From e55963174c5bc7ab635c1ebe02e6666c99cdb26c Mon Sep 17 00:00:00 2001 From: "Mike K." <42292967+Crypt0Fox@users.noreply.github.com> Date: Tue, 20 Jan 2026 11:20:24 +0200 Subject: [PATCH] Standardize hyphen usage in README.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replaced all instances of '—' with '-' for consistency. --- Process-Hollowing/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Process-Hollowing/README.md b/Process-Hollowing/README.md index d69de43..7567c29 100644 --- a/Process-Hollowing/README.md +++ b/Process-Hollowing/README.md @@ -1,6 +1,6 @@ # Process Hollowing -This folder demonstrates **Process Hollowing**—a sophisticated process injection technique that manipulates a suspended process's executable image in memory. +This folder demonstrates **Process Hollowing** - a sophisticated process injection technique that manipulates a suspended process's executable image in memory. **Important Disclaimer**: This code is for educational purposes only on systems you own or have explicit authorization to test. Unauthorized injection is illegal. @@ -50,7 +50,7 @@ Finding the entry point requires navigating the PE structure in memory using und ### In This Folder -The example demonstrates **entry point overwriting on cmd.exe**—suspending the process, locating its entry point through PE parsing, and replacing it with shellcode. +The example demonstrates **entry point overwriting on cmd.exe** - suspending the process, locating its entry point through PE parsing, and replacing it with shellcode. **Flow:** ``` @@ -108,7 +108,7 @@ BOOL success = CreateProcessW( ); ``` -Creates cmd.exe in a suspended state—before any of its code executes. +Creates cmd.exe in a suspended state - before any of its code executes. ### Retrieving the PEB Address @@ -145,7 +145,7 @@ BOOL readSuccess = ReadProcessMemory( ); ``` -Reads the `ImageBaseAddress` from the PEB—this is where the PE is loaded in memory. +Reads the `ImageBaseAddress` from the PEB - this is where the PE is loaded in memory. ### Reading the DOS Header