Hollow Process / Dynamic Forking / RunPE injection technique implemented in Python 2.
A simple implementation of the well known Process Hollowing technique used by malware. The idea to create this came from the excellent book Practical malware analysis.
Warning: This is not 100% stable and reliable. Although I have had a 100% success rate on svchost.exe with a 32 bit payload.
If the payload is an protected executable it will create 0xC0000005 error (Access Violation).
Dependencies:
- Pefile: install using: pip install pefile