Process Doppelgänging

This is my implementation of the technique presented by enSilo:
https://www.youtube.com/watch?v=Cch8dvp836w

Characteristics:

Payload mapped as MEM_IMAGE (unnamed: not linked to any file)
Sections mapped with original access rights (no RWX)
Payload connected to PEB as the main module
Remote injection supported (but only into a newly created process)
Process is created from an unnamed module (GetProcessImageFileName returns empty string)

WARNING:
The 32bit version works on 32bit system only.

Name		Name	Last commit message	Last commit date
Latest commit History 33 Commits
.appveyor.yml		.appveyor.yml
CMakeLists.txt		CMakeLists.txt
README.md		README.md
main.cpp		main.cpp
ntddk.h		ntddk.h
ntdll_types.h		ntdll_types.h
ntdll_undoc.cpp		ntdll_undoc.cpp
ntdll_undoc.h		ntdll_undoc.h
pe_hdrs_helper.cpp		pe_hdrs_helper.cpp
pe_hdrs_helper.h		pe_hdrs_helper.h
process_env.cpp		process_env.cpp
process_env.h		process_env.h
util.cpp		util.cpp
util.h		util.h