While dynamically analyzing a Windows malware dropper, you observe that it spawns svchost.exe in a suspended state, calls NtUnmapViewOfSection to remove the original executable image, writes its own PE image into the hollowed address space, fixes the thread context, and finally resumes the process. Which code-injection technique is being demonstrated?
The observed workflow-creating a legitimate process in a suspended state, unmapping its sections with NtUnmapViewOfSection, copying a malicious PE image over the now-vacant address space, rebuilding the thread context, and resuming execution-is the textbook sequence for process hollowing (often called RunPE). Reflective DLL injection loads a DLL directly from memory without touching disk and does not require unmapping an entire executable image. DLL search-order hijacking substitutes a malicious DLL that a program loads at startup; it does not involve spawning or hollowing another process. QueueUserAPC injection schedules code to run in another thread's context through an APC call rather than replacing the process image.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is process hollowing?
Open an interactive chat with Bash
What is the role of NtUnmapViewOfSection in process hollowing?
Open an interactive chat with Bash
How does process hollowing differ from reflective DLL injection?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
System Hacking Phases and Attack Techniques
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .