Process Dump hooks NtTerminateProcess and injects a executable region used to handle the hook. When Process Dump then dumps this process on terminate, it will find it's own executable region added for the hook and dump it as a codechunk. Ideally, we wan't to ignore Process Dump's own injections.
Process Dump hooks NtTerminateProcess and injects a executable region used to handle the hook. When Process Dump then dumps this process on terminate, it will find it's own executable region added for the hook and dump it as a codechunk. Ideally, we wan't to ignore Process Dump's own injections.