Working
- Create a legitimate process in suspended state.
- Retrieve thread context of this process.
- Unmap sections of the target process.
- Inject a malicious PE file from disk and over-write the sections of this process’ memory.
- Relocate if the base address of the injected PE file differs from the suspended process.
- Set new entry-point using thread context.