diff --git a/README.md b/README.md
new file mode 100644
index 0000000..ec93f7d
--- /dev/null
+++ b/README.md
@@ -0,0 +1,28 @@
+## Overview
+
+Endfield does **not** load IL2CPP metadata from `global-metadata.dat` in the standard Unity way.
+
+Instead, it uses a **runtime reconstruction pipeline** designed to defeat static and file-based dumpers.
+
+## How It Works
+
+- A **decoy `global-metadata.dat`** is opened via `CreateFile`, but its contents are discarded.
+- The **real metadata is hidden** either:
+  - as an embedded resource inside `GameAssembly.dll`, or
+  - as an encrypted slice inside a large game archive.
+- A large buffer is allocated using `VirtualAlloc`.
+- Encrypted bytes are **decrypted / generated at runtime** into this buffer.
+- The engine’s metadata pointer (`s_GlobalMetadata`) is **manually assigned** to this buffer, bypassing Unity’s normal file loader.
+- The buffer is finalized with `VirtualProtect` to prevent modification.
+
+## Result
+
+- No usable metadata exists on disk.
+- Static extraction fails by design.
+- The only correct metadata exists **only in memory after initialization**.
+
+## Why a Runtime Dumper
+
+This project locates that runtime buffer, verifies it via the IL2CPP magic header, and dumps the fully reconstructed metadata.
+
+We’re switching to a **runtime dumper** instead, because it’s simpler, more reliable, and honestly because I’m too lazy to hunt down where the encrypted metadata is embedded.