// dll.cpp : Defines the initialization routines for the DLL.
// Author:秋鎮菜

#include "stdafx.h"
#include <afxdllx.h>

#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif

static AFX_EXTENSION_MODULE DllDLL = { NULL, NULL };

extern "C" int APIENTRY
DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
{
// Remove this if you use lpReserved
UNREFERENCED_PARAMETER(lpReserved);

if (dwReason == DLL_PROCESS_ATTACH)
{
   TRACE0("DLL.DLL Initializing!\n");
  
   // Extension DLL one-time initialization
   if (!AfxInitExtensionModule(DllDLL, hInstance))
    return 0;

   // Insert this DLL into the resource chain
   // NOTE: If this Extension DLL is being implicitly linked to by
   // an MFC Regular DLL (such as an ActiveX Control)
   // instead of an MFC application, then you will want to
   // remove this line from DllMain and put it in a separate
   // function exported from this Extension DLL. The Regular DLL
   // that uses this Extension DLL should then explicitly call that
   // function to initialize this Extension DLL. Otherwise,
   // the CDynLinkLibrary object will not be attached to the
   // Regular DLL's resource chain, and serious problems will
   // result.
   MessageBox(NULL, "對話框", NULL, MB_OK);
   new CDynLinkLibrary(DllDLL);
}
else if (dwReason == DLL_PROCESS_DETACH)
{
   TRACE0("DLL.DLL Terminating!\n");
   // Terminate the library before destructors are called
   AfxTermExtensionModule(DllDLL);
}
return 1;   // ok
}


// remotethread.cpp : Defines the entry point for the console application.
// Author:秋鎮菜

#include "stdafx.h"
#include "windows.h"

int main(int argc, char* argv[])
{
HWND hWnd = FindWindow("notepad", NULL);
DWORD dwId;
GetWindowThreadProcessId(hWnd, &dwId);
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwId);
if (! hProcess)
   return 0;

char sz[MAX_PATH];
GetModuleFileName(NULL, sz, MAX_PATH);
strcpy(strstr(sz,".exe"), ".dll");
strcpy(sz, "c:\\windows\\dll.dll");
void *pData = VirtualAllocEx(hProcess, 0, sizeof (sz), MEM_COMMIT, PAGE_READWRITE);
if (! pData)
   return 0;
if (! WriteProcessMemory(hProcess, pData, sz, sizeof (sz), 0))
   return 0;
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0,
   (LPTHREAD_START_ROUTINE)GetProcAddress(
   LoadLibrary("kernel32.dll"), "LoadLibraryA"), pData, 0, 0);
if (hThread == NULL)
   return 0;
printf("sssssssssssssssssssssssssssssss\r\n");
WaitForSingleObject(hThread, INFINITE);
DWORD dwModule;
GetExitCodeThread(hThread, &dwModule);
CloseHandle(hThread);
VirtualFreeEx(hProcess, pData, sizeof (sz), MEM_RELEASE);
printf("...............................\r\n");
hThread = CreateRemoteThread(hProcess, NULL, 0,
   (LPTHREAD_START_ROUTINE)GetProcAddress(
   LoadLibrary("kernel32.dll"), "FreeLibrary"), &dwModule, 0, 0);
if (hThread == NULL)
   return 0;
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
CloseHandle(hProcess);
printf(sz);
printf("\r\n");
Sleep(2000);
return 0;
}