- TCHAR szDll[] = TEXT("d:\test.dll");
- STARTUPINFO si = {0};
- PROCESS_INFORMATION pi = {0};
- si.cb = sizeof(si);
- si.dwFlags = STARTF_USESHOWWINDOW;
- si.wShowWindow = SW_SHOW;
- TCHAR szCommandLine[MAX_PATH] = TEXT("C:\WINDOWS\notepad.exe");
- CreateProcess(NULL, szCommandLine, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &si, &pi);
- LPVOID Param = VirtualAllocEx(pi.hProcess, NULL, MAX_PATH, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
- WriteProcessMemory(pi.hProcess, Param, (LPVOID)szDll, _tcslen(szDll)*2+sizeof(TCHAR), NULL);
- HANDLE hThread = CreateRemoteThread(pi.hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibraryW,Param, CREATE_SUSPENDED, NULL);
- ResumeThread(pi.hThread);
- if (hThread)
- {
- ResumeThread(hThread);
- WaitForSingleObject(hThread, INFINITE);
- }
http://blog.csdn.net/zwfgdlc/article/details/8827116