Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
This is my implementation of the technique presented by Gabriel Landau:
https://www.elastic.co/blog/process-ghosting-a-new-executable-image-tampering-attack
MEM_IMAGE
(unnamed: not linked to any file)RWX
)GetProcessImageFileName
returns empty string)