HollowProcessInjection3 does not work with other 32-bit binaries.

[ntrischi]

• The only 32-bit binary that seems to be working is yo.shc.exe. What are the differences between yo.exe and yo.shc.exe?

[reevesrs24]

This is a great question and one that I probably should have addressed in the README. The 'ImageBaseAddress' for the third technique is not overwritten with the 'ImageBaseAddress' of the exe that is being injected into the legitimate process and therefore the Windows PE loader will not fix the relocations nor the IAT table among other things for the injected .exe. Hasherezade's tool pe_to_shellcode tool transforms an exe into shellcode which contains a stub which will load the injected PE into the memory of the legitimate process once it is executed. I am certainly not an expert by any means on this topic so my explanation may not be the greatest.