From aa97f9884ac1f993d90c11efddbe725d10bb4261 Mon Sep 17 00:00:00 2001
From: Dobin Rutishauser <dobin.rutishauser@gmail.com>
Date: Mon, 9 Jun 2025 22:14:25 +0200
Subject: [PATCH] doc: execution guardrails info

---
 README.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/README.md b/README.md
index fc56937..f28455c 100644
--- a/README.md
+++ b/README.md
@@ -152,6 +152,26 @@ To inject shellcode `messagebox.bin` into injectable `procexp64.exe` with carrie
 > C:\Users\dobin\Repos\SuperMega>.\projects\commandline\procexp64.infected.exe
 ```
 
+### Execution Guardrails 
+
+You can use the `env` execution guardrail to restriction execution where
+the environment matches your expectations. In the following example, 
+it requires the `VCINSTALLDIR` environment variable to contain 
+`Community`, which matches here. `\2022\Community\VC\`.
+
+```
+> set
+...
+VCINSTALLDIR=C:\Program Files\Microsoft Visual Studio\2022\Community\VC\
+...
+
+> python.exe supermega.py ... --guardrail env --guardrail-key VCIDEInstallDir --guardrail-value Community
+```
+
+These make middleboxes like sandboxes unable to execute and therefore detect
+the payload, as it never gets decrypted. Until they install Visual Studio 2022
+community edition. 
+
 
 ## Directories