++ b/README.md
@@ -260,6 +260,15 @@ Located in the `data/source/decoder/*.c` directory.
 *   xor\_2: Two byte xor key, random. **Recommended**.
 
 
+### Carrier Invoke
+
+How the carrier (which will load the payload shellcode) is invoked.  
+`--carrier_invoke <carrier_invoke_name>`  
+
+*   overwrite: Overwrites the `main()` function in `.text` with the carrier
+*   backdoor: Parse main function for a few unconditional jmp's, and change last jmp to jump to the carrier shellcode, located randomly in .text. **Recommended**.
+
+
 ### Anti-Emulation
 
 `--antiemulation <anti_emulation_name>`  
@@ -296,15 +305,6 @@ the payload, as it never gets decrypted. Until they install Visual Studio 2022
 community edition. Use AD or NETLOGON (type `set` in cmd.exe to view env vars). 
 
 
-### Carrier Invoke
-
-How the carrier (which will load the payload shellcode) is invoked.  
-`--carrier_invoke <carrier_invoke_name>`  
-
-*   overwrite: Overwrites the `main()` function in `.text` with the carrier
-*   backdoor: Parse main function for a few unconditional jmp's, and change last jmp to jump to the carrier shellcode, located randomly in .text. **Recommended**.
-
-
 ### DLL as Injectable
 
 When injecting INTO a DLL, `dllMain()` will be used instead of `main()`.