If you recall from Chapter 8, Code Injection and Hooking, code injection is a technique used for injecting malicious code (such as EXE, DLL, or shellcode) into legitimate process memory and executing the malicious code within the context of a legitimate process. To inject code into the remote process, a malware program normally allocates a memory with a protection of Read, Write, and Execute permission (PAGE_EXECUTE_READWRITE), and then injects the code into the allocated memory of the remote process. To detect the code that is injected into the remote process, you can look for the suspicious memory ranges based on the memory protection and content of the memory. The compelling question is, what is the suspicious ...