The code shows simple usage of winappdbg. This can be implemented in other debugger in Pydbg.
Process Hollowing ,RunPE or Process Forking are more or less the same terms used for the same technique. In this method a malware creates a process in suspended mode then injects decrypted PE into the suspended process and then executes it.
There are lot of POCs for process hollowing in internet.
One of the method is as follows
more here..........http://dreamofareverseengineer.blogspot.com/2014/10/dynamic-automatic-unpacking-for.html
Process Hollowing ,RunPE or Process Forking are more or less the same terms used for the same technique. In this method a malware creates a process in suspended mode then injects decrypted PE into the suspended process and then executes it.
There are lot of POCs for process hollowing in internet.
One of the method is as follows
more here..........http://dreamofareverseengineer.blogspot.com/2014/10/dynamic-automatic-unpacking-for.html