ProcessHollowing This code uses D/Invoke to Dynamically Load Windows APIs. It is also has a XOR decryption routine to protect the shellcode against basic AV signatures.