From 96ddbfc406cd300570f139704133f292399371fb Mon Sep 17 00:00:00 2001
From: MB <epjblom@gmail.com>
Date: Thu, 12 Oct 2023 00:03:47 +0200
Subject: [PATCH] Update README.md

---
 README.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 3a04b14..62bee1b 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,3 @@
-# Process Hollowing
-Full Credits to: John Leitch john@autosectools.com http://www.autosectools.com
-
 ## Introduction
 Process hollowing is yet another tool in the kit of those who seek to hide the presence of a process. The idea is rather straight forward: a bootstrap application creates a seemingly innocent process in a suspended state. The legitimate image is then unmapped and replaced with the image that is to be hidden. If the preferred image base of the new image does not match that of the old image, the new image must be rebased. Once the new image is loaded in memory the EAX register of the suspended thread is set to the entry point. The process is then resumed and the entry point of the new image is executed.
 
@@ -390,3 +387,7 @@ http://msdn.microsoft.com/en-us/library/bb384887.aspx
 
 C Bit Fields
 http://msdn.microsoft.com/en-us/library/yszfawxh(v=vs.80).aspx
+
+# Process Hollowing
+Full Credits to: John Leitch john@autosectools.com http://www.autosectools.com
+