Skip to content
RunPE
Branch: master
Clone or download
Latest commit ec01027 Nov 4, 2017
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md
RunPE-ProcessHollowing.sln
RunPE-ProcessHollowing.vcxproj
main.cpp Initial Commit Nov 4, 2017
main.h

README.md

RunPE-ProcessHollowing

Process Hollowing is a technique mainly used by Malware Creators to hide malicious code behind Legitimate Process.

This technique mainly consists of following steps:-

  1. Start the remote process in Suspended State.
  2. Replace the headers and sections loaded into memory with our executable's.
  3. Change the Image Base and Start the thread with new Entry Point.
You can’t perform that action at this time.